From 90eac460e31f01b919d8d2da5fbead4bca242c52 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Sat, 17 Jan 2026 00:24:21 -0500 Subject: [PATCH 01/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1515) Signed-off-by: openshift-service-mesh-bot --- .devcontainer/devcontainer.json | 2 +- .github/workflows/update-deps.yaml | 2 +- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- common/.commonfiles.sha | 2 +- common/scripts/setup_env.sh | 2 +- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 6 ++-- go.sum | 12 ++++---- pkg/istioversion/versions.yaml | 18 ++++++------ ...b7e0885d2e67258600966c5df4a852c0e.tgz.etag | 1 - ...b7e0885d2e67258600966c5df4a852c0e.tgz.etag | 1 - resources/v1.30-alpha.3c9f2b4b/commit | 1 - ...b7e0885d2e67258600966c5df4a852c0e.tgz.etag | 1 - ...b7e0885d2e67258600966c5df4a852c0e.tgz.etag | 1 - ...b7e0885d2e67258600966c5df4a852c0e.tgz.etag | 1 - ...2885c4d626a548466186d8947866c1c25.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...2885c4d626a548466186d8947866c1c25.tgz.etag | 1 + resources/v1.30-alpha.bb3ecf92/commit | 1 + ...2885c4d626a548466186d8947866c1c25.tgz.etag | 1 + ...2885c4d626a548466186d8947866c1c25.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...2885c4d626a548466186d8947866c1c25.tgz.etag | 1 + 225 files changed, 102 insertions(+), 102 deletions(-) delete mode 100644 resources/v1.30-alpha.3c9f2b4b/base-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag delete mode 100644 resources/v1.30-alpha.3c9f2b4b/cni-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag delete mode 100644 resources/v1.30-alpha.3c9f2b4b/commit delete mode 100644 resources/v1.30-alpha.3c9f2b4b/gateway-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag delete mode 100644 resources/v1.30-alpha.3c9f2b4b/istiod-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag delete mode 100644 resources/v1.30-alpha.3c9f2b4b/ztunnel-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag create mode 100644 resources/v1.30-alpha.bb3ecf92/base-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/README.md (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/charts/ztunnel/values.yaml (98%) create mode 100644 resources/v1.30-alpha.bb3ecf92/cni-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag create mode 100644 resources/v1.30-alpha.bb3ecf92/commit create mode 100644 resources/v1.30-alpha.bb3ecf92/gateway-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag create mode 100644 resources/v1.30-alpha.bb3ecf92/istiod-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.3c9f2b4b => v1.30-alpha.bb3ecf92}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.bb3ecf92/ztunnel-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 75cfc16e9..26235b486 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "istio build-tools", - "image": "gcr.io/istio-testing/build-tools:master-32187b891c5e9353c42b45ab386fb5afeb2f1c6b", + "image": "gcr.io/istio-testing/build-tools:master-116bd1273dfc5d27136461597f5ff54f535f416b", "privileged": true, "remoteEnv": { "USE_GKE_GCLOUD_AUTH_PLUGIN": "True", diff --git a/.github/workflows/update-deps.yaml b/.github/workflows/update-deps.yaml index dd9f11f07..14b95abae 100644 --- a/.github/workflows/update-deps.yaml +++ b/.github/workflows/update-deps.yaml @@ -16,7 +16,7 @@ jobs: update-deps: runs-on: ubuntu-latest container: - image: gcr.io/istio-testing/build-tools:master-32187b891c5e9353c42b45ab386fb5afeb2f1c6b + image: gcr.io/istio-testing/build-tools:master-116bd1273dfc5d27136461597f5ff54f535f416b options: --entrypoint '' steps: diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index bba37288c..fa4f5df03 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c9f2b4b"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.3c9f2b4b + // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.bb3ecf92 // +kubebuilder:default=v1.28.2 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 37ea401b1..593f8c5db 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c9f2b4b"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.3c9f2b4b + // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.bb3ecf92 // +kubebuilder:default=v1.28.2 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 22dd5786c..a0936ba1b 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.3c9f2b4b. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c9f2b4b"} - // +kubebuilder:validation:Enum=v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.3c9f2b4b + // Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.bb3ecf92. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92"} + // +kubebuilder:validation:Enum=v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.bb3ecf92 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index de163c42f..d70e43bf9 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c9f2b4b"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.3c9f2b4b + // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.bb3ecf92 // +kubebuilder:default=v1.28.2 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index ccff9c73a..3193396fd 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c9f2b4b"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.3c9f2b4b + // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.bb3ecf92 // +kubebuilder:default=v1.28.2 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 3ec38db82..ac250ce73 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-01-16T05:08:12Z" + createdAt: "2026-01-17T05:06:41Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. displayName: Istio Version path: version x-descriptors: @@ -206,7 +206,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c9f2b4b + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -244,7 +244,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.3c9f2b4b. + Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.bb3ecf92. displayName: Istio Version path: version x-descriptors: @@ -267,7 +267,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c9f2b4b + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -302,7 +302,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. displayName: Istio Version path: version x-descriptors: @@ -329,7 +329,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c9f2b4b + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -385,7 +385,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. displayName: Istio Version path: version x-descriptors: @@ -412,7 +412,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c9f2b4b + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -449,7 +449,7 @@ spec: - v1.26.1 - v1.26.0 - master - - v1.30-alpha.3c9f2b4b + - v1.30-alpha.bb3ecf92 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -879,10 +879,10 @@ spec: images.v1_28_2.istiod: gcr.io/istio-release/pilot:1.28.2 images.v1_28_2.proxy: gcr.io/istio-release/proxyv2:1.28.2 images.v1_28_2.ztunnel: gcr.io/istio-release/ztunnel:1.28.2 - images.v1_30-alpha_3c9f2b4b.cni: gcr.io/istio-testing/install-cni:1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e - images.v1_30-alpha_3c9f2b4b.istiod: gcr.io/istio-testing/pilot:1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e - images.v1_30-alpha_3c9f2b4b.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e - images.v1_30-alpha_3c9f2b4b.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e + images.v1_30-alpha_bb3ecf92.cni: gcr.io/istio-testing/install-cni:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 + images.v1_30-alpha_bb3ecf92.istiod: gcr.io/istio-testing/pilot:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 + images.v1_30-alpha_bb3ecf92.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 + images.v1_30-alpha_bb3ecf92.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index a6af1c18e..6c6c56f6c 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. enum: - v1.28-latest - v1.28.2 @@ -1516,7 +1516,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.3c9f2b4b + - v1.30-alpha.bb3ecf92 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 2e3884d57..b832d769d 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10116,7 +10116,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.3c9f2b4b. + Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.bb3ecf92. enum: - v1.28.2 - v1.28.1 @@ -10158,7 +10158,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.3c9f2b4b + - v1.30-alpha.bb3ecf92 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index b3f190b3e..9c830044b 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10190,7 +10190,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. enum: - v1.28-latest - v1.28.2 @@ -10240,7 +10240,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.3c9f2b4b + - v1.30-alpha.bb3ecf92 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 107f50a26..a287bc825 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. enum: - v1.28-latest - v1.28.2 @@ -3484,7 +3484,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.3c9f2b4b + - v1.30-alpha.bb3ecf92 type: string required: - namespace @@ -6996,7 +6996,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. enum: - v1.28-latest - v1.28.2 @@ -7034,7 +7034,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.3c9f2b4b + - v1.30-alpha.bb3ecf92 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index ed57a5eab..32a45c3eb 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. enum: - v1.28-latest - v1.28.2 @@ -1516,7 +1516,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.3c9f2b4b + - v1.30-alpha.bb3ecf92 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index eb3332893..b3c158c9a 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10116,7 +10116,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.3c9f2b4b. + Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.bb3ecf92. enum: - v1.28.2 - v1.28.1 @@ -10158,7 +10158,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.3c9f2b4b + - v1.30-alpha.bb3ecf92 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 938f9df18..a5d3859f9 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10190,7 +10190,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. enum: - v1.28-latest - v1.28.2 @@ -10240,7 +10240,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.3c9f2b4b + - v1.30-alpha.bb3ecf92 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index c2eb68e5d..a68a448f2 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. enum: - v1.28-latest - v1.28.2 @@ -3484,7 +3484,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.3c9f2b4b + - v1.30-alpha.bb3ecf92 type: string required: - namespace @@ -6996,7 +6996,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. enum: - v1.28-latest - v1.28.2 @@ -7034,7 +7034,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.3c9f2b4b + - v1.30-alpha.bb3ecf92 type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index 9d625b922..a8431c0a7 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -74,10 +74,10 @@ deployment: images.v1_26_0.istiod: gcr.io/istio-release/pilot:1.26.0 images.v1_26_0.proxy: gcr.io/istio-release/proxyv2:1.26.0 images.v1_26_0.cni: gcr.io/istio-release/install-cni:1.26.0 - images.v1_30-alpha_3c9f2b4b.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e - images.v1_30-alpha_3c9f2b4b.istiod: gcr.io/istio-testing/pilot:1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e - images.v1_30-alpha_3c9f2b4b.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e - images.v1_30-alpha_3c9f2b4b.cni: gcr.io/istio-testing/install-cni:1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e + images.v1_30-alpha_bb3ecf92.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 + images.v1_30-alpha_bb3ecf92.istiod: gcr.io/istio-testing/pilot:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 + images.v1_30-alpha_bb3ecf92.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 + images.v1_30-alpha_bb3ecf92.cni: gcr.io/istio-testing/install-cni:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 revisionHistoryLimit: 10 service: port: 8443 @@ -115,7 +115,7 @@ csv: - v1.26.1 - v1.26.0 - master - - v1.30-alpha.3c9f2b4b + - v1.30-alpha.bb3ecf92 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/common/.commonfiles.sha b/common/.commonfiles.sha index 5908107c6..eb2da15e6 100644 --- a/common/.commonfiles.sha +++ b/common/.commonfiles.sha @@ -1 +1 @@ -cb566c951a14407154961684d768d40a39afec09 +c8c7da1e37326f09038fbd4d895c69259d73db8c diff --git a/common/scripts/setup_env.sh b/common/scripts/setup_env.sh index 22a0bc0e8..619fd5671 100755 --- a/common/scripts/setup_env.sh +++ b/common/scripts/setup_env.sh @@ -77,7 +77,7 @@ fi TOOLS_REGISTRY_PROVIDER=${TOOLS_REGISTRY_PROVIDER:-gcr.io} PROJECT_ID=${PROJECT_ID:-istio-testing} if [[ "${IMAGE_VERSION:-}" == "" ]]; then - IMAGE_VERSION=master-32187b891c5e9353c42b45ab386fb5afeb2f1c6b + IMAGE_VERSION=master-116bd1273dfc5d27136461597f5ff54f535f416b fi if [[ "${IMAGE_NAME:-}" == "" ]]; then IMAGE_NAME=build-tools diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 1b2085e09..6fd37f611 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.3c9f2b4b] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.bb3ecf92] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.3c9f2b4b. | | Enum: [v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.3c9f2b4b] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.bb3ecf92. | | Enum: [v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.bb3ecf92] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.3c9f2b4b] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.bb3ecf92] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3523,7 +3523,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.3c9f2b4b] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.bb3ecf92] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3689,7 +3689,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.3c9f2b4b. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.3c9f2b4b] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.bb3ecf92] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index 0858fb074..8902d1e26 100644 --- a/go.mod +++ b/go.mod @@ -24,8 +24,8 @@ require ( gomodules.xyz/jsonpatch/v2 v2.5.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 - istio.io/client-go v1.29.0-alpha.0.0.20260113153803-f382d4a138ed - istio.io/istio v0.0.0-20260116031314-3c9f2b4b7e08 + istio.io/client-go v1.29.0-alpha.0.0.20260116183715-e1c544fe5cee + istio.io/istio v0.0.0-20260116225821-bb3ecf92885c k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 @@ -169,7 +169,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - istio.io/api v1.28.0-alpha.0.0.20260113153403-e470c78d368c // indirect + istio.io/api v1.29.0-alpha.0.0.20260116183115-1e525da7e1ce // indirect k8s.io/apiserver v0.35.0 // indirect k8s.io/component-base v0.35.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect diff --git a/go.sum b/go.sum index b1023862d..cb478f400 100644 --- a/go.sum +++ b/go.sum @@ -470,12 +470,12 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= helm.sh/helm/v3 v3.18.6 h1:S/2CqcYnNfLckkHLI0VgQbxgcDaU3N4A/46E3n9wSNY= helm.sh/helm/v3 v3.18.6/go.mod h1:L/dXDR2r539oPlFP1PJqKAC1CUgqHJDLkxKpDGrWnyg= -istio.io/api v1.28.0-alpha.0.0.20260113153403-e470c78d368c h1:+JeGRNpV/FcYbppIsqjyHSKmAE/NSib4Rzba303dVuQ= -istio.io/api v1.28.0-alpha.0.0.20260113153403-e470c78d368c/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= -istio.io/client-go v1.29.0-alpha.0.0.20260113153803-f382d4a138ed h1:zzP22BRXSicWlu8k1qmtpwMFETxkOo8JvWVGRdU1u+A= -istio.io/client-go v1.29.0-alpha.0.0.20260113153803-f382d4a138ed/go.mod h1:Xer+9gDRXbQSz1uCywBw8WtZopijL/kbqbvb9k+DcbY= -istio.io/istio v0.0.0-20260116031314-3c9f2b4b7e08 h1:vU6BSoUrWdWQADyFFuVs863Pfis6gij7Aw+AEojVZgg= -istio.io/istio v0.0.0-20260116031314-3c9f2b4b7e08/go.mod h1:/VZS66zDKzgOQIf/W8h91LsvEyRS0CTs/s8gu0gOpSs= +istio.io/api v1.29.0-alpha.0.0.20260116183115-1e525da7e1ce h1:YyqDj8n9L8bZf41Y3Cgw1KH30N/EWdHSj8LK6Fd9ckI= +istio.io/api v1.29.0-alpha.0.0.20260116183115-1e525da7e1ce/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= +istio.io/client-go v1.29.0-alpha.0.0.20260116183715-e1c544fe5cee h1:PP8EpTpawoNm4+yUE/jswC0Ctz92BO1Ap1ZBO93T/6o= +istio.io/client-go v1.29.0-alpha.0.0.20260116183715-e1c544fe5cee/go.mod h1:6b7+7Y2Q561h5uuJ7nTy3cz191ACvRq2FIVqKIQMAzE= +istio.io/istio v0.0.0-20260116225821-bb3ecf92885c h1:Fhn6ascGCfeaPDik2y/oxBOZlfpALpNlZ5PhvL1C1rA= +istio.io/istio v0.0.0-20260116225821-bb3ecf92885c/go.mod h1:A4pg1KAPTADiDKHhA4occDKCzKpAnLvW4K+gBFGNyKY= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 59f3b0064..57822c973 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -258,15 +258,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.3c9f2b4b - - name: v1.30-alpha.3c9f2b4b - version: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e + ref: v1.30-alpha.bb3ecf92 + - name: v1.30-alpha.bb3ecf92 + version: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 repo: https://github.com/istio/istio branch: master - commit: 3c9f2b4b7e0885d2e67258600966c5df4a852c0e + commit: bb3ecf92885c4d626a548466186d8947866c1c25 charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e/helm/base-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e/helm/cni-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e/helm/gateway-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e/helm/istiod-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e/helm/ztunnel-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25/helm/base-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25/helm/cni-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25/helm/gateway-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25/helm/istiod-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25/helm/ztunnel-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz diff --git a/resources/v1.30-alpha.3c9f2b4b/base-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag b/resources/v1.30-alpha.3c9f2b4b/base-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag deleted file mode 100644 index 8e213d956..000000000 --- a/resources/v1.30-alpha.3c9f2b4b/base-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -678a962fc68cdf6e546f4c17534941f7 diff --git a/resources/v1.30-alpha.3c9f2b4b/cni-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag b/resources/v1.30-alpha.3c9f2b4b/cni-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag deleted file mode 100644 index 108f7a728..000000000 --- a/resources/v1.30-alpha.3c9f2b4b/cni-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -e171ee4b1abd318ada2952169dce1a71 diff --git a/resources/v1.30-alpha.3c9f2b4b/commit b/resources/v1.30-alpha.3c9f2b4b/commit deleted file mode 100644 index 785e4034b..000000000 --- a/resources/v1.30-alpha.3c9f2b4b/commit +++ /dev/null @@ -1 +0,0 @@ -3c9f2b4b7e0885d2e67258600966c5df4a852c0e diff --git a/resources/v1.30-alpha.3c9f2b4b/gateway-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag b/resources/v1.30-alpha.3c9f2b4b/gateway-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag deleted file mode 100644 index cea48486c..000000000 --- a/resources/v1.30-alpha.3c9f2b4b/gateway-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -5d30e761bd2019b31b9cc34240c805a2 diff --git a/resources/v1.30-alpha.3c9f2b4b/istiod-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag b/resources/v1.30-alpha.3c9f2b4b/istiod-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag deleted file mode 100644 index 157e2e920..000000000 --- a/resources/v1.30-alpha.3c9f2b4b/istiod-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -3cf0be89b90d090d5cb6b24d77fa9314 diff --git a/resources/v1.30-alpha.3c9f2b4b/ztunnel-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag b/resources/v1.30-alpha.3c9f2b4b/ztunnel-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag deleted file mode 100644 index 74b87636f..000000000 --- a/resources/v1.30-alpha.3c9f2b4b/ztunnel-1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -11afaf65c8085283d24ef1a610998e31 diff --git a/resources/v1.30-alpha.bb3ecf92/base-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag b/resources/v1.30-alpha.bb3ecf92/base-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag new file mode 100644 index 000000000..5b46a16b7 --- /dev/null +++ b/resources/v1.30-alpha.bb3ecf92/base-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag @@ -0,0 +1 @@ +7035cc69042942ab006a958bd97a9495 diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/Chart.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/Chart.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/Chart.yaml index 0b2d05740..a348a30ca 100644 --- a/resources/v1.30-alpha.3c9f2b4b/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.bb3ecf92/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e +appVersion: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e +version: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/README.md b/resources/v1.30-alpha.bb3ecf92/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/README.md rename to resources/v1.30-alpha.bb3ecf92/charts/base/README.md diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.bb3ecf92/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.bb3ecf92/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/base/values.yaml b/resources/v1.30-alpha.bb3ecf92/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/base/values.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/base/values.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/Chart.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/Chart.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/Chart.yaml index fee5783ba..b8d405b29 100644 --- a/resources/v1.30-alpha.3c9f2b4b/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.bb3ecf92/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e +appVersion: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e +version: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/README.md b/resources/v1.30-alpha.bb3ecf92/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/README.md rename to resources/v1.30-alpha.bb3ecf92/charts/cni/README.md diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.bb3ecf92/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.bb3ecf92/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/cni/values.yaml b/resources/v1.30-alpha.bb3ecf92/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.3c9f2b4b/charts/cni/values.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/cni/values.yaml index 775dbef56..07cc5b6c1 100644 --- a/resources/v1.30-alpha.3c9f2b4b/charts/cni/values.yaml +++ b/resources/v1.30-alpha.bb3ecf92/charts/cni/values.yaml @@ -153,7 +153,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e + tag: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/Chart.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/Chart.yaml index 54c964b40..2e02d87dd 100644 --- a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.bb3ecf92/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e +appVersion: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e +version: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/README.md b/resources/v1.30-alpha.bb3ecf92/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/README.md rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/README.md diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/values.schema.json b/resources/v1.30-alpha.bb3ecf92/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/values.schema.json rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/gateway/values.yaml b/resources/v1.30-alpha.bb3ecf92/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/gateway/values.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/Chart.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/Chart.yaml index 574caaeed..3eff5d33f 100644 --- a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.bb3ecf92/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e +appVersion: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e +version: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/README.md b/resources/v1.30-alpha.bb3ecf92/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/README.md rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/README.md diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/values.yaml b/resources/v1.30-alpha.bb3ecf92/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.3c9f2b4b/charts/istiod/values.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/istiod/values.yaml index 1f537637e..08c10ae4f 100644 --- a/resources/v1.30-alpha.3c9f2b4b/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.bb3ecf92/charts/istiod/values.yaml @@ -254,7 +254,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e + tag: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/Chart.yaml index 6c552390f..1fe008c42 100644 --- a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e +appVersion: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/values.yaml b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/revisiontags/values.yaml index 1f537637e..08c10ae4f 100644 --- a/resources/v1.30-alpha.3c9f2b4b/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/values.yaml @@ -254,7 +254,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e + tag: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/Chart.yaml index 44b7d1eff..d58665aa0 100644 --- a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e +appVersion: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e +version: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/README.md b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/README.md rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/values.yaml b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/values.yaml similarity index 98% rename from resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.bb3ecf92/charts/ztunnel/values.yaml index 29370fb5b..75fb90042 100644 --- a/resources/v1.30-alpha.3c9f2b4b/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.3c9f2b4b7e0885d2e67258600966c5df4a852c0e + tag: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.bb3ecf92/cni-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag b/resources/v1.30-alpha.bb3ecf92/cni-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag new file mode 100644 index 000000000..edb6f4a3a --- /dev/null +++ b/resources/v1.30-alpha.bb3ecf92/cni-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag @@ -0,0 +1 @@ +ed50874c0aa0fc72f77a296a5ac9285d diff --git a/resources/v1.30-alpha.bb3ecf92/commit b/resources/v1.30-alpha.bb3ecf92/commit new file mode 100644 index 000000000..6894c6547 --- /dev/null +++ b/resources/v1.30-alpha.bb3ecf92/commit @@ -0,0 +1 @@ +bb3ecf92885c4d626a548466186d8947866c1c25 diff --git a/resources/v1.30-alpha.bb3ecf92/gateway-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag b/resources/v1.30-alpha.bb3ecf92/gateway-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag new file mode 100644 index 000000000..3c4b6d911 --- /dev/null +++ b/resources/v1.30-alpha.bb3ecf92/gateway-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag @@ -0,0 +1 @@ +ffb669bafd0f37c95a835b92e5d3e637 diff --git a/resources/v1.30-alpha.bb3ecf92/istiod-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag b/resources/v1.30-alpha.bb3ecf92/istiod-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag new file mode 100644 index 000000000..5c200736b --- /dev/null +++ b/resources/v1.30-alpha.bb3ecf92/istiod-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag @@ -0,0 +1 @@ +ef23a4ffa98f432480639251f9142bd5 diff --git a/resources/v1.30-alpha.3c9f2b4b/profiles/ambient.yaml b/resources/v1.30-alpha.bb3ecf92/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/profiles/ambient.yaml rename to resources/v1.30-alpha.bb3ecf92/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/profiles/default.yaml b/resources/v1.30-alpha.bb3ecf92/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/profiles/default.yaml rename to resources/v1.30-alpha.bb3ecf92/profiles/default.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/profiles/demo.yaml b/resources/v1.30-alpha.bb3ecf92/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/profiles/demo.yaml rename to resources/v1.30-alpha.bb3ecf92/profiles/demo.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/profiles/empty.yaml b/resources/v1.30-alpha.bb3ecf92/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/profiles/empty.yaml rename to resources/v1.30-alpha.bb3ecf92/profiles/empty.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.bb3ecf92/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.bb3ecf92/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/profiles/openshift.yaml b/resources/v1.30-alpha.bb3ecf92/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/profiles/openshift.yaml rename to resources/v1.30-alpha.bb3ecf92/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/profiles/preview.yaml b/resources/v1.30-alpha.bb3ecf92/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/profiles/preview.yaml rename to resources/v1.30-alpha.bb3ecf92/profiles/preview.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/profiles/remote.yaml b/resources/v1.30-alpha.bb3ecf92/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/profiles/remote.yaml rename to resources/v1.30-alpha.bb3ecf92/profiles/remote.yaml diff --git a/resources/v1.30-alpha.3c9f2b4b/profiles/stable.yaml b/resources/v1.30-alpha.bb3ecf92/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.3c9f2b4b/profiles/stable.yaml rename to resources/v1.30-alpha.bb3ecf92/profiles/stable.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/ztunnel-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag b/resources/v1.30-alpha.bb3ecf92/ztunnel-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag new file mode 100644 index 000000000..5001b5c5f --- /dev/null +++ b/resources/v1.30-alpha.bb3ecf92/ztunnel-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag @@ -0,0 +1 @@ +4127c518c5dd7824ef5dc7da7ff5c6ac From 407308a1da6fc99fc6e496e5093df201fe11e341 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Sun, 18 Jan 2026 00:31:47 -0500 Subject: [PATCH 02/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1516) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 2 +- go.sum | 4 +-- pkg/istioversion/versions.yaml | 18 ++++++------ ...022300d0f02adaa1be7cc33948a50a7f6.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...022300d0f02adaa1be7cc33948a50a7f6.tgz.etag | 1 + resources/v1.30-alpha.5326b280/commit | 1 + ...022300d0f02adaa1be7cc33948a50a7f6.tgz.etag | 1 + ...022300d0f02adaa1be7cc33948a50a7f6.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...022300d0f02adaa1be7cc33948a50a7f6.tgz.etag | 1 + ...2885c4d626a548466186d8947866c1c25.tgz.etag | 1 - ...2885c4d626a548466186d8947866c1c25.tgz.etag | 1 - resources/v1.30-alpha.bb3ecf92/commit | 1 - ...2885c4d626a548466186d8947866c1c25.tgz.etag | 1 - ...2885c4d626a548466186d8947866c1c25.tgz.etag | 1 - ...2885c4d626a548466186d8947866c1c25.tgz.etag | 1 - 221 files changed, 92 insertions(+), 92 deletions(-) create mode 100644 resources/v1.30-alpha.5326b280/base-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/README.md (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/charts/ztunnel/values.yaml (98%) create mode 100644 resources/v1.30-alpha.5326b280/cni-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag create mode 100644 resources/v1.30-alpha.5326b280/commit create mode 100644 resources/v1.30-alpha.5326b280/gateway-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag create mode 100644 resources/v1.30-alpha.5326b280/istiod-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.bb3ecf92 => v1.30-alpha.5326b280}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.5326b280/ztunnel-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag delete mode 100644 resources/v1.30-alpha.bb3ecf92/base-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag delete mode 100644 resources/v1.30-alpha.bb3ecf92/cni-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag delete mode 100644 resources/v1.30-alpha.bb3ecf92/commit delete mode 100644 resources/v1.30-alpha.bb3ecf92/gateway-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag delete mode 100644 resources/v1.30-alpha.bb3ecf92/istiod-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag delete mode 100644 resources/v1.30-alpha.bb3ecf92/ztunnel-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index fa4f5df03..5f4735c37 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.bb3ecf92 + // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.5326b280 // +kubebuilder:default=v1.28.2 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 593f8c5db..0121ff927 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.bb3ecf92 + // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.5326b280 // +kubebuilder:default=v1.28.2 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index a0936ba1b..5e16e6045 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.bb3ecf92. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92"} - // +kubebuilder:validation:Enum=v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.bb3ecf92 + // Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.5326b280. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280"} + // +kubebuilder:validation:Enum=v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.5326b280 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index d70e43bf9..3005f35ab 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.bb3ecf92 + // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.5326b280 // +kubebuilder:default=v1.28.2 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 3193396fd..3823e8f09 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.bb3ecf92 + // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.5326b280 // +kubebuilder:default=v1.28.2 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index ac250ce73..4f3d9cd4c 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-01-17T05:06:41Z" + createdAt: "2026-01-18T05:08:08Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. displayName: Istio Version path: version x-descriptors: @@ -206,7 +206,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -244,7 +244,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.bb3ecf92. + Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.5326b280. displayName: Istio Version path: version x-descriptors: @@ -267,7 +267,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -302,7 +302,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. displayName: Istio Version path: version x-descriptors: @@ -329,7 +329,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -385,7 +385,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. displayName: Istio Version path: version x-descriptors: @@ -412,7 +412,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.bb3ecf92 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -449,7 +449,7 @@ spec: - v1.26.1 - v1.26.0 - master - - v1.30-alpha.bb3ecf92 + - v1.30-alpha.5326b280 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -879,10 +879,10 @@ spec: images.v1_28_2.istiod: gcr.io/istio-release/pilot:1.28.2 images.v1_28_2.proxy: gcr.io/istio-release/proxyv2:1.28.2 images.v1_28_2.ztunnel: gcr.io/istio-release/ztunnel:1.28.2 - images.v1_30-alpha_bb3ecf92.cni: gcr.io/istio-testing/install-cni:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 - images.v1_30-alpha_bb3ecf92.istiod: gcr.io/istio-testing/pilot:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 - images.v1_30-alpha_bb3ecf92.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 - images.v1_30-alpha_bb3ecf92.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 + images.v1_30-alpha_5326b280.cni: gcr.io/istio-testing/install-cni:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 + images.v1_30-alpha_5326b280.istiod: gcr.io/istio-testing/pilot:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 + images.v1_30-alpha_5326b280.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 + images.v1_30-alpha_5326b280.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 6c6c56f6c..e749d51c4 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. enum: - v1.28-latest - v1.28.2 @@ -1516,7 +1516,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.bb3ecf92 + - v1.30-alpha.5326b280 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index b832d769d..c8c82b202 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10116,7 +10116,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.bb3ecf92. + Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.5326b280. enum: - v1.28.2 - v1.28.1 @@ -10158,7 +10158,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.bb3ecf92 + - v1.30-alpha.5326b280 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 9c830044b..c370e8acf 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10190,7 +10190,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. enum: - v1.28-latest - v1.28.2 @@ -10240,7 +10240,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.bb3ecf92 + - v1.30-alpha.5326b280 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index a287bc825..12ebc12bc 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. enum: - v1.28-latest - v1.28.2 @@ -3484,7 +3484,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.bb3ecf92 + - v1.30-alpha.5326b280 type: string required: - namespace @@ -6996,7 +6996,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. enum: - v1.28-latest - v1.28.2 @@ -7034,7 +7034,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.bb3ecf92 + - v1.30-alpha.5326b280 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 32a45c3eb..a7ec38af4 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. enum: - v1.28-latest - v1.28.2 @@ -1516,7 +1516,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.bb3ecf92 + - v1.30-alpha.5326b280 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index b3c158c9a..d9c6680ad 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10116,7 +10116,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.bb3ecf92. + Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.5326b280. enum: - v1.28.2 - v1.28.1 @@ -10158,7 +10158,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.bb3ecf92 + - v1.30-alpha.5326b280 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index a5d3859f9..1280491fb 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10190,7 +10190,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. enum: - v1.28-latest - v1.28.2 @@ -10240,7 +10240,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.bb3ecf92 + - v1.30-alpha.5326b280 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index a68a448f2..e8d7131a5 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. enum: - v1.28-latest - v1.28.2 @@ -3484,7 +3484,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.bb3ecf92 + - v1.30-alpha.5326b280 type: string required: - namespace @@ -6996,7 +6996,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. enum: - v1.28-latest - v1.28.2 @@ -7034,7 +7034,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.bb3ecf92 + - v1.30-alpha.5326b280 type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index a8431c0a7..dd3b53894 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -74,10 +74,10 @@ deployment: images.v1_26_0.istiod: gcr.io/istio-release/pilot:1.26.0 images.v1_26_0.proxy: gcr.io/istio-release/proxyv2:1.26.0 images.v1_26_0.cni: gcr.io/istio-release/install-cni:1.26.0 - images.v1_30-alpha_bb3ecf92.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 - images.v1_30-alpha_bb3ecf92.istiod: gcr.io/istio-testing/pilot:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 - images.v1_30-alpha_bb3ecf92.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 - images.v1_30-alpha_bb3ecf92.cni: gcr.io/istio-testing/install-cni:1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 + images.v1_30-alpha_5326b280.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 + images.v1_30-alpha_5326b280.istiod: gcr.io/istio-testing/pilot:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 + images.v1_30-alpha_5326b280.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 + images.v1_30-alpha_5326b280.cni: gcr.io/istio-testing/install-cni:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 revisionHistoryLimit: 10 service: port: 8443 @@ -115,7 +115,7 @@ csv: - v1.26.1 - v1.26.0 - master - - v1.30-alpha.bb3ecf92 + - v1.30-alpha.5326b280 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 6fd37f611..7d91f349b 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.bb3ecf92] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.5326b280] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.bb3ecf92. | | Enum: [v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.bb3ecf92] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.5326b280. | | Enum: [v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.5326b280] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.bb3ecf92] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.5326b280] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3523,7 +3523,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.bb3ecf92] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.5326b280] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3689,7 +3689,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.bb3ecf92. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.bb3ecf92] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.5326b280] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index 8902d1e26..be0eca588 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260116183715-e1c544fe5cee - istio.io/istio v0.0.0-20260116225821-bb3ecf92885c + istio.io/istio v0.0.0-20260118023548-5326b2802230 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 diff --git a/go.sum b/go.sum index cb478f400..916580a31 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260116183115-1e525da7e1ce h1:YyqDj8n9L8bZf41Y3C istio.io/api v1.29.0-alpha.0.0.20260116183115-1e525da7e1ce/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260116183715-e1c544fe5cee h1:PP8EpTpawoNm4+yUE/jswC0Ctz92BO1Ap1ZBO93T/6o= istio.io/client-go v1.29.0-alpha.0.0.20260116183715-e1c544fe5cee/go.mod h1:6b7+7Y2Q561h5uuJ7nTy3cz191ACvRq2FIVqKIQMAzE= -istio.io/istio v0.0.0-20260116225821-bb3ecf92885c h1:Fhn6ascGCfeaPDik2y/oxBOZlfpALpNlZ5PhvL1C1rA= -istio.io/istio v0.0.0-20260116225821-bb3ecf92885c/go.mod h1:A4pg1KAPTADiDKHhA4occDKCzKpAnLvW4K+gBFGNyKY= +istio.io/istio v0.0.0-20260118023548-5326b2802230 h1:0HlMQyhYsSQm1nokfH/HHIliVZDEz04uUeLMjeSTZMA= +istio.io/istio v0.0.0-20260118023548-5326b2802230/go.mod h1:/wA/VqMnvMmApHzAYH9wvgy/Mj0gV4thLwvuOxRGrAk= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 57822c973..12411670d 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -258,15 +258,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.bb3ecf92 - - name: v1.30-alpha.bb3ecf92 - version: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 + ref: v1.30-alpha.5326b280 + - name: v1.30-alpha.5326b280 + version: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 repo: https://github.com/istio/istio branch: master - commit: bb3ecf92885c4d626a548466186d8947866c1c25 + commit: 5326b28022300d0f02adaa1be7cc33948a50a7f6 charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25/helm/base-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25/helm/cni-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25/helm/gateway-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25/helm/istiod-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25/helm/ztunnel-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6/helm/base-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6/helm/cni-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6/helm/gateway-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6/helm/istiod-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6/helm/ztunnel-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz diff --git a/resources/v1.30-alpha.5326b280/base-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag b/resources/v1.30-alpha.5326b280/base-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag new file mode 100644 index 000000000..68916a87e --- /dev/null +++ b/resources/v1.30-alpha.5326b280/base-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag @@ -0,0 +1 @@ +e9c883d8bd6689aacbd9f2b7b350cba0 diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/Chart.yaml b/resources/v1.30-alpha.5326b280/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.bb3ecf92/charts/base/Chart.yaml rename to resources/v1.30-alpha.5326b280/charts/base/Chart.yaml index a348a30ca..c5e68026d 100644 --- a/resources/v1.30-alpha.bb3ecf92/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.5326b280/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 +appVersion: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 +version: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/README.md b/resources/v1.30-alpha.5326b280/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/README.md rename to resources/v1.30-alpha.5326b280/charts/base/README.md diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.5326b280/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.5326b280/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.5326b280/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.5326b280/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.5326b280/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.5326b280/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.5326b280/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.5326b280/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.5326b280/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.5326b280/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.5326b280/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.5326b280/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.5326b280/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.5326b280/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.5326b280/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.5326b280/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.5326b280/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.5326b280/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.5326b280/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.5326b280/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/base/values.yaml b/resources/v1.30-alpha.5326b280/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/base/values.yaml rename to resources/v1.30-alpha.5326b280/charts/base/values.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/Chart.yaml b/resources/v1.30-alpha.5326b280/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/Chart.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/Chart.yaml index b8d405b29..f738713a9 100644 --- a/resources/v1.30-alpha.bb3ecf92/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.5326b280/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 +appVersion: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 +version: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/README.md b/resources/v1.30-alpha.5326b280/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/README.md rename to resources/v1.30-alpha.5326b280/charts/cni/README.md diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.5326b280/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.5326b280/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.5326b280/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.5326b280/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.5326b280/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.5326b280/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.5326b280/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.5326b280/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.5326b280/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.5326b280/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.5326b280/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.5326b280/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.5326b280/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.5326b280/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.5326b280/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.5326b280/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.5326b280/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.5326b280/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.5326b280/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/cni/values.yaml b/resources/v1.30-alpha.5326b280/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.bb3ecf92/charts/cni/values.yaml rename to resources/v1.30-alpha.5326b280/charts/cni/values.yaml index 07cc5b6c1..533af71d9 100644 --- a/resources/v1.30-alpha.bb3ecf92/charts/cni/values.yaml +++ b/resources/v1.30-alpha.5326b280/charts/cni/values.yaml @@ -153,7 +153,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 + tag: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/Chart.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/Chart.yaml index 2e02d87dd..40935de0d 100644 --- a/resources/v1.30-alpha.bb3ecf92/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.5326b280/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 +appVersion: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 +version: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/README.md b/resources/v1.30-alpha.5326b280/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/README.md rename to resources/v1.30-alpha.5326b280/charts/gateway/README.md diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.5326b280/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.5326b280/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.5326b280/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.5326b280/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/values.schema.json b/resources/v1.30-alpha.5326b280/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/values.schema.json rename to resources/v1.30-alpha.5326b280/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.bb3ecf92/charts/gateway/values.yaml b/resources/v1.30-alpha.5326b280/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/gateway/values.yaml rename to resources/v1.30-alpha.5326b280/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/Chart.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/Chart.yaml index 3eff5d33f..3a0c04daa 100644 --- a/resources/v1.30-alpha.bb3ecf92/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.5326b280/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 +appVersion: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 +version: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/README.md b/resources/v1.30-alpha.5326b280/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/README.md rename to resources/v1.30-alpha.5326b280/charts/istiod/README.md diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.5326b280/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.5326b280/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/istiod/values.yaml b/resources/v1.30-alpha.5326b280/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.bb3ecf92/charts/istiod/values.yaml rename to resources/v1.30-alpha.5326b280/charts/istiod/values.yaml index 08c10ae4f..3d4180420 100644 --- a/resources/v1.30-alpha.bb3ecf92/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.5326b280/charts/istiod/values.yaml @@ -254,7 +254,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 + tag: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/Chart.yaml index 1fe008c42..20a8f4f11 100644 --- a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.5326b280/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 +appVersion: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/values.yaml b/resources/v1.30-alpha.5326b280/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.bb3ecf92/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.5326b280/charts/revisiontags/values.yaml index 08c10ae4f..3d4180420 100644 --- a/resources/v1.30-alpha.bb3ecf92/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.5326b280/charts/revisiontags/values.yaml @@ -254,7 +254,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 + tag: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/Chart.yaml index d58665aa0..ee4cf2b97 100644 --- a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.5326b280/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 +appVersion: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 +version: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/README.md b/resources/v1.30-alpha.5326b280/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/README.md rename to resources/v1.30-alpha.5326b280/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.5326b280/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.5326b280/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/values.yaml b/resources/v1.30-alpha.5326b280/charts/ztunnel/values.yaml similarity index 98% rename from resources/v1.30-alpha.bb3ecf92/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.5326b280/charts/ztunnel/values.yaml index 75fb90042..c87d55342 100644 --- a/resources/v1.30-alpha.bb3ecf92/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.5326b280/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25 + tag: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.5326b280/cni-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag b/resources/v1.30-alpha.5326b280/cni-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag new file mode 100644 index 000000000..a0e91b576 --- /dev/null +++ b/resources/v1.30-alpha.5326b280/cni-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag @@ -0,0 +1 @@ +6ba25468307c6d493451d18e77f909c5 diff --git a/resources/v1.30-alpha.5326b280/commit b/resources/v1.30-alpha.5326b280/commit new file mode 100644 index 000000000..53322a36e --- /dev/null +++ b/resources/v1.30-alpha.5326b280/commit @@ -0,0 +1 @@ +5326b28022300d0f02adaa1be7cc33948a50a7f6 diff --git a/resources/v1.30-alpha.5326b280/gateway-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag b/resources/v1.30-alpha.5326b280/gateway-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag new file mode 100644 index 000000000..049ad1766 --- /dev/null +++ b/resources/v1.30-alpha.5326b280/gateway-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag @@ -0,0 +1 @@ +03f38beb97af4937d24c0b15f4300284 diff --git a/resources/v1.30-alpha.5326b280/istiod-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag b/resources/v1.30-alpha.5326b280/istiod-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag new file mode 100644 index 000000000..56891eb17 --- /dev/null +++ b/resources/v1.30-alpha.5326b280/istiod-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag @@ -0,0 +1 @@ +aec0f79ab29f911158e201378a5acabe diff --git a/resources/v1.30-alpha.bb3ecf92/profiles/ambient.yaml b/resources/v1.30-alpha.5326b280/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/profiles/ambient.yaml rename to resources/v1.30-alpha.5326b280/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/profiles/default.yaml b/resources/v1.30-alpha.5326b280/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/profiles/default.yaml rename to resources/v1.30-alpha.5326b280/profiles/default.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/profiles/demo.yaml b/resources/v1.30-alpha.5326b280/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/profiles/demo.yaml rename to resources/v1.30-alpha.5326b280/profiles/demo.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/profiles/empty.yaml b/resources/v1.30-alpha.5326b280/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/profiles/empty.yaml rename to resources/v1.30-alpha.5326b280/profiles/empty.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.5326b280/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.5326b280/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/profiles/openshift.yaml b/resources/v1.30-alpha.5326b280/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/profiles/openshift.yaml rename to resources/v1.30-alpha.5326b280/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/profiles/preview.yaml b/resources/v1.30-alpha.5326b280/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/profiles/preview.yaml rename to resources/v1.30-alpha.5326b280/profiles/preview.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/profiles/remote.yaml b/resources/v1.30-alpha.5326b280/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/profiles/remote.yaml rename to resources/v1.30-alpha.5326b280/profiles/remote.yaml diff --git a/resources/v1.30-alpha.bb3ecf92/profiles/stable.yaml b/resources/v1.30-alpha.5326b280/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.bb3ecf92/profiles/stable.yaml rename to resources/v1.30-alpha.5326b280/profiles/stable.yaml diff --git a/resources/v1.30-alpha.5326b280/ztunnel-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag b/resources/v1.30-alpha.5326b280/ztunnel-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag new file mode 100644 index 000000000..6a7380735 --- /dev/null +++ b/resources/v1.30-alpha.5326b280/ztunnel-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag @@ -0,0 +1 @@ +46ad771a799a6e08a06a612f16b280d2 diff --git a/resources/v1.30-alpha.bb3ecf92/base-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag b/resources/v1.30-alpha.bb3ecf92/base-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag deleted file mode 100644 index 5b46a16b7..000000000 --- a/resources/v1.30-alpha.bb3ecf92/base-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -7035cc69042942ab006a958bd97a9495 diff --git a/resources/v1.30-alpha.bb3ecf92/cni-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag b/resources/v1.30-alpha.bb3ecf92/cni-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag deleted file mode 100644 index edb6f4a3a..000000000 --- a/resources/v1.30-alpha.bb3ecf92/cni-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -ed50874c0aa0fc72f77a296a5ac9285d diff --git a/resources/v1.30-alpha.bb3ecf92/commit b/resources/v1.30-alpha.bb3ecf92/commit deleted file mode 100644 index 6894c6547..000000000 --- a/resources/v1.30-alpha.bb3ecf92/commit +++ /dev/null @@ -1 +0,0 @@ -bb3ecf92885c4d626a548466186d8947866c1c25 diff --git a/resources/v1.30-alpha.bb3ecf92/gateway-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag b/resources/v1.30-alpha.bb3ecf92/gateway-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag deleted file mode 100644 index 3c4b6d911..000000000 --- a/resources/v1.30-alpha.bb3ecf92/gateway-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -ffb669bafd0f37c95a835b92e5d3e637 diff --git a/resources/v1.30-alpha.bb3ecf92/istiod-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag b/resources/v1.30-alpha.bb3ecf92/istiod-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag deleted file mode 100644 index 5c200736b..000000000 --- a/resources/v1.30-alpha.bb3ecf92/istiod-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -ef23a4ffa98f432480639251f9142bd5 diff --git a/resources/v1.30-alpha.bb3ecf92/ztunnel-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag b/resources/v1.30-alpha.bb3ecf92/ztunnel-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag deleted file mode 100644 index 5001b5c5f..000000000 --- a/resources/v1.30-alpha.bb3ecf92/ztunnel-1.30-alpha.bb3ecf92885c4d626a548466186d8947866c1c25.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -4127c518c5dd7824ef5dc7da7ff5c6ac From c1aaf0ecfedf342c810f36508f6409ba8214286c Mon Sep 17 00:00:00 2001 From: Mikhail Abramov Date: Mon, 19 Jan 2026 11:21:55 +0100 Subject: [PATCH 03/40] docs: Add Multi-Primary Multi-Network Ambient mode instructions (#1505) This commit adds documentation for deploying Istio in multi-primary multi-network ambient mode using the Sail Operator. Signed-off-by: Mikhail Abramov --- docs/deployment-models/multicluster.adoc | 366 ++++++++++++++++++++++- 1 file changed, 365 insertions(+), 1 deletion(-) diff --git a/docs/deployment-models/multicluster.adoc b/docs/deployment-models/multicluster.adoc index 0df7462b8..824cd62a5 100644 --- a/docs/deployment-models/multicluster.adoc +++ b/docs/deployment-models/multicluster.adoc @@ -17,11 +17,12 @@ link:../README.adoc[Return to Project Root] ** <> ** <> ** <> +** <> ** <> ** <> ** <> -You can use the Sail Operator and the Sail CRDs to manage a multi-cluster Istio deployment. The following instructions are adapted from the https://istio.io/latest/docs/setup/install/multicluster/[Istio multi-cluster documentation] to demonstrate how you can setup the various deployment models with Sail. Please familiarize yourself with the different https://istio.io/latest/docs/ops/deployment/deployment-models/[deployment models] before starting. +You can use the Sail Operator and the Sail CRDs to manage a multi-cluster Istio deployment. The following instructions are adapted from the https://istio.io/latest/docs/setup/install/multicluster/[Istio multi-cluster documentation] and https://istio.io/latest/docs/ambient/install/multicluster/[Istio Ambient Mode multi-cluster documentation] to demonstrate how you can setup the various deployment models with Sail. Please familiarize yourself with the different https://istio.io/latest/docs/ops/deployment/deployment-models/[deployment models] before starting. == Prerequisites @@ -516,6 +517,369 @@ kubectl delete ns istio-system --context="${CTX_CLUSTER2}" kubectl delete ns sample --context="${CTX_CLUSTER2}" ---- +== Multi-Primary - Multi-Network (Ambient Mode) + +These instructions install a https://istio.io/latest/docs/ambient/install/multicluster/multi-primary_multi-network/[ambient/multi-primary/multi-network] Istio deployment using the Sail Operator and Sail CRDs. **Before you begin**, ensure you complete the <>. + +**Note:** Istio v1.27 is the minimum supported version for this deployment model. + +. Install the Kubernetes Gateway API CRDs ++ +---- +kubectl get crd gateways.gateway.networking.k8s.io &> /dev/null || \ + kubectl apply --server-side -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.1/experimental-install.yaml +---- + +. Create `istio-cni` namespace on `cluster1` ++ +---- +kubectl get ns istio-cni --context "${CTX_CLUSTER1}" || kubectl create namespace istio-cni --context "${CTX_CLUSTER1}" +---- + +. Create an `IstioCNI` resource on `cluster1` ++ +---- +kubectl apply --context "${CTX_CLUSTER1}" -f - <>. From 6582b2f860f26fa42d071c17cb0bdea85f22b3a0 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Tue, 20 Jan 2026 00:35:17 -0500 Subject: [PATCH 04/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1520) Signed-off-by: openshift-service-mesh-bot --- Makefile.core.mk | 2 +- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 4 +-- go.sum | 8 +++--- pkg/istioversion/versions.yaml | 18 ++++++------ ...cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag | 1 + resources/v1.30-alpha.4d7a765c/commit | 1 + ...cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag | 1 + ...cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag | 1 + ...022300d0f02adaa1be7cc33948a50a7f6.tgz.etag | 1 - ...022300d0f02adaa1be7cc33948a50a7f6.tgz.etag | 1 - resources/v1.30-alpha.5326b280/commit | 1 - ...022300d0f02adaa1be7cc33948a50a7f6.tgz.etag | 1 - ...022300d0f02adaa1be7cc33948a50a7f6.tgz.etag | 1 - ...022300d0f02adaa1be7cc33948a50a7f6.tgz.etag | 1 - 222 files changed, 96 insertions(+), 96 deletions(-) create mode 100644 resources/v1.30-alpha.4d7a765c/base-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/README.md (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/charts/ztunnel/values.yaml (98%) create mode 100644 resources/v1.30-alpha.4d7a765c/cni-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag create mode 100644 resources/v1.30-alpha.4d7a765c/commit create mode 100644 resources/v1.30-alpha.4d7a765c/gateway-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag create mode 100644 resources/v1.30-alpha.4d7a765c/istiod-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.5326b280 => v1.30-alpha.4d7a765c}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.4d7a765c/ztunnel-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag delete mode 100644 resources/v1.30-alpha.5326b280/base-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag delete mode 100644 resources/v1.30-alpha.5326b280/cni-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag delete mode 100644 resources/v1.30-alpha.5326b280/commit delete mode 100644 resources/v1.30-alpha.5326b280/gateway-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag delete mode 100644 resources/v1.30-alpha.5326b280/istiod-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag delete mode 100644 resources/v1.30-alpha.5326b280/ztunnel-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag diff --git a/Makefile.core.mk b/Makefile.core.mk index 4a4858c35..5e7fce701 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -570,7 +570,7 @@ MISSPELL ?= $(LOCALBIN)/misspell OPERATOR_SDK_VERSION ?= v1.42.0 HELM_VERSION ?= v3.19.5 CONTROLLER_TOOLS_VERSION ?= v0.20.0 -CONTROLLER_RUNTIME_BRANCH ?= release-0.22 +CONTROLLER_RUNTIME_BRANCH ?= release-0.23 OPM_VERSION ?= v1.61.0 OLM_VERSION ?= v0.38.0 GITLEAKS_VERSION ?= v8.30.0 diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 5f4735c37..1cdd0817f 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.5326b280 + // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.4d7a765c // +kubebuilder:default=v1.28.2 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 0121ff927..4cc30d6a4 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.5326b280 + // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.4d7a765c // +kubebuilder:default=v1.28.2 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 5e16e6045..9f3d5da69 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.5326b280. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280"} - // +kubebuilder:validation:Enum=v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.5326b280 + // Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.4d7a765c. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c"} + // +kubebuilder:validation:Enum=v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.4d7a765c Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 3005f35ab..cbbd49655 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.5326b280 + // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.4d7a765c // +kubebuilder:default=v1.28.2 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 3823e8f09..a7aa8aa42 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.5326b280 + // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.4d7a765c // +kubebuilder:default=v1.28.2 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 4f3d9cd4c..07f1ad056 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-01-18T05:08:08Z" + createdAt: "2026-01-20T05:11:41Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. displayName: Istio Version path: version x-descriptors: @@ -206,7 +206,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -244,7 +244,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.5326b280. + Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.4d7a765c. displayName: Istio Version path: version x-descriptors: @@ -267,7 +267,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -302,7 +302,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. displayName: Istio Version path: version x-descriptors: @@ -329,7 +329,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -385,7 +385,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. displayName: Istio Version path: version x-descriptors: @@ -412,7 +412,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.5326b280 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -449,7 +449,7 @@ spec: - v1.26.1 - v1.26.0 - master - - v1.30-alpha.5326b280 + - v1.30-alpha.4d7a765c [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -879,10 +879,10 @@ spec: images.v1_28_2.istiod: gcr.io/istio-release/pilot:1.28.2 images.v1_28_2.proxy: gcr.io/istio-release/proxyv2:1.28.2 images.v1_28_2.ztunnel: gcr.io/istio-release/ztunnel:1.28.2 - images.v1_30-alpha_5326b280.cni: gcr.io/istio-testing/install-cni:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 - images.v1_30-alpha_5326b280.istiod: gcr.io/istio-testing/pilot:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 - images.v1_30-alpha_5326b280.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 - images.v1_30-alpha_5326b280.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 + images.v1_30-alpha_4d7a765c.cni: gcr.io/istio-testing/install-cni:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 + images.v1_30-alpha_4d7a765c.istiod: gcr.io/istio-testing/pilot:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 + images.v1_30-alpha_4d7a765c.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 + images.v1_30-alpha_4d7a765c.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index e749d51c4..85873f74c 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. enum: - v1.28-latest - v1.28.2 @@ -1516,7 +1516,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.5326b280 + - v1.30-alpha.4d7a765c type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index c8c82b202..da43b2398 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10116,7 +10116,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.5326b280. + Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.4d7a765c. enum: - v1.28.2 - v1.28.1 @@ -10158,7 +10158,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.5326b280 + - v1.30-alpha.4d7a765c type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index c370e8acf..0c6c89c05 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10190,7 +10190,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. enum: - v1.28-latest - v1.28.2 @@ -10240,7 +10240,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.5326b280 + - v1.30-alpha.4d7a765c type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 12ebc12bc..decd00326 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. enum: - v1.28-latest - v1.28.2 @@ -3484,7 +3484,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.5326b280 + - v1.30-alpha.4d7a765c type: string required: - namespace @@ -6996,7 +6996,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. enum: - v1.28-latest - v1.28.2 @@ -7034,7 +7034,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.5326b280 + - v1.30-alpha.4d7a765c type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index a7ec38af4..7f969621f 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. enum: - v1.28-latest - v1.28.2 @@ -1516,7 +1516,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.5326b280 + - v1.30-alpha.4d7a765c type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index d9c6680ad..3485fe64a 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10116,7 +10116,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.5326b280. + Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.4d7a765c. enum: - v1.28.2 - v1.28.1 @@ -10158,7 +10158,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.5326b280 + - v1.30-alpha.4d7a765c type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 1280491fb..7308a436c 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10190,7 +10190,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. enum: - v1.28-latest - v1.28.2 @@ -10240,7 +10240,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.5326b280 + - v1.30-alpha.4d7a765c type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index e8d7131a5..938a8605f 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. enum: - v1.28-latest - v1.28.2 @@ -3484,7 +3484,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.5326b280 + - v1.30-alpha.4d7a765c type: string required: - namespace @@ -6996,7 +6996,7 @@ spec: default: v1.28.2 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. + Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. enum: - v1.28-latest - v1.28.2 @@ -7034,7 +7034,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.5326b280 + - v1.30-alpha.4d7a765c type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index dd3b53894..33b0207da 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -74,10 +74,10 @@ deployment: images.v1_26_0.istiod: gcr.io/istio-release/pilot:1.26.0 images.v1_26_0.proxy: gcr.io/istio-release/proxyv2:1.26.0 images.v1_26_0.cni: gcr.io/istio-release/install-cni:1.26.0 - images.v1_30-alpha_5326b280.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 - images.v1_30-alpha_5326b280.istiod: gcr.io/istio-testing/pilot:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 - images.v1_30-alpha_5326b280.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 - images.v1_30-alpha_5326b280.cni: gcr.io/istio-testing/install-cni:1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 + images.v1_30-alpha_4d7a765c.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 + images.v1_30-alpha_4d7a765c.istiod: gcr.io/istio-testing/pilot:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 + images.v1_30-alpha_4d7a765c.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 + images.v1_30-alpha_4d7a765c.cni: gcr.io/istio-testing/install-cni:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 revisionHistoryLimit: 10 service: port: 8443 @@ -115,7 +115,7 @@ csv: - v1.26.1 - v1.26.0 - master - - v1.30-alpha.5326b280 + - v1.30-alpha.4d7a765c [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 7d91f349b..05dfd854e 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.5326b280] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.4d7a765c] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.5326b280. | | Enum: [v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.5326b280] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.4d7a765c. | | Enum: [v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.4d7a765c] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.5326b280] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.4d7a765c] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3523,7 +3523,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.5326b280] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.4d7a765c] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3689,7 +3689,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.5326b280. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.5326b280] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.4d7a765c] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index be0eca588..dfc940045 100644 --- a/go.mod +++ b/go.mod @@ -25,13 +25,13 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260116183715-e1c544fe5cee - istio.io/istio v0.0.0-20260118023548-5326b2802230 + istio.io/istio v0.0.0-20260120035416-4d7a765cf81a k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 k8s.io/cli-runtime v0.35.0 k8s.io/client-go v0.35.0 - sigs.k8s.io/controller-runtime v0.22.4 + sigs.k8s.io/controller-runtime v0.23.0 ) require ( diff --git a/go.sum b/go.sum index 916580a31..9ecfdc897 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260116183115-1e525da7e1ce h1:YyqDj8n9L8bZf41Y3C istio.io/api v1.29.0-alpha.0.0.20260116183115-1e525da7e1ce/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260116183715-e1c544fe5cee h1:PP8EpTpawoNm4+yUE/jswC0Ctz92BO1Ap1ZBO93T/6o= istio.io/client-go v1.29.0-alpha.0.0.20260116183715-e1c544fe5cee/go.mod h1:6b7+7Y2Q561h5uuJ7nTy3cz191ACvRq2FIVqKIQMAzE= -istio.io/istio v0.0.0-20260118023548-5326b2802230 h1:0HlMQyhYsSQm1nokfH/HHIliVZDEz04uUeLMjeSTZMA= -istio.io/istio v0.0.0-20260118023548-5326b2802230/go.mod h1:/wA/VqMnvMmApHzAYH9wvgy/Mj0gV4thLwvuOxRGrAk= +istio.io/istio v0.0.0-20260120035416-4d7a765cf81a h1:FoJeN9K/OKSiG9kudqfDu252Yu6K2awiJDJxqbuWDOY= +istio.io/istio v0.0.0-20260120035416-4d7a765cf81a/go.mod h1:XnbzpbAp+DxUmnZTybt6FVyabxSJ/5R2du3jzutRymY= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= @@ -502,8 +502,8 @@ oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.32.1 h1:Cf+ed5N8038zbsaXFO7mKQDi/+VcSRafb0jM84KX5so= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.32.1/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= -sigs.k8s.io/controller-runtime v0.22.4 h1:GEjV7KV3TY8e+tJ2LCTxUTanW4z/FmNB7l327UfMq9A= -sigs.k8s.io/controller-runtime v0.22.4/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8= +sigs.k8s.io/controller-runtime v0.23.0 h1:Ubi7klJWiwEWqDY+odSVZiFA0aDSevOCXpa38yCSYu8= +sigs.k8s.io/controller-runtime v0.23.0/go.mod h1:DBOIr9NsprUqCZ1ZhsuJ0wAnQSIxY/C6VjZbmLgw0j0= sigs.k8s.io/controller-tools v0.14.0 h1:rnNoCC5wSXlrNoBKKzL70LNJKIQKEzT6lloG6/LF73A= sigs.k8s.io/controller-tools v0.14.0/go.mod h1:TV7uOtNNnnR72SpzhStvPkoS/U5ir0nMudrkrC4M9Sc= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 12411670d..b7f8587bf 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -258,15 +258,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.5326b280 - - name: v1.30-alpha.5326b280 - version: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 + ref: v1.30-alpha.4d7a765c + - name: v1.30-alpha.4d7a765c + version: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 repo: https://github.com/istio/istio branch: master - commit: 5326b28022300d0f02adaa1be7cc33948a50a7f6 + commit: 4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6/helm/base-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6/helm/cni-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6/helm/gateway-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6/helm/istiod-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6/helm/ztunnel-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360/helm/base-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360/helm/cni-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360/helm/gateway-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360/helm/istiod-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360/helm/ztunnel-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz diff --git a/resources/v1.30-alpha.4d7a765c/base-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag b/resources/v1.30-alpha.4d7a765c/base-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag new file mode 100644 index 000000000..85334ecd1 --- /dev/null +++ b/resources/v1.30-alpha.4d7a765c/base-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag @@ -0,0 +1 @@ +283d611e14bd90c04e8f8d9c69540d40 diff --git a/resources/v1.30-alpha.5326b280/charts/base/Chart.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.5326b280/charts/base/Chart.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/Chart.yaml index c5e68026d..c0d778867 100644 --- a/resources/v1.30-alpha.5326b280/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.4d7a765c/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 +appVersion: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 +version: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 diff --git a/resources/v1.30-alpha.5326b280/charts/base/README.md b/resources/v1.30-alpha.4d7a765c/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/README.md rename to resources/v1.30-alpha.4d7a765c/charts/base/README.md diff --git a/resources/v1.30-alpha.5326b280/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.4d7a765c/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.4d7a765c/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.5326b280/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/base/values.yaml b/resources/v1.30-alpha.4d7a765c/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/base/values.yaml rename to resources/v1.30-alpha.4d7a765c/charts/base/values.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/Chart.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.5326b280/charts/cni/Chart.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/Chart.yaml index f738713a9..54b53cec9 100644 --- a/resources/v1.30-alpha.5326b280/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.4d7a765c/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 +appVersion: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 +version: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 diff --git a/resources/v1.30-alpha.5326b280/charts/cni/README.md b/resources/v1.30-alpha.4d7a765c/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/README.md rename to resources/v1.30-alpha.4d7a765c/charts/cni/README.md diff --git a/resources/v1.30-alpha.5326b280/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.4d7a765c/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.4d7a765c/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.5326b280/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.4d7a765c/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.4d7a765c/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.5326b280/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/cni/values.yaml b/resources/v1.30-alpha.4d7a765c/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.5326b280/charts/cni/values.yaml rename to resources/v1.30-alpha.4d7a765c/charts/cni/values.yaml index 533af71d9..4d671e339 100644 --- a/resources/v1.30-alpha.5326b280/charts/cni/values.yaml +++ b/resources/v1.30-alpha.4d7a765c/charts/cni/values.yaml @@ -153,7 +153,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 + tag: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/Chart.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.5326b280/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/Chart.yaml index 40935de0d..0c8ba608c 100644 --- a/resources/v1.30-alpha.5326b280/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.4d7a765c/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 +appVersion: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 +version: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/README.md b/resources/v1.30-alpha.4d7a765c/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/README.md rename to resources/v1.30-alpha.4d7a765c/charts/gateway/README.md diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.4d7a765c/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.4d7a765c/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/values.schema.json b/resources/v1.30-alpha.4d7a765c/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/values.schema.json rename to resources/v1.30-alpha.4d7a765c/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.5326b280/charts/gateway/values.yaml b/resources/v1.30-alpha.4d7a765c/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/gateway/values.yaml rename to resources/v1.30-alpha.4d7a765c/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/Chart.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.5326b280/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/Chart.yaml index 3a0c04daa..d046ac0dc 100644 --- a/resources/v1.30-alpha.5326b280/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.4d7a765c/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 +appVersion: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 +version: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/README.md b/resources/v1.30-alpha.4d7a765c/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/README.md rename to resources/v1.30-alpha.4d7a765c/charts/istiod/README.md diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/istiod/values.yaml b/resources/v1.30-alpha.4d7a765c/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.5326b280/charts/istiod/values.yaml rename to resources/v1.30-alpha.4d7a765c/charts/istiod/values.yaml index 3d4180420..913981a10 100644 --- a/resources/v1.30-alpha.5326b280/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.4d7a765c/charts/istiod/values.yaml @@ -254,7 +254,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 + tag: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/Chart.yaml index 20a8f4f11..b727003e4 100644 --- a/resources/v1.30-alpha.5326b280/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 +appVersion: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/revisiontags/values.yaml b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.5326b280/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.4d7a765c/charts/revisiontags/values.yaml index 3d4180420..913981a10 100644 --- a/resources/v1.30-alpha.5326b280/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.4d7a765c/charts/revisiontags/values.yaml @@ -254,7 +254,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 + tag: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/Chart.yaml index ee4cf2b97..967fa215e 100644 --- a/resources/v1.30-alpha.5326b280/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 +appVersion: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 +version: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/README.md b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/README.md rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.5326b280/charts/ztunnel/values.yaml b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/values.yaml similarity index 98% rename from resources/v1.30-alpha.5326b280/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.4d7a765c/charts/ztunnel/values.yaml index c87d55342..8aa690924 100644 --- a/resources/v1.30-alpha.5326b280/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.4d7a765c/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6 + tag: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.4d7a765c/cni-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag b/resources/v1.30-alpha.4d7a765c/cni-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag new file mode 100644 index 000000000..ea7eaaa42 --- /dev/null +++ b/resources/v1.30-alpha.4d7a765c/cni-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag @@ -0,0 +1 @@ +6b939885527922016788785fbfe7da24 diff --git a/resources/v1.30-alpha.4d7a765c/commit b/resources/v1.30-alpha.4d7a765c/commit new file mode 100644 index 000000000..721d81ee2 --- /dev/null +++ b/resources/v1.30-alpha.4d7a765c/commit @@ -0,0 +1 @@ +4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 diff --git a/resources/v1.30-alpha.4d7a765c/gateway-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag b/resources/v1.30-alpha.4d7a765c/gateway-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag new file mode 100644 index 000000000..0f444fa27 --- /dev/null +++ b/resources/v1.30-alpha.4d7a765c/gateway-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag @@ -0,0 +1 @@ +b70d32150167b3535875943d7c49a0f2 diff --git a/resources/v1.30-alpha.4d7a765c/istiod-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag b/resources/v1.30-alpha.4d7a765c/istiod-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag new file mode 100644 index 000000000..f3cf30bf1 --- /dev/null +++ b/resources/v1.30-alpha.4d7a765c/istiod-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag @@ -0,0 +1 @@ +7e66f963be0cc5475febc19e0b8de31e diff --git a/resources/v1.30-alpha.5326b280/profiles/ambient.yaml b/resources/v1.30-alpha.4d7a765c/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/profiles/ambient.yaml rename to resources/v1.30-alpha.4d7a765c/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.5326b280/profiles/default.yaml b/resources/v1.30-alpha.4d7a765c/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/profiles/default.yaml rename to resources/v1.30-alpha.4d7a765c/profiles/default.yaml diff --git a/resources/v1.30-alpha.5326b280/profiles/demo.yaml b/resources/v1.30-alpha.4d7a765c/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/profiles/demo.yaml rename to resources/v1.30-alpha.4d7a765c/profiles/demo.yaml diff --git a/resources/v1.30-alpha.5326b280/profiles/empty.yaml b/resources/v1.30-alpha.4d7a765c/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/profiles/empty.yaml rename to resources/v1.30-alpha.4d7a765c/profiles/empty.yaml diff --git a/resources/v1.30-alpha.5326b280/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.4d7a765c/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.4d7a765c/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.5326b280/profiles/openshift.yaml b/resources/v1.30-alpha.4d7a765c/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/profiles/openshift.yaml rename to resources/v1.30-alpha.4d7a765c/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.5326b280/profiles/preview.yaml b/resources/v1.30-alpha.4d7a765c/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/profiles/preview.yaml rename to resources/v1.30-alpha.4d7a765c/profiles/preview.yaml diff --git a/resources/v1.30-alpha.5326b280/profiles/remote.yaml b/resources/v1.30-alpha.4d7a765c/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/profiles/remote.yaml rename to resources/v1.30-alpha.4d7a765c/profiles/remote.yaml diff --git a/resources/v1.30-alpha.5326b280/profiles/stable.yaml b/resources/v1.30-alpha.4d7a765c/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.5326b280/profiles/stable.yaml rename to resources/v1.30-alpha.4d7a765c/profiles/stable.yaml diff --git a/resources/v1.30-alpha.4d7a765c/ztunnel-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag b/resources/v1.30-alpha.4d7a765c/ztunnel-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag new file mode 100644 index 000000000..6c5c9a8ee --- /dev/null +++ b/resources/v1.30-alpha.4d7a765c/ztunnel-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag @@ -0,0 +1 @@ +7aebb7ed2739fd7d3d33c3fe8ec8ced7 diff --git a/resources/v1.30-alpha.5326b280/base-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag b/resources/v1.30-alpha.5326b280/base-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag deleted file mode 100644 index 68916a87e..000000000 --- a/resources/v1.30-alpha.5326b280/base-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -e9c883d8bd6689aacbd9f2b7b350cba0 diff --git a/resources/v1.30-alpha.5326b280/cni-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag b/resources/v1.30-alpha.5326b280/cni-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag deleted file mode 100644 index a0e91b576..000000000 --- a/resources/v1.30-alpha.5326b280/cni-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -6ba25468307c6d493451d18e77f909c5 diff --git a/resources/v1.30-alpha.5326b280/commit b/resources/v1.30-alpha.5326b280/commit deleted file mode 100644 index 53322a36e..000000000 --- a/resources/v1.30-alpha.5326b280/commit +++ /dev/null @@ -1 +0,0 @@ -5326b28022300d0f02adaa1be7cc33948a50a7f6 diff --git a/resources/v1.30-alpha.5326b280/gateway-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag b/resources/v1.30-alpha.5326b280/gateway-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag deleted file mode 100644 index 049ad1766..000000000 --- a/resources/v1.30-alpha.5326b280/gateway-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -03f38beb97af4937d24c0b15f4300284 diff --git a/resources/v1.30-alpha.5326b280/istiod-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag b/resources/v1.30-alpha.5326b280/istiod-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag deleted file mode 100644 index 56891eb17..000000000 --- a/resources/v1.30-alpha.5326b280/istiod-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -aec0f79ab29f911158e201378a5acabe diff --git a/resources/v1.30-alpha.5326b280/ztunnel-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag b/resources/v1.30-alpha.5326b280/ztunnel-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag deleted file mode 100644 index 6a7380735..000000000 --- a/resources/v1.30-alpha.5326b280/ztunnel-1.30-alpha.5326b28022300d0f02adaa1be7cc33948a50a7f6.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -46ad771a799a6e08a06a612f16b280d2 From 60cc479e926708416192a1eb95f041f229bbc432 Mon Sep 17 00:00:00 2001 From: Maxim Babushkin Date: Tue, 20 Jan 2026 13:04:18 +0200 Subject: [PATCH 05/40] Fix yq expression syntax in configuration-converter (#1519) The validate_spec_components function in configuration-converter.sh was failing with "Error: bad expression, please check expression syntax" on extracting "components" keys. The original command attempted to delete non-"enabled" keys using: del(.spec.components.[] | keys[] | select(. != "enabled")) This failed because: - `.spec.components.[]` incorrectly tries to iterate over object values - `keys[]` syntax doesn't work in this pipeline context in yq v4 - `select(. != "enabled")` references values instead of key names - No proper context management for applying deletions back to document Replaced with proper yq v4 syntax using the `with()` function. Signed-off-by: Maxim Babushkin --- tools/configuration-converter.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/configuration-converter.sh b/tools/configuration-converter.sh index 855ae9b4d..9c24524a5 100755 --- a/tools/configuration-converter.sh +++ b/tools/configuration-converter.sh @@ -117,7 +117,7 @@ function boolean_2_string(){ # Note that if there is an entry except spec.components..enabled: true/false converter will delete them and warn user function validate_spec_components(){ if [[ $(yq eval '.spec.components' "$OUTPUT") != "null" ]]; then - yq -i 'del(.spec.components.[] | keys[] | select(. != "enabled")) | .spec.values *= .spec.components | del (.spec.components)' "$OUTPUT" + yq -i 'with(.spec.components[]; del( .[] | select(key != "enabled") )) | .spec.values *= .spec.components | del(.spec.components)' "$OUTPUT" echo "Only values in the format spec.components..enabled: true/false are supported for conversion. For more details, refer to the documentation: https://github.com/istio-ecosystem/sail-operator/tree/main/docs#components-field" fi } From f3e211417d4f497042ed1278889cf95b3ad153cc Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Wed, 21 Jan 2026 00:32:28 -0500 Subject: [PATCH 06/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1527) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 10 +- api/v1/istiocni_types.go | 10 +- api/v1/istiorevision_types.go | 6 +- api/v1/ztunnel_types.go | 10 +- api/v1alpha1/ztunnel_types.go | 10 +- .../sailoperator.clusterserviceversion.yaml | 43 +- .../manifests/sailoperator.io_istiocnis.yaml | 9 +- .../sailoperator.io_istiorevisions.yaml | 5 +- bundle/manifests/sailoperator.io_istios.yaml | 9 +- .../manifests/sailoperator.io_ztunnels.yaml | 18 +- chart/crds/sailoperator.io_istiocnis.yaml | 9 +- .../crds/sailoperator.io_istiorevisions.yaml | 5 +- chart/crds/sailoperator.io_istios.yaml | 9 +- chart/crds/sailoperator.io_ztunnels.yaml | 18 +- chart/samples/ambient/istio-sample.yaml | 2 +- chart/samples/ambient/istiocni-sample.yaml | 2 +- .../samples/ambient/istioztunnel-sample.yaml | 2 +- chart/samples/istio-sample-gw-api.yaml | 2 +- chart/samples/istio-sample-revisionbased.yaml | 2 +- chart/samples/istio-sample.yaml | 2 +- chart/samples/istiocni-sample.yaml | 2 +- chart/samples/ztunnel-sample.yaml | 2 +- chart/values.yaml | 15 +- docs/api-reference/sailoperator.io.md | 18 +- go.mod | 2 +- go.sum | 4 +- pkg/istioversion/versions.yaml | 30 +- resources/v1.28.3/base-1.28.3.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 14 + .../profile-compatibility-version-1.26.yaml | 11 + .../profile-compatibility-version-1.27.yaml | 9 + .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 14 + .../profile-compatibility-version-1.26.yaml | 11 + .../profile-compatibility-version-1.27.yaml | 9 + .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 252 ++++++++ .../network-attachment-definition.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 resources/v1.28.3/charts/cni/values.yaml | 192 ++++++ .../charts/gateway/Chart.yaml | 4 +- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 14 + .../profile-compatibility-version-1.26.yaml | 11 + .../profile-compatibility-version-1.27.yaml | 9 + .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../v1.28.3/charts/gateway/values.schema.json | 359 +++++++++++ .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +- .../charts/istiod/README.md | 0 .../files/gateway-injection-template.yaml | 274 ++++++++ .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 549 +++++++++++++++++ .../charts/istiod/files/kube-gateway.yaml | 407 ++++++++++++ .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 14 + .../profile-compatibility-version-1.26.yaml | 11 + .../profile-compatibility-version-1.27.yaml | 9 + .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../v1.28.3/charts/istiod/files/waypoint.yaml | 405 ++++++++++++ .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 314 ++++++++++ .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 83 +++ .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 65 ++ .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 resources/v1.28.3/charts/istiod/values.yaml | 583 ++++++++++++++++++ .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 14 + .../profile-compatibility-version-1.26.yaml | 11 + .../profile-compatibility-version-1.27.yaml | 9 + .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../v1.28.3/charts/revisiontags/values.yaml | 583 ++++++++++++++++++ .../charts/ztunnel/Chart.yaml | 4 +- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 14 + .../profile-compatibility-version-1.26.yaml | 11 + .../profile-compatibility-version-1.27.yaml | 9 + .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 212 +++++++ .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 resources/v1.28.3/charts/ztunnel/values.yaml | 136 ++++ resources/v1.28.3/cni-1.28.3.tgz.etag | 1 + resources/v1.28.3/commit | 1 + resources/v1.28.3/gateway-1.28.3.tgz.etag | 1 + resources/v1.28.3/istiod-1.28.3.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 resources/v1.28.3/ztunnel-1.28.3.tgz.etag | 1 + ...cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag | 1 - ...cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag | 1 - resources/v1.30-alpha.4d7a765c/commit | 1 - ...cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag | 1 - ...cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag | 1 - ...cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag | 1 - ...5d35fdebdea431237a8dc966bd0bbdd64.tgz.etag | 1 + .../charts/base/Chart.yaml | 10 + .../charts/base/README.md | 35 ++ .../charts/base/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 94 +++ .../base/files/profile-platform-gke.yaml | 10 + .../base/files/profile-platform-k3d.yaml | 7 + .../base/files/profile-platform-k3s.yaml | 7 + .../base/files/profile-platform-microk8s.yaml | 7 + .../base/files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/base/files/profile-preview.yaml | 13 + .../charts/base/files/profile-remote.yaml | 13 + .../charts/base/files/profile-stable.yaml | 8 + .../charts/base/templates/NOTES.txt | 5 + ...ultrevision-validatingadmissionpolicy.yaml | 55 ++ ...vision-validatingwebhookconfiguration.yaml | 58 ++ .../base/templates/reader-serviceaccount.yaml | 22 + .../charts/base/templates/zzz_profile.yaml | 75 +++ .../charts/base/values.yaml | 45 ++ .../charts/cni/Chart.yaml | 11 + .../v1.30-alpha.941c7435/charts/cni/README.md | 65 ++ .../charts/cni/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 94 +++ .../cni/files/profile-platform-gke.yaml | 10 + .../cni/files/profile-platform-k3d.yaml | 7 + .../cni/files/profile-platform-k3s.yaml | 7 + .../cni/files/profile-platform-microk8s.yaml | 7 + .../cni/files/profile-platform-minikube.yaml | 6 + .../cni/files/profile-platform-openshift.yaml | 19 + .../charts/cni/files/profile-preview.yaml | 13 + .../charts/cni/files/profile-remote.yaml | 13 + .../charts/cni/files/profile-stable.yaml | 8 + .../charts/cni/templates/NOTES.txt | 5 + .../charts/cni/templates/_helpers.tpl | 8 + .../charts/cni/templates/clusterrole.yaml | 84 +++ .../cni/templates/clusterrolebinding.yaml | 66 ++ .../charts/cni/templates/configmap-cni.yaml | 43 ++ .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 13 + .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 21 + .../charts/cni/templates/serviceaccount.yaml | 20 + .../cni/templates/zzy_descope_legacy.yaml | 3 + .../charts/cni/templates/zzz_profile.yaml | 75 +++ .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 12 + .../charts/gateway/README.md | 170 +++++ .../charts/gateway/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 94 +++ .../gateway/files/profile-platform-gke.yaml | 10 + .../gateway/files/profile-platform-k3d.yaml | 7 + .../gateway/files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/gateway/files/profile-preview.yaml | 13 + .../charts/gateway/files/profile-remote.yaml | 13 + .../charts/gateway/files/profile-stable.yaml | 8 + .../charts/gateway/templates/NOTES.txt | 9 + .../charts/gateway/templates/_helpers.tpl | 40 ++ .../charts/gateway/templates/deployment.yaml | 145 +++++ .../charts/gateway/templates/hpa.yaml | 40 ++ .../gateway/templates/networkpolicy.yaml | 47 ++ .../templates/poddisruptionbudget.yaml | 21 + .../charts/gateway/templates/role.yaml | 37 ++ .../charts/gateway/templates/service.yaml | 78 +++ .../gateway/templates/serviceaccount.yaml | 15 + .../charts/gateway/templates/zzz_profile.yaml | 75 +++ .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 204 ++++++ .../charts/istiod/Chart.yaml | 12 + .../charts/istiod/README.md | 73 +++ .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 318 ++++++++++ .../charts/istiod/files/grpc-simple.yaml | 65 ++ .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 94 +++ .../istiod/files/profile-platform-gke.yaml | 10 + .../istiod/files/profile-platform-k3d.yaml | 7 + .../istiod/files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/istiod/files/profile-preview.yaml | 13 + .../charts/istiod/files/profile-remote.yaml | 13 + .../charts/istiod/files/profile-stable.yaml | 8 + .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 82 +++ .../charts/istiod/templates/_helpers.tpl | 23 + .../charts/istiod/templates/autoscale.yaml | 45 ++ .../charts/istiod/templates/clusterrole.yaml | 216 +++++++ .../istiod/templates/clusterrolebinding.yaml | 43 ++ .../istiod/templates/configmap-jwks.yaml | 20 + .../istiod/templates/configmap-values.yaml | 21 + .../charts/istiod/templates/configmap.yaml | 113 ++++ .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 22 + .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 167 +++++ .../istiod/templates/networkpolicy.yaml | 47 ++ .../istiod/templates/poddisruptionbudget.yaml | 41 ++ .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 20 + .../remote-istiod-endpointslices.yaml | 42 ++ .../templates/remote-istiod-service.yaml | 43 ++ .../istiod/templates/revision-tags-mwc.yaml | 154 +++++ .../istiod/templates/revision-tags-svc.yaml | 57 ++ .../charts/istiod/templates/role.yaml | 37 ++ .../charts/istiod/templates/rolebinding.yaml | 23 + .../charts/istiod/templates/service.yaml | 59 ++ .../istiod/templates/serviceaccount.yaml | 26 + .../templates/validatingadmissionpolicy.yaml | 65 ++ .../validatingwebhookconfiguration.yaml | 70 +++ .../istiod/templates/zzy_descope_legacy.yaml | 3 + .../charts/istiod/templates/zzz_profile.yaml | 75 +++ .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 8 + .../revisiontags/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 94 +++ .../files/profile-platform-gke.yaml | 10 + .../files/profile-platform-k3d.yaml | 7 + .../files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../revisiontags/files/profile-preview.yaml | 13 + .../revisiontags/files/profile-remote.yaml | 13 + .../revisiontags/files/profile-stable.yaml | 8 + .../templates/revision-tags-mwc.yaml | 154 +++++ .../templates/revision-tags-svc.yaml | 57 ++ .../revisiontags/templates/zzz_profile.yaml | 75 +++ .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 11 + .../charts/ztunnel/README.md | 50 ++ .../charts/ztunnel/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 94 +++ .../ztunnel/files/profile-platform-gke.yaml | 10 + .../ztunnel/files/profile-platform-k3d.yaml | 7 + .../ztunnel/files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/ztunnel/files/profile-preview.yaml | 13 + .../charts/ztunnel/files/profile-remote.yaml | 13 + .../charts/ztunnel/files/profile-stable.yaml | 8 + .../charts/ztunnel/templates/NOTES.txt | 5 + .../charts/ztunnel/templates/_helpers.tpl | 1 + .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 51 ++ .../ztunnel/templates/resourcequota.yaml | 22 + .../ztunnel/templates/serviceaccount.yaml | 24 + .../charts/ztunnel/templates/zzz_profile.yaml | 75 +++ .../charts/ztunnel/values.yaml | 2 +- ...5d35fdebdea431237a8dc966bd0bbdd64.tgz.etag | 1 + resources/v1.30-alpha.941c7435/commit | 1 + ...5d35fdebdea431237a8dc966bd0bbdd64.tgz.etag | 1 + ...5d35fdebdea431237a8dc966bd0bbdd64.tgz.etag | 1 + .../profiles/ambient.yaml | 5 + .../profiles/default.yaml | 12 + .../v1.30-alpha.941c7435/profiles/demo.yaml | 5 + .../v1.30-alpha.941c7435/profiles/empty.yaml | 5 + .../profiles/openshift-ambient.yaml | 7 + .../profiles/openshift.yaml | 6 + .../profiles/preview.yaml | 8 + .../v1.30-alpha.941c7435/profiles/remote.yaml | 7 + .../v1.30-alpha.941c7435/profiles/stable.yaml | 5 + ...5d35fdebdea431237a8dc966bd0bbdd64.tgz.etag | 1 + 416 files changed, 10225 insertions(+), 132 deletions(-) create mode 100644 resources/v1.28.3/base-1.28.3.tgz.etag rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/README.md (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.28.3/charts/base/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.28.3/charts/base/files/profile-compatibility-version-1.26.yaml create mode 100644 resources/v1.28.3/charts/base/files/profile-compatibility-version-1.27.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.28.3/charts/cni/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.28.3/charts/cni/files/profile-compatibility-version-1.26.yaml create mode 100644 resources/v1.28.3/charts/cni/files/profile-compatibility-version-1.27.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/templates/configmap-cni.yaml (100%) create mode 100644 resources/v1.28.3/charts/cni/templates/daemonset.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/cni/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.28.3/charts/cni/values.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.28.3/charts/gateway/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.28.3/charts/gateway/files/profile-compatibility-version-1.26.yaml create mode 100644 resources/v1.28.3/charts/gateway/files/profile-compatibility-version-1.27.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.28.3/charts/gateway/values.schema.json rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/README.md (100%) create mode 100644 resources/v1.28.3/charts/istiod/files/gateway-injection-template.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/files/grpc-simple.yaml (100%) create mode 100644 resources/v1.28.3/charts/istiod/files/injection-template.yaml create mode 100644 resources/v1.28.3/charts/istiod/files/kube-gateway.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.28.3/charts/istiod/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.28.3/charts/istiod/files/profile-compatibility-version-1.26.yaml create mode 100644 resources/v1.28.3/charts/istiod/files/profile-compatibility-version-1.27.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/files/profile-stable.yaml (100%) create mode 100644 resources/v1.28.3/charts/istiod/files/waypoint.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/configmap.yaml (100%) create mode 100644 resources/v1.28.3/charts/istiod/templates/deployment.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/gateway-class-configmap.yaml (100%) create mode 100644 resources/v1.28.3/charts/istiod/templates/istiod-injector-configmap.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/poddisruptionbudget.yaml (100%) create mode 100644 resources/v1.28.3/charts/istiod/templates/reader-clusterrole.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/istiod/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.28.3/charts/istiod/values.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/revisiontags/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.28.3/charts/revisiontags/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.28.3/charts/revisiontags/files/profile-compatibility-version-1.26.yaml create mode 100644 resources/v1.28.3/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/revisiontags/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.28.3/charts/revisiontags/values.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.28.3/charts/ztunnel/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.28.3/charts/ztunnel/files/profile-compatibility-version-1.26.yaml create mode 100644 resources/v1.28.3/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/templates/_helpers.tpl (100%) create mode 100644 resources/v1.28.3/charts/ztunnel/templates/daemonset.yaml rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/charts/ztunnel/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.28.3/charts/ztunnel/values.yaml create mode 100644 resources/v1.28.3/cni-1.28.3.tgz.etag create mode 100644 resources/v1.28.3/commit create mode 100644 resources/v1.28.3/gateway-1.28.3.tgz.etag create mode 100644 resources/v1.28.3/istiod-1.28.3.tgz.etag rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.28.3}/profiles/stable.yaml (100%) create mode 100644 resources/v1.28.3/ztunnel-1.28.3.tgz.etag delete mode 100644 resources/v1.30-alpha.4d7a765c/base-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag delete mode 100644 resources/v1.30-alpha.4d7a765c/cni-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag delete mode 100644 resources/v1.30-alpha.4d7a765c/commit delete mode 100644 resources/v1.30-alpha.4d7a765c/gateway-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag delete mode 100644 resources/v1.30-alpha.4d7a765c/istiod-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag delete mode 100644 resources/v1.30-alpha.4d7a765c/ztunnel-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag create mode 100644 resources/v1.30-alpha.941c7435/base-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag create mode 100644 resources/v1.30-alpha.941c7435/charts/base/Chart.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/base/README.md create mode 100644 resources/v1.30-alpha.941c7435/charts/base/files/profile-ambient.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/base/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/base/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/base/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/base/files/profile-stable.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/base/templates/NOTES.txt create mode 100644 resources/v1.30-alpha.941c7435/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/base/templates/reader-serviceaccount.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/base/templates/zzz_profile.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/base/values.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/Chart.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/README.md create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/files/profile-ambient.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/files/profile-stable.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/templates/NOTES.txt create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/templates/_helpers.tpl create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/templates/clusterrole.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/templates/clusterrolebinding.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/templates/configmap-cni.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/cni/templates/daemonset.yaml (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/templates/network-attachment-definition.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/cni/templates/networkpolicy.yaml (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/templates/resourcequota.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/templates/serviceaccount.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/templates/zzy_descope_legacy.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/cni/templates/zzz_profile.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/cni/values.yaml (99%) create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/Chart.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/README.md create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/files/profile-ambient.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/files/profile-stable.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/templates/NOTES.txt create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/templates/_helpers.tpl create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/templates/deployment.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/templates/hpa.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/templates/networkpolicy.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/templates/poddisruptionbudget.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/templates/role.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/templates/service.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/templates/serviceaccount.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/templates/zzz_profile.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/gateway/values.schema.json (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/gateway/values.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/Chart.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/README.md rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/istiod/files/gateway-injection-template.yaml (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/files/grpc-agent.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/files/grpc-simple.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/istiod/files/kube-gateway.yaml (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/files/profile-ambient.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/files/profile-stable.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/istiod/files/waypoint.yaml (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/NOTES.txt create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/_helpers.tpl create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/autoscale.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/clusterrole.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/clusterrolebinding.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap-jwks.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap-values.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/istiod/templates/deployment.yaml (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/gateway-class-configmap.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/mutatingwebhook.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/networkpolicy.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/poddisruptionbudget.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/istiod/templates/reader-clusterrole.yaml (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/reader-clusterrolebinding.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/remote-istiod-endpointslices.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/remote-istiod-service.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/revision-tags-mwc.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/revision-tags-svc.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/role.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/rolebinding.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/service.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/serviceaccount.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/validatingadmissionpolicy.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/validatingwebhookconfiguration.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/zzy_descope_legacy.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/istiod/templates/zzz_profile.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/istiod/values.yaml (99%) create mode 100644 resources/v1.30-alpha.941c7435/charts/revisiontags/Chart.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-ambient.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-stable.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/revisiontags/templates/revision-tags-mwc.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/revisiontags/templates/revision-tags-svc.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/revisiontags/templates/zzz_profile.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/revisiontags/values.yaml (99%) create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/Chart.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/README.md create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-ambient.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-stable.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/templates/NOTES.txt create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/templates/_helpers.tpl rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/ztunnel/templates/networkpolicy.yaml (100%) create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/templates/rbac.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/templates/resourcequota.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/templates/serviceaccount.yaml create mode 100644 resources/v1.30-alpha.941c7435/charts/ztunnel/templates/zzz_profile.yaml rename resources/{v1.30-alpha.4d7a765c => v1.30-alpha.941c7435}/charts/ztunnel/values.yaml (98%) create mode 100644 resources/v1.30-alpha.941c7435/cni-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag create mode 100644 resources/v1.30-alpha.941c7435/commit create mode 100644 resources/v1.30-alpha.941c7435/gateway-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag create mode 100644 resources/v1.30-alpha.941c7435/istiod-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag create mode 100644 resources/v1.30-alpha.941c7435/profiles/ambient.yaml create mode 100644 resources/v1.30-alpha.941c7435/profiles/default.yaml create mode 100644 resources/v1.30-alpha.941c7435/profiles/demo.yaml create mode 100644 resources/v1.30-alpha.941c7435/profiles/empty.yaml create mode 100644 resources/v1.30-alpha.941c7435/profiles/openshift-ambient.yaml create mode 100644 resources/v1.30-alpha.941c7435/profiles/openshift.yaml create mode 100644 resources/v1.30-alpha.941c7435/profiles/preview.yaml create mode 100644 resources/v1.30-alpha.941c7435/profiles/remote.yaml create mode 100644 resources/v1.30-alpha.941c7435/profiles/stable.yaml create mode 100644 resources/v1.30-alpha.941c7435/ztunnel-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 1cdd0817f..fb47b4e62 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,10 +37,10 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.4d7a765c - // +kubebuilder:default=v1.28.2 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.941c7435 + // +kubebuilder:default=v1.28.3 Version string `json:"version"` // Defines the update strategy to use when the version in the Istio CR is updated. @@ -282,7 +282,7 @@ type Istio struct { // +optional metav1.ObjectMeta `json:"metadata"` - // +kubebuilder:default={version: "v1.28.2", namespace: "istio-system", updateStrategy: {type:"InPlace"}} + // +kubebuilder:default={version: "v1.28.3", namespace: "istio-system", updateStrategy: {type:"InPlace"}} // +optional Spec IstioSpec `json:"spec"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 4cc30d6a4..a0ae4084a 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,10 +28,10 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.4d7a765c - // +kubebuilder:default=v1.28.2 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.941c7435 + // +kubebuilder:default=v1.28.3 Version string `json:"version"` // +sail:profile @@ -181,7 +181,7 @@ type IstioCNI struct { // +optional metav1.ObjectMeta `json:"metadata"` - // +kubebuilder:default={version: "v1.28.2", namespace: "istio-cni"} + // +kubebuilder:default={version: "v1.28.3", namespace: "istio-cni"} // +optional Spec IstioCNISpec `json:"spec"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 9f3d5da69..1668abe87 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.4d7a765c. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c"} - // +kubebuilder:validation:Enum=v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.4d7a765c + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.941c7435. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.941c7435 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index cbbd49655..8a32f8e07 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,10 +28,10 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.4d7a765c - // +kubebuilder:default=v1.28.2 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.941c7435 + // +kubebuilder:default=v1.28.3 Version string `json:"version"` // Namespace to which the Istio ztunnel component should be installed. @@ -172,7 +172,7 @@ type ZTunnel struct { // +optional metav1.ObjectMeta `json:"metadata"` - // +kubebuilder:default={version: "v1.28.2", namespace: "ztunnel"} + // +kubebuilder:default={version: "v1.28.3", namespace: "ztunnel"} // +optional Spec ZTunnelSpec `json:"spec"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index a7aa8aa42..73dbf7cf0 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,10 +29,10 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.4d7a765c - // +kubebuilder:default=v1.28.2 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.941c7435 + // +kubebuilder:default=v1.28.3 Version string `json:"version"` // +sail:profile @@ -184,7 +184,7 @@ type ZTunnel struct { // +optional metav1.ObjectMeta `json:"metadata"` - // +kubebuilder:default={version: "v1.28.2", namespace: "ztunnel", profile: "ambient"} + // +kubebuilder:default={version: "v1.28.3", namespace: "ztunnel", profile: "ambient"} // +optional Spec ZTunnelSpec `json:"spec"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 07f1ad056..acd2d4757 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -16,7 +16,7 @@ metadata: "inactiveRevisionDeletionGracePeriodSeconds": 30, "type": "InPlace" }, - "version": "v1.28.2" + "version": "v1.28.3" } }, { @@ -27,7 +27,7 @@ metadata: }, "spec": { "namespace": "istio-cni", - "version": "v1.28.2" + "version": "v1.28.3" } }, { @@ -38,14 +38,14 @@ metadata: }, "spec": { "namespace": "ztunnel", - "version": "v1.28.2" + "version": "v1.28.3" } } ] capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-01-20T05:11:41Z" + createdAt: "2026-01-21T05:11:06Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,12 +179,13 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. displayName: Istio Version path: version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:fieldGroup:General - urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest + - urn:alm:descriptor:com.tectonic.ui:select:v1.28.3 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.0 @@ -206,7 +207,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -244,11 +245,12 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.4d7a765c. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.941c7435. displayName: Istio Version path: version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:fieldGroup:General + - urn:alm:descriptor:com.tectonic.ui:select:v1.28.3 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.0 @@ -267,7 +269,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -302,12 +304,13 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. displayName: Istio Version path: version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:fieldGroup:General - urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest + - urn:alm:descriptor:com.tectonic.ui:select:v1.28.3 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.0 @@ -329,7 +332,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -385,12 +388,13 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. displayName: Istio Version path: version x-descriptors: - urn:alm:descriptor:com.tectonic.ui:fieldGroup:General - urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest + - urn:alm:descriptor:com.tectonic.ui:select:v1.28.3 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.0 @@ -412,7 +416,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.4d7a765c + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -428,6 +432,7 @@ spec: This version of the operator supports the following Istio versions: - v1.28-latest + - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 @@ -449,7 +454,7 @@ spec: - v1.26.1 - v1.26.0 - master - - v1.30-alpha.4d7a765c + - v1.30-alpha.941c7435 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -879,10 +884,14 @@ spec: images.v1_28_2.istiod: gcr.io/istio-release/pilot:1.28.2 images.v1_28_2.proxy: gcr.io/istio-release/proxyv2:1.28.2 images.v1_28_2.ztunnel: gcr.io/istio-release/ztunnel:1.28.2 - images.v1_30-alpha_4d7a765c.cni: gcr.io/istio-testing/install-cni:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 - images.v1_30-alpha_4d7a765c.istiod: gcr.io/istio-testing/pilot:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 - images.v1_30-alpha_4d7a765c.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 - images.v1_30-alpha_4d7a765c.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 + images.v1_28_3.cni: gcr.io/istio-release/install-cni:1.28.3 + images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 + images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 + images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 + images.v1_30-alpha_941c7435.cni: gcr.io/istio-testing/install-cni:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 + images.v1_30-alpha_941c7435.istiod: gcr.io/istio-testing/pilot:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 + images.v1_30-alpha_941c7435.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 + images.v1_30-alpha_941c7435.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 85873f74c..297b97f7b 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -66,7 +66,7 @@ spec: spec: default: namespace: istio-cni - version: v1.28.2 + version: v1.28.3 description: IstioCNISpec defines the desired state of IstioCNI properties: namespace: @@ -1463,12 +1463,13 @@ spec: type: object type: object version: - default: v1.28.2 + default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest + - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 @@ -1516,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.4d7a765c + - v1.30-alpha.941c7435 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index da43b2398..6f99cdf0d 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10116,8 +10116,9 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.4d7a765c. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.941c7435. enum: + - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 @@ -10158,7 +10159,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.4d7a765c + - v1.30-alpha.941c7435 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 0c6c89c05..ab9e258a6 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -88,7 +88,7 @@ spec: namespace: istio-system updateStrategy: type: InPlace - version: v1.28.2 + version: v1.28.3 description: IstioSpec defines the desired state of Istio properties: namespace: @@ -10187,12 +10187,13 @@ spec: type: object type: object version: - default: v1.28.2 + default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest + - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 @@ -10240,7 +10241,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.4d7a765c + - v1.30-alpha.941c7435 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index decd00326..a317c7a23 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -62,7 +62,7 @@ spec: spec: default: namespace: ztunnel - version: v1.28.2 + version: v1.28.3 description: ZTunnelSpec defines the desired state of ZTunnel properties: namespace: @@ -3443,12 +3443,13 @@ spec: type: object type: object version: - default: v1.28.2 + default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest + - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 @@ -3484,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.4d7a765c + - v1.30-alpha.941c7435 type: string required: - namespace @@ -3594,7 +3595,7 @@ spec: default: namespace: ztunnel profile: ambient - version: v1.28.2 + version: v1.28.3 description: ZTunnelSpec defines the desired state of ZTunnel properties: namespace: @@ -6993,12 +6994,13 @@ spec: type: object type: object version: - default: v1.28.2 + default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest + - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 @@ -7034,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.4d7a765c + - v1.30-alpha.941c7435 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 7f969621f..3a96f2772 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -66,7 +66,7 @@ spec: spec: default: namespace: istio-cni - version: v1.28.2 + version: v1.28.3 description: IstioCNISpec defines the desired state of IstioCNI properties: namespace: @@ -1463,12 +1463,13 @@ spec: type: object type: object version: - default: v1.28.2 + default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest + - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 @@ -1516,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.4d7a765c + - v1.30-alpha.941c7435 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index 3485fe64a..a2c0a92b4 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10116,8 +10116,9 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.4d7a765c. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.941c7435. enum: + - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 @@ -10158,7 +10159,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.4d7a765c + - v1.30-alpha.941c7435 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 7308a436c..01ac13220 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -88,7 +88,7 @@ spec: namespace: istio-system updateStrategy: type: InPlace - version: v1.28.2 + version: v1.28.3 description: IstioSpec defines the desired state of Istio properties: namespace: @@ -10187,12 +10187,13 @@ spec: type: object type: object version: - default: v1.28.2 + default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest + - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 @@ -10240,7 +10241,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.4d7a765c + - v1.30-alpha.941c7435 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 938a8605f..b91b42588 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -62,7 +62,7 @@ spec: spec: default: namespace: ztunnel - version: v1.28.2 + version: v1.28.3 description: ZTunnelSpec defines the desired state of ZTunnel properties: namespace: @@ -3443,12 +3443,13 @@ spec: type: object type: object version: - default: v1.28.2 + default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest + - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 @@ -3484,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.4d7a765c + - v1.30-alpha.941c7435 type: string required: - namespace @@ -3594,7 +3595,7 @@ spec: default: namespace: ztunnel profile: ambient - version: v1.28.2 + version: v1.28.3 description: ZTunnelSpec defines the desired state of ZTunnel properties: namespace: @@ -6993,12 +6994,13 @@ spec: type: object type: object version: - default: v1.28.2 + default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest + - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 @@ -7034,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.4d7a765c + - v1.30-alpha.941c7435 type: string required: - namespace diff --git a/chart/samples/ambient/istio-sample.yaml b/chart/samples/ambient/istio-sample.yaml index 17046ec46..e70d9e233 100644 --- a/chart/samples/ambient/istio-sample.yaml +++ b/chart/samples/ambient/istio-sample.yaml @@ -3,7 +3,7 @@ kind: Istio metadata: name: default spec: - version: v1.28.2 + version: v1.28.3 namespace: istio-system profile: ambient updateStrategy: diff --git a/chart/samples/ambient/istiocni-sample.yaml b/chart/samples/ambient/istiocni-sample.yaml index 951774f75..caa6715c1 100644 --- a/chart/samples/ambient/istiocni-sample.yaml +++ b/chart/samples/ambient/istiocni-sample.yaml @@ -3,6 +3,6 @@ kind: IstioCNI metadata: name: default spec: - version: v1.28.2 + version: v1.28.3 profile: ambient namespace: istio-cni diff --git a/chart/samples/ambient/istioztunnel-sample.yaml b/chart/samples/ambient/istioztunnel-sample.yaml index e842d99a7..d38de555b 100644 --- a/chart/samples/ambient/istioztunnel-sample.yaml +++ b/chart/samples/ambient/istioztunnel-sample.yaml @@ -3,5 +3,5 @@ kind: ZTunnel metadata: name: default spec: - version: v1.28.2 + version: v1.28.3 namespace: ztunnel diff --git a/chart/samples/istio-sample-gw-api.yaml b/chart/samples/istio-sample-gw-api.yaml index 7b9956214..acab70f24 100644 --- a/chart/samples/istio-sample-gw-api.yaml +++ b/chart/samples/istio-sample-gw-api.yaml @@ -3,7 +3,7 @@ kind: Istio metadata: name: gateway-controller spec: - version: v1.28.2 + version: v1.28.3 namespace: gateway-controller updateStrategy: type: InPlace diff --git a/chart/samples/istio-sample-revisionbased.yaml b/chart/samples/istio-sample-revisionbased.yaml index e2056376c..573f761de 100644 --- a/chart/samples/istio-sample-revisionbased.yaml +++ b/chart/samples/istio-sample-revisionbased.yaml @@ -3,7 +3,7 @@ kind: Istio metadata: name: default spec: - version: v1.28.2 + version: v1.28.3 namespace: istio-system updateStrategy: type: RevisionBased diff --git a/chart/samples/istio-sample.yaml b/chart/samples/istio-sample.yaml index bfcec97bf..54791b876 100644 --- a/chart/samples/istio-sample.yaml +++ b/chart/samples/istio-sample.yaml @@ -3,7 +3,7 @@ kind: Istio metadata: name: default spec: - version: v1.28.2 + version: v1.28.3 namespace: istio-system updateStrategy: type: InPlace diff --git a/chart/samples/istiocni-sample.yaml b/chart/samples/istiocni-sample.yaml index 353b42368..81ffb6b5d 100644 --- a/chart/samples/istiocni-sample.yaml +++ b/chart/samples/istiocni-sample.yaml @@ -3,5 +3,5 @@ kind: IstioCNI metadata: name: default spec: - version: v1.28.2 + version: v1.28.3 namespace: istio-cni diff --git a/chart/samples/ztunnel-sample.yaml b/chart/samples/ztunnel-sample.yaml index e842d99a7..d38de555b 100644 --- a/chart/samples/ztunnel-sample.yaml +++ b/chart/samples/ztunnel-sample.yaml @@ -3,5 +3,5 @@ kind: ZTunnel metadata: name: default spec: - version: v1.28.2 + version: v1.28.3 namespace: ztunnel diff --git a/chart/values.yaml b/chart/values.yaml index 33b0207da..05ee206ee 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -2,6 +2,10 @@ name: sailoperator deployment: name: sail-operator annotations: + images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 + images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 + images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 + images.v1_28_3.cni: gcr.io/istio-release/install-cni:1.28.3 images.v1_28_2.ztunnel: gcr.io/istio-release/ztunnel:1.28.2 images.v1_28_2.istiod: gcr.io/istio-release/pilot:1.28.2 images.v1_28_2.proxy: gcr.io/istio-release/proxyv2:1.28.2 @@ -74,10 +78,10 @@ deployment: images.v1_26_0.istiod: gcr.io/istio-release/pilot:1.26.0 images.v1_26_0.proxy: gcr.io/istio-release/proxyv2:1.26.0 images.v1_26_0.cni: gcr.io/istio-release/install-cni:1.26.0 - images.v1_30-alpha_4d7a765c.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 - images.v1_30-alpha_4d7a765c.istiod: gcr.io/istio-testing/pilot:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 - images.v1_30-alpha_4d7a765c.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 - images.v1_30-alpha_4d7a765c.cni: gcr.io/istio-testing/install-cni:1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 + images.v1_30-alpha_941c7435.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 + images.v1_30-alpha_941c7435.istiod: gcr.io/istio-testing/pilot:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 + images.v1_30-alpha_941c7435.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 + images.v1_30-alpha_941c7435.cni: gcr.io/istio-testing/install-cni:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 revisionHistoryLimit: 10 service: port: 8443 @@ -94,6 +98,7 @@ csv: This version of the operator supports the following Istio versions: - v1.28-latest + - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 @@ -115,7 +120,7 @@ csv: - v1.26.1 - v1.26.0 - master - - v1.30-alpha.4d7a765c + - v1.30-alpha.941c7435 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 05dfd854e..1d3b6ddec 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -560,7 +560,7 @@ _Appears in:_ | `kind` _string_ | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | | | `apiVersion` _string_ | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | -| `spec` _[IstioSpec](#istiospec)_ | | \{ namespace:istio-system updateStrategy:map[type:InPlace] version:v1.28.2 \} | | +| `spec` _[IstioSpec](#istiospec)_ | | \{ namespace:istio-system updateStrategy:map[type:InPlace] version:v1.28.3 \} | | | `status` _[IstioStatus](#istiostatus)_ | | | | @@ -582,7 +582,7 @@ _Appears in:_ | `kind` _string_ | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | | | `apiVersion` _string_ | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | -| `spec` _[IstioCNISpec](#istiocnispec)_ | | \{ namespace:istio-cni version:v1.28.2 \} | | +| `spec` _[IstioCNISpec](#istiocnispec)_ | | \{ namespace:istio-cni version:v1.28.3 \} | | | `status` _[IstioCNIStatus](#istiocnistatus)_ | | | | @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.4d7a765c] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.941c7435] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.4d7a765c. | | Enum: [v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.4d7a765c] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.941c7435. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.941c7435] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.4d7a765c] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.941c7435] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3358,7 +3358,7 @@ _Appears in:_ | `kind` _string_ | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | | | `apiVersion` _string_ | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | -| `spec` _[ZTunnelSpec](#ztunnelspec)_ | | \{ namespace:ztunnel version:v1.28.2 \} | | +| `spec` _[ZTunnelSpec](#ztunnelspec)_ | | \{ namespace:ztunnel version:v1.28.3 \} | | | `status` _[ZTunnelStatus](#ztunnelstatus)_ | | | | @@ -3523,7 +3523,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.4d7a765c] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.941c7435] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3593,7 +3593,7 @@ _Appears in:_ | `kind` _string_ | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | | | `apiVersion` _string_ | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | | -| `spec` _[ZTunnelSpec](#ztunnelspec)_ | | \{ namespace:ztunnel profile:ambient version:v1.28.2 \} | | +| `spec` _[ZTunnelSpec](#ztunnelspec)_ | | \{ namespace:ztunnel profile:ambient version:v1.28.3 \} | | | `status` _[ZTunnelStatus](#ztunnelstatus)_ | | | | @@ -3689,7 +3689,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.4d7a765c. | v1.28.2 | Enum: [v1.28-latest v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.4d7a765c] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.941c7435] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index dfc940045..61e8dda13 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260116183715-e1c544fe5cee - istio.io/istio v0.0.0-20260120035416-4d7a765cf81a + istio.io/istio v0.0.0-20260121003427-941c7435d35f k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 diff --git a/go.sum b/go.sum index 9ecfdc897..973f07812 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260116183115-1e525da7e1ce h1:YyqDj8n9L8bZf41Y3C istio.io/api v1.29.0-alpha.0.0.20260116183115-1e525da7e1ce/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260116183715-e1c544fe5cee h1:PP8EpTpawoNm4+yUE/jswC0Ctz92BO1Ap1ZBO93T/6o= istio.io/client-go v1.29.0-alpha.0.0.20260116183715-e1c544fe5cee/go.mod h1:6b7+7Y2Q561h5uuJ7nTy3cz191ACvRq2FIVqKIQMAzE= -istio.io/istio v0.0.0-20260120035416-4d7a765cf81a h1:FoJeN9K/OKSiG9kudqfDu252Yu6K2awiJDJxqbuWDOY= -istio.io/istio v0.0.0-20260120035416-4d7a765cf81a/go.mod h1:XnbzpbAp+DxUmnZTybt6FVyabxSJ/5R2du3jzutRymY= +istio.io/istio v0.0.0-20260121003427-941c7435d35f h1:9yje0SwDH8dpvCC1qxUUbljFw9z2hFmAJTTIRGfrW4I= +istio.io/istio v0.0.0-20260121003427-941c7435d35f/go.mod h1:XnbzpbAp+DxUmnZTybt6FVyabxSJ/5R2du3jzutRymY= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index b7f8587bf..4161a8eac 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -16,7 +16,17 @@ # to avoid breaking API guarantees. versions: - name: v1.28-latest - ref: v1.28.2 + ref: v1.28.3 + - name: v1.28.3 + version: 1.28.3 + repo: https://github.com/istio/istio + commit: 1.28.3 + charts: + - https://istio-release.storage.googleapis.com/charts/base-1.28.3.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-1.28.3.tgz + - https://istio-release.storage.googleapis.com/charts/gateway-1.28.3.tgz + - https://istio-release.storage.googleapis.com/charts/cni-1.28.3.tgz + - https://istio-release.storage.googleapis.com/charts/ztunnel-1.28.3.tgz - name: v1.28.2 version: 1.28.2 repo: https://github.com/istio/istio @@ -258,15 +268,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.4d7a765c - - name: v1.30-alpha.4d7a765c - version: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 + ref: v1.30-alpha.941c7435 + - name: v1.30-alpha.941c7435 + version: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 repo: https://github.com/istio/istio branch: master - commit: 4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 + commit: 941c7435d35fdebdea431237a8dc966bd0bbdd64 charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360/helm/base-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360/helm/cni-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360/helm/gateway-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360/helm/istiod-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360/helm/ztunnel-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64/helm/base-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64/helm/cni-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64/helm/gateway-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64/helm/istiod-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64/helm/ztunnel-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz diff --git a/resources/v1.28.3/base-1.28.3.tgz.etag b/resources/v1.28.3/base-1.28.3.tgz.etag new file mode 100644 index 000000000..d425be400 --- /dev/null +++ b/resources/v1.28.3/base-1.28.3.tgz.etag @@ -0,0 +1 @@ +e96f57338a9da3e1c3e1b08a768607c4 diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/Chart.yaml b/resources/v1.28.3/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.4d7a765c/charts/base/Chart.yaml rename to resources/v1.28.3/charts/base/Chart.yaml index c0d778867..a3d44a423 100644 --- a/resources/v1.30-alpha.4d7a765c/charts/base/Chart.yaml +++ b/resources/v1.28.3/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 +appVersion: 1.28.3 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 +version: 1.28.3 diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/README.md b/resources/v1.28.3/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/README.md rename to resources/v1.28.3/charts/base/README.md diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-ambient.yaml b/resources/v1.28.3/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/files/profile-ambient.yaml rename to resources/v1.28.3/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.28.3/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.28.3/charts/base/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 000000000..d04117bfc --- /dev/null +++ b/resources/v1.28.3/charts/base/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,14 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.28.3/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.28.3/charts/base/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 000000000..8fe80112b --- /dev/null +++ b/resources/v1.28.3/charts/base/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.3/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.28.3/charts/base/files/profile-compatibility-version-1.27.yaml new file mode 100644 index 000000000..209157ccc --- /dev/null +++ b/resources/v1.28.3/charts/base/files/profile-compatibility-version-1.27.yaml @@ -0,0 +1,9 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-demo.yaml b/resources/v1.28.3/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/files/profile-demo.yaml rename to resources/v1.28.3/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-gke.yaml b/resources/v1.28.3/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-gke.yaml rename to resources/v1.28.3/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-k3d.yaml b/resources/v1.28.3/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.28.3/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-k3s.yaml b/resources/v1.28.3/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.28.3/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.28.3/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.28.3/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-minikube.yaml b/resources/v1.28.3/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.28.3/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-openshift.yaml b/resources/v1.28.3/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.28.3/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-preview.yaml b/resources/v1.28.3/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/files/profile-preview.yaml rename to resources/v1.28.3/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-remote.yaml b/resources/v1.28.3/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/files/profile-remote.yaml rename to resources/v1.28.3/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-stable.yaml b/resources/v1.28.3/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/files/profile-stable.yaml rename to resources/v1.28.3/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/templates/NOTES.txt b/resources/v1.28.3/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/templates/NOTES.txt rename to resources/v1.28.3/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.28.3/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.28.3/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.28.3/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.28.3/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.28.3/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.28.3/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/templates/zzz_profile.yaml b/resources/v1.28.3/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/templates/zzz_profile.yaml rename to resources/v1.28.3/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/values.yaml b/resources/v1.28.3/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/values.yaml rename to resources/v1.28.3/charts/base/values.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/Chart.yaml b/resources/v1.28.3/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.4d7a765c/charts/cni/Chart.yaml rename to resources/v1.28.3/charts/cni/Chart.yaml index 54b53cec9..61996e2b2 100644 --- a/resources/v1.30-alpha.4d7a765c/charts/cni/Chart.yaml +++ b/resources/v1.28.3/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 +appVersion: 1.28.3 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 +version: 1.28.3 diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/README.md b/resources/v1.28.3/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/README.md rename to resources/v1.28.3/charts/cni/README.md diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-ambient.yaml b/resources/v1.28.3/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-ambient.yaml rename to resources/v1.28.3/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.28.3/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.28.3/charts/cni/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 000000000..d04117bfc --- /dev/null +++ b/resources/v1.28.3/charts/cni/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,14 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.28.3/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.28.3/charts/cni/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 000000000..8fe80112b --- /dev/null +++ b/resources/v1.28.3/charts/cni/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.3/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.28.3/charts/cni/files/profile-compatibility-version-1.27.yaml new file mode 100644 index 000000000..209157ccc --- /dev/null +++ b/resources/v1.28.3/charts/cni/files/profile-compatibility-version-1.27.yaml @@ -0,0 +1,9 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-demo.yaml b/resources/v1.28.3/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-demo.yaml rename to resources/v1.28.3/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-gke.yaml b/resources/v1.28.3/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.28.3/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.28.3/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.28.3/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.28.3/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.28.3/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.28.3/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.28.3/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.28.3/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.28.3/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.28.3/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.28.3/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-preview.yaml b/resources/v1.28.3/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-preview.yaml rename to resources/v1.28.3/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-remote.yaml b/resources/v1.28.3/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-remote.yaml rename to resources/v1.28.3/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-stable.yaml b/resources/v1.28.3/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-stable.yaml rename to resources/v1.28.3/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/templates/NOTES.txt b/resources/v1.28.3/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/templates/NOTES.txt rename to resources/v1.28.3/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/templates/_helpers.tpl b/resources/v1.28.3/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/templates/_helpers.tpl rename to resources/v1.28.3/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/templates/clusterrole.yaml b/resources/v1.28.3/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/templates/clusterrole.yaml rename to resources/v1.28.3/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.28.3/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.28.3/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/templates/configmap-cni.yaml b/resources/v1.28.3/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/templates/configmap-cni.yaml rename to resources/v1.28.3/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.28.3/charts/cni/templates/daemonset.yaml b/resources/v1.28.3/charts/cni/templates/daemonset.yaml new file mode 100644 index 000000000..6d1dda290 --- /dev/null +++ b/resources/v1.28.3/charts/cni/templates/daemonset.yaml @@ -0,0 +1,252 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# This manifest installs the Istio install-cni container, as well +# as the Istio CNI plugin and config on +# each master and worker node in a Kubernetes cluster. +# +# $detectedBinDir exists to support a GKE-specific platform override, +# and is deprecated in favor of using the explicit `gke` platform profile. +{{- $detectedBinDir := (.Capabilities.KubeVersion.GitVersion | contains "-gke") | ternary + "/home/kubernetes/bin" + "/opt/cni/bin" +}} +{{- if .Values.cniBinDir }} +{{ $detectedBinDir = .Values.cniBinDir }} +{{- end }} +kind: DaemonSet +apiVersion: apps/v1 +metadata: + # Note that this is templated but evaluates to a fixed name + # which the CNI plugin may fall back onto in some failsafe scenarios. + # if this name is changed, CNI plugin logic that checks for this name + # format should also be updated. + name: {{ template "name" . }}-node + namespace: {{ .Release.Namespace }} + labels: + k8s-app: {{ template "name" . }}-node + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} + {{ with .Values.daemonSetLabels -}}{{ toYaml . | nindent 4}}{{ end }} +spec: + selector: + matchLabels: + k8s-app: {{ template "name" . }}-node + {{- with .Values.updateStrategy }} + updateStrategy: + {{- toYaml . | nindent 4 }} + {{- end }} + template: + metadata: + labels: + k8s-app: {{ template "name" . }}-node + sidecar.istio.io/inject: "false" + istio.io/dataplane-mode: none + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 8 }} + {{ with .Values.podLabels -}}{{ toYaml . | nindent 8}}{{ end }} + annotations: + sidecar.istio.io/inject: "false" + # Add Prometheus Scrape annotations + prometheus.io/scrape: 'true' + prometheus.io/port: "15014" + prometheus.io/path: '/metrics' + # Add AppArmor annotation + # This is required to avoid conflicts with AppArmor profiles which block certain + # privileged pod capabilities. + # Required for Kubernetes 1.29 which does not support setting appArmorProfile in the + # securityContext which is otherwise preferred. + container.apparmor.security.beta.kubernetes.io/install-cni: unconfined + # Custom annotations + {{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: +{{- if and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet +{{- end }} + nodeSelector: + kubernetes.io/os: linux + # Can be configured to allow for excluding istio-cni from being scheduled on specified nodes + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + priorityClassName: system-node-critical + serviceAccountName: {{ template "name" . }} + # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force + # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. + terminationGracePeriodSeconds: 5 + containers: + # This container installs the Istio CNI binaries + # and CNI network config file on each node. + - name: install-cni +{{- if contains "/" .Values.image }} + image: "{{ .Values.image }}" +{{- else }} + image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "install-cni" }}:{{ template "istio-tag" . }}" +{{- end }} +{{- if or .Values.pullPolicy .Values.global.imagePullPolicy }} + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.imagePullPolicy }} +{{- end }} + ports: + - containerPort: 15014 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8000 + securityContext: + privileged: false + runAsGroup: 0 + runAsUser: 0 + runAsNonRoot: false + # Both ambient and sidecar repair mode require elevated node privileges to function. + # But we don't need _everything_ in `privileged`, so explicitly set it to false and + # add capabilities based on feature. + capabilities: + drop: + - ALL + add: + # CAP_NET_ADMIN is required to allow ipset and route table access + - NET_ADMIN + # CAP_NET_RAW is required to allow iptables mutation of the `nat` table + - NET_RAW + # CAP_SYS_PTRACE is required for repair and ambient mode to describe + # the pod's network namespace. + - SYS_PTRACE + # CAP_SYS_ADMIN is required for both ambient and repair, in order to open + # network namespaces in `/proc` to obtain descriptors for entering pod network + # namespaces. There does not appear to be a more granular capability for this. + - SYS_ADMIN + # While we run as a 'root' (UID/GID 0), since we drop all capabilities we lose + # the typical ability to read/write to folders owned by others. + # This can cause problems if the hostPath mounts we use, which we require write access into, + # are owned by non-root. DAC_OVERRIDE bypasses these and gives us write access into any folder. + - DAC_OVERRIDE +{{- if .Values.seLinuxOptions }} +{{ with (merge .Values.seLinuxOptions (dict "type" "spc_t")) }} + seLinuxOptions: +{{ toYaml . | trim | indent 14 }} +{{- end }} +{{- end }} +{{- if .Values.seccompProfile }} + seccompProfile: +{{ toYaml .Values.seccompProfile | trim | indent 14 }} +{{- end }} + command: ["install-cni"] + args: + {{- if or .Values.logging.level .Values.global.logging.level }} + - --log_output_level={{ coalesce .Values.logging.level .Values.global.logging.level }} + {{- end}} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end}} + envFrom: + - configMapRef: + name: {{ template "name" . }}-config + env: + - name: REPAIR_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: REPAIR_RUN_AS_DAEMON + value: "true" + - name: REPAIR_SIDECAR_ANNOTATION + value: "sidecar.istio.io/status" + {{- if not (and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace) }} + - name: ALLOW_SWITCH_TO_HOST_NS + value: "true" + {{- end }} + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: '1' + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: '1' + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key }} + value: "{{ $val }}" + {{- end }} + {{- end }} + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + {{- if or .Values.repair.repairPods .Values.ambient.enabled }} + - mountPath: /host/proc + name: cni-host-procfs + readOnly: true + {{- end }} + - mountPath: /host/etc/cni/net.d + name: cni-net-dir + - mountPath: /var/run/istio-cni + name: cni-socket-dir + {{- if .Values.ambient.enabled }} + - mountPath: /host/var/run/netns + mountPropagation: HostToContainer + name: cni-netns-dir + - mountPath: /var/run/ztunnel + name: cni-ztunnel-sock-dir + {{ end }} + resources: +{{- if .Values.resources }} +{{ toYaml .Values.resources | trim | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | trim | indent 12 }} +{{- end }} + volumes: + # Used to install CNI. + - name: cni-bin-dir + hostPath: + path: {{ $detectedBinDir }} + {{- if or .Values.repair.repairPods .Values.ambient.enabled }} + - name: cni-host-procfs + hostPath: + path: /proc + type: Directory + {{- end }} + {{- if .Values.ambient.enabled }} + - name: cni-ztunnel-sock-dir + hostPath: + path: /var/run/ztunnel + type: DirectoryOrCreate + {{- end }} + - name: cni-net-dir + hostPath: + path: {{ .Values.cniConfDir }} + # Used for UDS sockets for logging, ambient eventing + - name: cni-socket-dir + hostPath: + path: /var/run/istio-cni + - name: cni-netns-dir + hostPath: + path: {{ .Values.cniNetnsDir }} + type: DirectoryOrCreate # DirectoryOrCreate instead of Directory for the following reason - CNI may not bind mount this until a non-hostnetwork pod is scheduled on the node, + # and we don't want to block CNI agent pod creation on waiting for the first non-hostnetwork pod. + # Once the CNI does mount this, it will get populated and we're good. +{{- end }} diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.28.3/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.28.3/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/templates/resourcequota.yaml b/resources/v1.28.3/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/templates/resourcequota.yaml rename to resources/v1.28.3/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/templates/serviceaccount.yaml b/resources/v1.28.3/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/templates/serviceaccount.yaml rename to resources/v1.28.3/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.28.3/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.28.3/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/templates/zzz_profile.yaml b/resources/v1.28.3/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/templates/zzz_profile.yaml rename to resources/v1.28.3/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.28.3/charts/cni/values.yaml b/resources/v1.28.3/charts/cni/values.yaml new file mode 100644 index 000000000..a7b72fe03 --- /dev/null +++ b/resources/v1.28.3/charts/cni/values.yaml @@ -0,0 +1,192 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + hub: "" + tag: "" + variant: "" + image: install-cni + pullPolicy: "" + + # Same as `global.logging.level`, but will override it if set + logging: + level: "" + + # Configuration file to insert istio-cni plugin configuration + # by default this will be the first file found in the cni-conf-dir + # Example + # cniConfFileName: 10-calico.conflist + + # CNI-and-platform specific path defaults. + # These may need to be set to platform-specific values, consult + # overrides for your platform in `manifests/helm-profiles/platform-*.yaml` + cniBinDir: /opt/cni/bin + cniConfDir: /etc/cni/net.d + cniConfFileName: "" + cniNetnsDir: "/var/run/netns" + + # If Istio owned CNI config is enabled, defaults to 02-istio-cni.conflist + istioOwnedCNIConfigFileName: "" + istioOwnedCNIConfig: false + + excludeNamespaces: + - kube-system + + # Allows user to set custom affinity for the DaemonSet + affinity: {} + + # Additional labels to apply on the daemonset level + daemonSetLabels: {} + + # Custom annotations on pod level, if you need them + podAnnotations: {} + + # Additional labels to apply on the pod level + podLabels: {} + + # Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")? + # Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case + chained: true + + # Custom configuration happens based on the CNI provider. + # Possible values: "default", "multus" + provider: "default" + + # Configure ambient settings + ambient: + # If enabled, ambient redirection will be enabled + enabled: false + # If ambient is enabled, this selector will be used to identify the ambient-enabled pods + enablementSelectors: + - podSelector: + matchLabels: {istio.io/dataplane-mode: ambient} + - podSelector: + matchExpressions: + - { key: istio.io/dataplane-mode, operator: NotIn, values: [none] } + namespaceSelector: + matchLabels: {istio.io/dataplane-mode: ambient} + # Set ambient config dir path: defaults to /etc/ambient-config + configDir: "" + # If enabled, and ambient is enabled, DNS redirection will be enabled + dnsCapture: true + # If enabled, and ambient is enabled, enables ipv6 support + ipv6: true + # If enabled, and ambient is enabled, the CNI agent will reconcile incompatible iptables rules and chains at startup. + # This will eventually be enabled by default + reconcileIptablesOnStartup: false + # If enabled, and ambient is enabled, the CNI agent will always share the network namespace of the host node it is running on + shareHostNetworkNamespace: false + + + repair: + enabled: true + hub: "" + tag: "" + + # Repair controller has 3 modes. Pick which one meets your use cases. Note only one may be used. + # This defines the action the controller will take when a pod is detected as broken. + + # labelPods will label all pods with =. + # This is only capable of identifying broken pods; the user is responsible for fixing them (generally, by deleting them). + # Note this gives the DaemonSet a relatively high privilege, as modifying pod metadata/status can have wider impacts. + labelPods: false + # deletePods will delete any broken pod. These will then be rescheduled, hopefully onto a node that is fully ready. + # Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod. + deletePods: false + # repairPods will dynamically repair any broken pod by setting up the pod networking configuration even after it has started. + # Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. + # This requires no RBAC privilege, but does require `securityContext.privileged/CAP_SYS_ADMIN`. + repairPods: true + + initContainerName: "istio-validation" + + brokenPodLabelKey: "cni.istio.io/uninitialized" + brokenPodLabelValue: "true" + + # Set to `type: RuntimeDefault` to use the default profile if available. + seccompProfile: {} + + # SELinux options to set in the istio-cni-node pods. You may need to set this to `type: spc_t` for some platforms. + seLinuxOptions: {} + + resources: + requests: + cpu: 100m + memory: 100Mi + + resourceQuotas: + enabled: false + pods: 5000 + + tolerations: + # Make sure istio-cni-node gets scheduled on all nodes. + - effect: NoSchedule + operator: Exists + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + + # K8s DaemonSet update strategy. + # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + revision: "" + + # For Helm compatibility. + ownerName: "" + + global: + # Default hub for Istio images. + # Releases are published to docker hub under 'istio' project. + # Dev builds from prow are on gcr.io + hub: gcr.io/istio-release + + # Default tag for Istio images. + tag: 1.28.3 + + # Variant of the image to use. + # Currently supported are: [debug, distroless] + variant: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent. + imagePullPolicy: "" + + # change cni scope level to control logging out of istio-cni-node DaemonSet + logging: + level: info + + logAsJson: false + + # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) + # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + # - private-registry-key + + # Default resources allocated + defaultResources: + requests: + cpu: 100m + memory: 100Mi + + # In order to use native nftable rules instead of iptable rules, set this flag to true. + nativeNftables: false + + # resourceScope controls what resources will be processed by helm. + # This is useful when installing Istio on a cluster where some resources need to be owned by a cluster administrator and some can be owned by the mesh administrator. + # It can be one of: + # - all: all resources are processed + # - cluster: only cluster-scoped resources are processed + # - namespace: only namespace-scoped resources are processed + resourceScope: all + + # A `key: value` mapping of environment variables to add to the pod + env: {} diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/Chart.yaml b/resources/v1.28.3/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/Chart.yaml rename to resources/v1.28.3/charts/gateway/Chart.yaml index 0c8ba608c..d41b4ee17 100644 --- a/resources/v1.30-alpha.4d7a765c/charts/gateway/Chart.yaml +++ b/resources/v1.28.3/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 +appVersion: 1.28.3 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 +version: 1.28.3 diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/README.md b/resources/v1.28.3/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/README.md rename to resources/v1.28.3/charts/gateway/README.md diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-ambient.yaml b/resources/v1.28.3/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-ambient.yaml rename to resources/v1.28.3/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.28.3/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.28.3/charts/gateway/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 000000000..d04117bfc --- /dev/null +++ b/resources/v1.28.3/charts/gateway/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,14 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.28.3/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.28.3/charts/gateway/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 000000000..8fe80112b --- /dev/null +++ b/resources/v1.28.3/charts/gateway/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.3/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.28.3/charts/gateway/files/profile-compatibility-version-1.27.yaml new file mode 100644 index 000000000..209157ccc --- /dev/null +++ b/resources/v1.28.3/charts/gateway/files/profile-compatibility-version-1.27.yaml @@ -0,0 +1,9 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-demo.yaml b/resources/v1.28.3/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-demo.yaml rename to resources/v1.28.3/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.28.3/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.28.3/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.28.3/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.28.3/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.28.3/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.28.3/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.28.3/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.28.3/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.28.3/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.28.3/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.28.3/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.28.3/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-preview.yaml b/resources/v1.28.3/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-preview.yaml rename to resources/v1.28.3/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-remote.yaml b/resources/v1.28.3/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-remote.yaml rename to resources/v1.28.3/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-stable.yaml b/resources/v1.28.3/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-stable.yaml rename to resources/v1.28.3/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/NOTES.txt b/resources/v1.28.3/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/templates/NOTES.txt rename to resources/v1.28.3/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/_helpers.tpl b/resources/v1.28.3/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/templates/_helpers.tpl rename to resources/v1.28.3/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/deployment.yaml b/resources/v1.28.3/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/templates/deployment.yaml rename to resources/v1.28.3/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/hpa.yaml b/resources/v1.28.3/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/templates/hpa.yaml rename to resources/v1.28.3/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/networkpolicy.yaml b/resources/v1.28.3/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.28.3/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.28.3/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.28.3/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/role.yaml b/resources/v1.28.3/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/templates/role.yaml rename to resources/v1.28.3/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/service.yaml b/resources/v1.28.3/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/templates/service.yaml rename to resources/v1.28.3/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/serviceaccount.yaml b/resources/v1.28.3/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.28.3/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/templates/zzz_profile.yaml b/resources/v1.28.3/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.28.3/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.28.3/charts/gateway/values.schema.json b/resources/v1.28.3/charts/gateway/values.schema.json new file mode 100644 index 000000000..9263245a2 --- /dev/null +++ b/resources/v1.28.3/charts/gateway/values.schema.json @@ -0,0 +1,359 @@ +{ + "$schema": "http://json-schema.org/schema#", + "$defs": { + "values": { + "type": "object", + "additionalProperties": false, + "properties": { + "_internal_defaults_do_not_set": { + "type": "object" + }, + "global": { + "type": "object" + }, + "affinity": { + "type": "object" + }, + "securityContext": { + "type": [ + "object", + "null" + ] + }, + "containerSecurityContext": { + "type": [ + "object", + "null" + ] + }, + "kind": { + "type": "string", + "enum": [ + "Deployment", + "DaemonSet" + ] + }, + "annotations": { + "additionalProperties": { + "type": [ + "string", + "integer" + ] + }, + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "env": { + "type": "object" + }, + "envVarFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { "type": "string" }, + "valueFrom": { "type": "object" } + } + } + }, + "strategy": { + "type": "object" + }, + "minReadySeconds": { + "type": [ "null", "integer" ] + }, + "readinessProbe": { + "type": [ "null", "object" ] + }, + "labels": { + "type": "object" + }, + "name": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object", + "properties": { + "inject.istio.io/templates": { + "type": "string" + }, + "prometheus.io/path": { + "type": "string" + }, + "prometheus.io/port": { + "type": "string" + }, + "prometheus.io/scrape": { + "type": "string" + } + } + }, + "replicaCount": { + "type": [ + "integer", + "null" + ] + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": ["object", "null"], + "properties": { + "cpu": { + "type": ["string", "null"] + }, + "memory": { + "type": ["string", "null"] + } + } + }, + "requests": { + "type": ["object", "null"], + "properties": { + "cpu": { + "type": ["string", "null"] + }, + "memory": { + "type": ["string", "null"] + } + } + } + } + }, + "revision": { + "type": "string" + }, + "defaultRevision": { + "type": "string" + }, + "compatibilityVersion": { + "type": "string" + }, + "profile": { + "type": "string" + }, + "platform": { + "type": "string" + }, + "pilot": { + "type": "object" + }, + "runAsRoot": { + "type": "boolean" + }, + "unprivilegedPort": { + "type": [ + "string", + "boolean" + ], + "enum": [ + true, + false, + "auto" + ] + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "selectorLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "externalTrafficPolicy": { + "type": "string" + }, + "loadBalancerIP": { + "type": "string" + }, + "loadBalancerSourceRanges": { + "type": "array" + }, + "ipFamilies": { + "items": { + "type": "string", + "enum": [ + "IPv4", + "IPv6" + ] + } + }, + "ipFamilyPolicy": { + "type": "string", + "enum": [ + "", + "SingleStack", + "PreferDualStack", + "RequireDualStack" + ] + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + } + }, + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "name": { + "type": "string" + }, + "create": { + "type": "boolean" + } + } + }, + "rbac": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "array" + }, + "networkGateway": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string", + "enum": [ + "", + "Always", + "IfNotPresent", + "Never" + ] + }, + "imagePullSecrets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + } + } + }, + "podDisruptionBudget": { + "type": "object", + "properties": { + "minAvailable": { + "type": [ + "integer", + "string" + ] + }, + "maxUnavailable": { + "type": [ + "integer", + "string" + ] + }, + "unhealthyPodEvictionPolicy": { + "type": "string", + "enum": [ + "", + "IfHealthyBudget", + "AlwaysAllow" + ] + } + } + }, + "terminationGracePeriodSeconds": { + "type": "number" + }, + "volumes": { + "type": "array", + "items": { + "type": "object" + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object" + } + }, + "initContainers": { + "type": "array", + "items": { "type": "object" } + }, + "additionalContainers": { + "type": "array", + "items": { "type": "object" } + }, + "priorityClassName": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object" + }, + "preStop": { + "type": "object" + } + } + } + } + } + }, + "defaults": { + "$ref": "#/$defs/values" + }, + "$ref": "#/$defs/values" +} diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/values.yaml b/resources/v1.28.3/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/values.yaml rename to resources/v1.28.3/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/Chart.yaml b/resources/v1.28.3/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/Chart.yaml rename to resources/v1.28.3/charts/istiod/Chart.yaml index d046ac0dc..c1e322211 100644 --- a/resources/v1.30-alpha.4d7a765c/charts/istiod/Chart.yaml +++ b/resources/v1.28.3/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 +appVersion: 1.28.3 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 +version: 1.28.3 diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/README.md b/resources/v1.28.3/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/README.md rename to resources/v1.28.3/charts/istiod/README.md diff --git a/resources/v1.28.3/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.28.3/charts/istiod/files/gateway-injection-template.yaml new file mode 100644 index 000000000..bc15ee3c3 --- /dev/null +++ b/resources/v1.28.3/charts/istiod/files/gateway-injection-template.yaml @@ -0,0 +1,274 @@ +{{- $containers := list }} +{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} +metadata: + labels: + service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} + service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} + annotations: + istio.io/rev: {{ .Revision | default "default" | quote }} + {{- if ge (len $containers) 1 }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} + kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}" + {{- end }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} + kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}" + {{- end }} + {{- end }} +spec: + securityContext: + {{- if .Values.gateways.securityContext }} + {{- toYaml .Values.gateways.securityContext | nindent 4 }} + {{- else }} + sysctls: + - name: net.ipv4.ip_unprivileged_port_start + value: "0" + {{- end }} + containers: + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} + - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} + - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.lifecycle }} + lifecycle: + {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} + {{- end }} + securityContext: + runAsUser: {{ .ProxyUID | default "1337" }} + runAsGroup: {{ .ProxyGID | default "1337" }} + env: + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + {{- if .CompliancePolicy }} + - name: COMPLIANCE_POLICY + value: "{{ .CompliancePolicy }}" + {{- end }} + - name: ISTIO_META_APP_CONTAINERS + value: "{{ $containers | join "," }}" + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ .ProxyConfig.InterceptionMode.String }}" + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{- if .DeploymentMeta.Name }} + - name: ISTIO_META_WORKLOAD_NAME + value: "{{ .DeploymentMeta.Name }}" + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: ISTIO_BOOTSTRAP_OVERRIDE + value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" + {{- end }} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + readinessProbe: + httpGet: + path: /healthz/ready + port: 15021 + initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }} + timeoutSeconds: 3 + failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + - name: credential-socket + mountPath: /var/run/secrets/credential-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - mountPath: /etc/istio/custom-bootstrap + name: custom-bootstrap-volume + {{- end }} + # SDS channel between istioagent and Envoy + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- end }} + - name: istio-podinfo + mountPath: /etc/istio/pod + volumes: + - emptyDir: + name: workload-socket + - emptyDir: {} + name: credential-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else}} + - emptyDir: {} + name: workload-certs + {{- end }} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: custom-bootstrap-volume + configMap: + name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/grpc-agent.yaml b/resources/v1.28.3/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/grpc-agent.yaml rename to resources/v1.28.3/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/grpc-simple.yaml b/resources/v1.28.3/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/grpc-simple.yaml rename to resources/v1.28.3/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.28.3/charts/istiod/files/injection-template.yaml b/resources/v1.28.3/charts/istiod/files/injection-template.yaml new file mode 100644 index 000000000..ba656bd7f --- /dev/null +++ b/resources/v1.28.3/charts/istiod/files/injection-template.yaml @@ -0,0 +1,549 @@ +{{- define "resources" }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} + requests: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} + cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" + {{ end }} + {{- end }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + limits: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} + cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} + memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" + {{ end }} + {{- end }} + {{- else }} + {{- if .Values.global.proxy.resources }} + {{ toYaml .Values.global.proxy.resources | indent 6 }} + {{- end }} + {{- end }} +{{- end }} +{{ $tproxy := (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) }} +{{ $capNetBindService := (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) }} +{{ $nativeSidecar := ne (index .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar` | default (printf "%t" .NativeSidecars)) "false" }} +{{- $containers := list }} +{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} +metadata: + labels: + security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio" | quote }} + {{- if eq (index .ProxyConfig.ProxyMetadata "ISTIO_META_ENABLE_HBONE") "true" }} + networking.istio.io/tunnel: {{ index .ObjectMeta.Labels `networking.istio.io/tunnel` | default "http" | quote }} + {{- end }} + service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | trunc 63 | trimSuffix "-" | quote }} + service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} + annotations: { + istio.io/rev: {{ .Revision | default "default" | quote }}, + {{- if ge (len $containers) 1 }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} + kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", + {{- end }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} + kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", + {{- end }} + {{- end }} +{{- if .Values.pilot.cni.enabled }} + {{- if eq .Values.pilot.cni.provider "multus" }} + k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `default/istio-cni` }}', + {{- end }} + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", + {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} + {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}", + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} + traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", + {{- end }} + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}", + {{- end }} + {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }} + {{ with index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}istio.io/reroute-virtual-interfaces: "{{.}}",{{ end }} + {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}traffic.sidecar.istio.io/excludeInterfaces: "{{.}}",{{ end }} +{{- end }} + } +spec: + {{- $holdProxy := and + (or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts) + (not $nativeSidecar) }} + {{- $noInitContainer := and + (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE`) + (not $nativeSidecar) }} + {{ if $noInitContainer }} + initContainers: [] + {{ else -}} + initContainers: + {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} + {{ if .Values.pilot.cni.enabled -}} + - name: istio-validation + {{ else -}} + - name: istio-init + {{ end -}} + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + args: + - istio-iptables + - "-p" + - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }} + - "-z" + - {{ .MeshConfig.ProxyInboundListenPort | default "15006" | quote }} + - "-u" + - {{ if $tproxy }} "1337" {{ else }} {{ .ProxyUID | default "1337" | quote }} {{ end }} + - "-m" + - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + - "-i" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + - "-x" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + - "-b" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}" + - "-d" + {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} + - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{- else }} + - "15090,15021" + {{- end }} + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} + - "-q" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" + {{ end -}} + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} + - "-o" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{ end -}} + {{ if (isset .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces`) -}} + - "-k" + - "{{ index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}" + {{ else if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} + - "-k" + - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" + {{ end -}} + {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`) -}} + - "-c" + - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}" + {{ end -}} + - "--log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}" + {{ if .Values.global.logAsJson -}} + - "--log_as_json" + {{ end -}} + {{ if .Values.pilot.cni.enabled -}} + - "--run-validation" + - "--skip-rule-apply" + {{ else if .Values.global.proxy_init.forceApplyIptables -}} + - "--force-apply" + {{ end -}} + {{ if .Values.global.nativeNftables -}} + - "--native-nftables" + {{ end -}} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + {{- if .ProxyConfig.ProxyMetadata }} + env: + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + resources: + {{ template "resources" . }} + securityContext: + allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} + privileged: {{ .Values.global.proxy.privileged }} + capabilities: + {{- if not .Values.pilot.cni.enabled }} + add: + - NET_ADMIN + - NET_RAW + {{- end }} + drop: + - ALL + {{- if not .Values.pilot.cni.enabled }} + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + {{- else }} + readOnlyRootFilesystem: true + runAsGroup: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyGID | default "1337" }} {{ end }} + runAsUser: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyUID | default "1337" }} {{ end }} + runAsNonRoot: true + {{- end }} + {{- if .Values.global.proxy.seccompProfile }} + seccompProfile: + {{- toYaml .Values.global.proxy.seccompProfile | nindent 8 }} + {{- end }} + {{ end -}} + {{ end -}} + {{ if not $nativeSidecar }} + containers: + {{ end }} + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + {{ if $nativeSidecar }}restartPolicy: Always{{end}} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} + - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} + - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.outlierLogPath }} + - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} + {{- end}} + {{- if .Values.global.proxy.lifecycle }} + lifecycle: + {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} + {{- else if $holdProxy }} + lifecycle: + postStart: + exec: + command: + - pilot-agent + - wait + {{- else if $nativeSidecar }} + {{- /* preStop is called when the pod starts shutdown. Initialize drain. We will get SIGTERM once applications are torn down. */}} + lifecycle: + preStop: + exec: + command: + - pilot-agent + - request + - --debug-port={{(annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort)}} + - POST + - drain + {{- end }} + env: + {{- if eq .InboundTrafficPolicyMode "localhost" }} + - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION + value: "true" + {{- end }} + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: ISTIO_META_APP_CONTAINERS + value: "{{ $containers | join "," }}" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + {{- if .CompliancePolicy }} + - name: COMPLIANCE_POLICY + value: "{{ .CompliancePolicy }}" + {{- end }} + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{- with (index .ObjectMeta.Labels `service.istio.io/workload-name` | default .DeploymentMeta.Name) }} + - name: ISTIO_META_WORKLOAD_NAME + value: "{{ . }}" + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: ISTIO_BOOTSTRAP_OVERRIDE + value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" + {{- end }} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} + {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} + {{ if .Values.global.proxy.startupProbe.enabled }} + startupProbe: + httpGet: + path: /healthz/ready + port: 15021 + initialDelaySeconds: 0 + periodSeconds: 1 + timeoutSeconds: 3 + failureThreshold: {{ .Values.global.proxy.startupProbe.failureThreshold }} + {{ end }} + readinessProbe: + httpGet: + path: /healthz/ready + port: 15021 + initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} + timeoutSeconds: 3 + failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} + {{ end -}} + securityContext: + {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }} + allowPrivilegeEscalation: true + capabilities: + add: + - NET_ADMIN + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: {{ .ProxyGID | default "1337" }} + runAsNonRoot: false + runAsUser: 0 + {{- else }} + allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} + capabilities: + {{ if or $tproxy $capNetBindService -}} + add: + {{ if $tproxy -}} + - NET_ADMIN + {{- end }} + {{ if $capNetBindService -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} + drop: + - ALL + privileged: {{ .Values.global.proxy.privileged }} + readOnlyRootFilesystem: true + {{ if or $tproxy $capNetBindService -}} + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 1337 + {{- else -}} + runAsNonRoot: true + runAsUser: {{ .ProxyUID | default "1337" }} + runAsGroup: {{ .ProxyGID | default "1337" }} + {{- end }} + {{- end }} + {{- if .Values.global.proxy.seccompProfile }} + seccompProfile: + {{- toYaml .Values.global.proxy.seccompProfile | nindent 8 }} + {{- end }} + resources: + {{ template "resources" . }} + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + - name: credential-socket + mountPath: /var/run/secrets/credential-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + - mountPath: /var/run/secrets/istio/crl + name: istio-ca-crl + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - mountPath: /etc/istio/custom-bootstrap + name: custom-bootstrap-volume + {{- end }} + # SDS channel between istioagent and Envoy + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- end }} + - name: istio-podinfo + mountPath: /etc/istio/pod + {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} + - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }} + name: lightstep-certs + readOnly: true + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} + {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 6 }} + {{ end }} + {{- end }} + volumes: + - emptyDir: + name: workload-socket + - emptyDir: + name: credential-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else }} + - emptyDir: + name: workload-certs + {{- end }} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: custom-bootstrap-volume + configMap: + name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + - name: istio-ca-crl + configMap: + name: istio-ca-crl + optional: true + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} + {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 4 }} + {{ end }} + {{ end }} + {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} + - name: lightstep-certs + secret: + optional: true + secretName: lightstep.cacert + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} diff --git a/resources/v1.28.3/charts/istiod/files/kube-gateway.yaml b/resources/v1.28.3/charts/istiod/files/kube-gateway.yaml new file mode 100644 index 000000000..8a34ea8a8 --- /dev/null +++ b/resources/v1.28.3/charts/istiod/files/kube-gateway.yaml @@ -0,0 +1,407 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{.ServiceAccount | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + {{- if ge .KubeVersion 128 }} + # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" + {{- end }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + "gateway.istio.io/managed" "istio.io-gateway-controller" + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + selector: + matchLabels: + "{{.GatewayNameLabel}}": {{.Name}} + template: + metadata: + annotations: + {{- toJsonMap + (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") + (strdict "istio.io/rev" (.Revision | default "default")) + (strdict + "prometheus.io/path" "/stats/prometheus" + "prometheus.io/port" "15020" + "prometheus.io/scrape" "true" + ) | nindent 8 }} + labels: + {{- toJsonMap + (strdict + "sidecar.istio.io/inject" "false" + "service.istio.io/canonical-name" .DeploymentName + "service.istio.io/canonical-revision" "latest" + ) + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + "gateway.istio.io/managed" "istio.io-gateway-controller" + ) | nindent 8 }} + spec: + securityContext: + {{- if .Values.gateways.securityContext }} + {{- toYaml .Values.gateways.securityContext | nindent 8 }} + {{- else }} + sysctls: + - name: net.ipv4.ip_unprivileged_port_start + value: "0" + {{- if .Values.gateways.seccompProfile }} + seccompProfile: + {{- toYaml .Values.gateways.seccompProfile | nindent 10 }} + {{- end }} + {{- end }} + serviceAccountName: {{.ServiceAccount | quote}} + containers: + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + {{- if .Values.global.proxy.resources }} + resources: + {{- toYaml .Values.global.proxy.resources | nindent 10 }} + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + securityContext: + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsUser: {{ .ProxyUID | default "1337" }} + runAsGroup: {{ .ProxyGID | default "1337" }} + runAsNonRoot: true + ports: + - containerPort: 15020 + name: metrics + protocol: TCP + - containerPort: 15021 + name: status-port + protocol: TCP + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} + - --proxyComponentLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} + - --log_output_level + - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.lifecycle }} + lifecycle: + {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }} + {{- end }} + env: + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: "[]" + - name: ISTIO_META_APP_CONTAINERS + value: "" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName .ClusterID }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ .ProxyConfig.InterceptionMode.String }}" + {{- with (valueOrDefault (index .InfrastructureLabels "topology.istio.io/network") .Values.global.network) }} + - name: ISTIO_META_NETWORK + value: {{.|quote}} + {{- end }} + - name: ISTIO_META_WORKLOAD_NAME + value: {{.DeploymentName|quote}} + - name: ISTIO_META_OWNER + value: "kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}}" + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- with (index .InfrastructureLabels "topology.istio.io/network") }} + - name: ISTIO_META_REQUESTED_NETWORK_VIEW + value: {{.|quote}} + {{- end }} + startupProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 4 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + - name: credential-socket + mountPath: /var/run/secrets/credential-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + # SDS channel between istioagent and Envoy + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + - name: istio-podinfo + mountPath: /etc/istio/pod + volumes: + - emptyDir: {} + name: workload-socket + - emptyDir: {} + name: credential-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else}} + - emptyDir: {} + name: workload-certs + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq ((.Values.pilot).env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + {{ toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: {{.UID}} +spec: + ipFamilyPolicy: PreferDualStack + ports: + {{- range $key, $val := .Ports }} + - name: {{ $val.Name | quote }} + port: {{ $val.Port }} + protocol: TCP + appProtocol: {{ $val.AppProtocol }} + {{- end }} + selector: + "{{.GatewayNameLabel}}": {{.Name}} + {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} + loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} + {{- end }} + type: {{ .ServiceType | quote }} +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{.DeploymentName | quote}} + maxReplicas: 1 +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + selector: + matchLabels: + gateway.networking.k8s.io/gateway-name: {{.Name|quote}} + diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-ambient.yaml b/resources/v1.28.3/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-ambient.yaml rename to resources/v1.28.3/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.28.3/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.28.3/charts/istiod/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 000000000..d04117bfc --- /dev/null +++ b/resources/v1.28.3/charts/istiod/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,14 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.28.3/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.28.3/charts/istiod/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 000000000..8fe80112b --- /dev/null +++ b/resources/v1.28.3/charts/istiod/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.3/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.28.3/charts/istiod/files/profile-compatibility-version-1.27.yaml new file mode 100644 index 000000000..209157ccc --- /dev/null +++ b/resources/v1.28.3/charts/istiod/files/profile-compatibility-version-1.27.yaml @@ -0,0 +1,9 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-demo.yaml b/resources/v1.28.3/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-demo.yaml rename to resources/v1.28.3/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.28.3/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.28.3/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.28.3/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.28.3/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.28.3/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.28.3/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.28.3/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.28.3/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.28.3/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.28.3/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.28.3/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.28.3/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-preview.yaml b/resources/v1.28.3/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-preview.yaml rename to resources/v1.28.3/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-remote.yaml b/resources/v1.28.3/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-remote.yaml rename to resources/v1.28.3/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-stable.yaml b/resources/v1.28.3/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-stable.yaml rename to resources/v1.28.3/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.28.3/charts/istiod/files/waypoint.yaml b/resources/v1.28.3/charts/istiod/files/waypoint.yaml new file mode 100644 index 000000000..7feed59a3 --- /dev/null +++ b/resources/v1.28.3/charts/istiod/files/waypoint.yaml @@ -0,0 +1,405 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{.ServiceAccount | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + {{- if ge .KubeVersion 128 }} + # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" + {{- end }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + "gateway.istio.io/managed" .ControllerLabel + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" +spec: + selector: + matchLabels: + "{{.GatewayNameLabel}}": "{{.Name}}" + template: + metadata: + annotations: + {{- toJsonMap + (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") + (strdict "istio.io/rev" (.Revision | default "default")) + (strdict + "prometheus.io/path" "/stats/prometheus" + "prometheus.io/port" "15020" + "prometheus.io/scrape" "true" + ) | nindent 8 }} + labels: + {{- toJsonMap + (strdict + "sidecar.istio.io/inject" "false" + "istio.io/dataplane-mode" "none" + "service.istio.io/canonical-name" .DeploymentName + "service.istio.io/canonical-revision" "latest" + ) + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + "gateway.istio.io/managed" .ControllerLabel + ) | nindent 8}} + spec: + {{- if .Values.global.waypoint.affinity }} + affinity: + {{- toYaml .Values.global.waypoint.affinity | nindent 8 }} + {{- end }} + {{- if .Values.global.waypoint.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml .Values.global.waypoint.topologySpreadConstraints | nindent 8 }} + {{- end }} + {{- if .Values.global.waypoint.nodeSelector }} + nodeSelector: + {{- toYaml .Values.global.waypoint.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.global.waypoint.tolerations }} + tolerations: + {{- toYaml .Values.global.waypoint.tolerations | nindent 8 }} + {{- end }} + serviceAccountName: {{.ServiceAccount | quote}} + containers: + - name: istio-proxy + ports: + - containerPort: 15020 + name: metrics + protocol: TCP + - containerPort: 15021 + name: status-port + protocol: TCP + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + args: + - proxy + - waypoint + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --serviceCluster + - {{.ServiceAccount}}.$(POD_NAMESPACE) + - --proxyLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} + - --proxyComponentLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} + - --log_output_level + - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.outlierLogPath }} + - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} + {{- end}} + env: + - name: ISTIO_META_SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + {{- if .ProxyConfig.ProxyMetadata }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + {{- $network := valueOrDefault (index .InfrastructureLabels `topology.istio.io/network`) .Values.global.network }} + {{- if $network }} + - name: ISTIO_META_NETWORK + value: "{{ $network }}" + {{- if eq .ControllerLabel "istio.io-eastwest-controller" }} + - name: ISTIO_META_REQUESTED_NETWORK_VIEW + value: "{{ $network }}" + {{- end }} + {{- end }} + - name: ISTIO_META_INTERCEPTION_MODE + value: REDIRECT + - name: ISTIO_META_WORKLOAD_NAME + value: {{.DeploymentName}} + - name: ISTIO_META_OWNER + value: kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- if .Values.global.waypoint.resources }} + resources: + {{- toYaml .Values.global.waypoint.resources | nindent 10 }} + {{- end }} + startupProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 4 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + privileged: false + {{- if not (eq .Values.global.platform "openshift") }} + runAsGroup: 1337 + runAsUser: 1337 + {{- end }} + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL +{{- if .Values.gateways.seccompProfile }} + seccompProfile: +{{- toYaml .Values.gateways.seccompProfile | nindent 12 }} +{{- end }} + volumeMounts: + - mountPath: /var/run/secrets/workload-spiffe-uds + name: workload-socket + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + - mountPath: /var/lib/istio/data + name: istio-data + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + - mountPath: /etc/istio/pod + name: istio-podinfo + volumes: + - emptyDir: {} + name: workload-socket + - emptyDir: + medium: Memory + name: istio-envoy + - emptyDir: + medium: Memory + name: go-proxy-envoy + - emptyDir: {} + name: istio-data + - emptyDir: {} + name: go-proxy-data + - downwardAPI: + items: + - fieldRef: + fieldPath: metadata.labels + path: labels + - fieldRef: + fieldPath: metadata.annotations + path: annotations + name: istio-podinfo + - name: istio-token + projected: + sources: + - serviceAccountToken: + audience: istio-ca + expirationSeconds: 43200 + path: istio-token + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + {{ toJsonMap + (strdict "networking.istio.io/traffic-distribution" "PreferClose") + (omit .InfrastructureAnnotations + "kubectl.kubernetes.io/last-applied-configuration" + "gateway.istio.io/name-override" + "gateway.istio.io/service-account" + "gateway.istio.io/controller-version" + ) | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" +spec: + ipFamilyPolicy: PreferDualStack + ports: + {{- range $key, $val := .Ports }} + - name: {{ $val.Name | quote }} + port: {{ $val.Port }} + protocol: TCP + appProtocol: {{ $val.AppProtocol }} + {{- end }} + selector: + "{{.GatewayNameLabel}}": "{{.Name}}" + {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} + loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} + {{- end }} + type: {{ .ServiceType | quote }} +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{.DeploymentName | quote}} + maxReplicas: 1 +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.networking.k8s.io/gateway-class-name" .GatewayClass + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + selector: + matchLabels: + gateway.networking.k8s.io/gateway-name: {{.Name|quote}} + diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/NOTES.txt b/resources/v1.28.3/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/NOTES.txt rename to resources/v1.28.3/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/_helpers.tpl b/resources/v1.28.3/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/_helpers.tpl rename to resources/v1.28.3/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/autoscale.yaml b/resources/v1.28.3/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/autoscale.yaml rename to resources/v1.28.3/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/clusterrole.yaml b/resources/v1.28.3/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/clusterrole.yaml rename to resources/v1.28.3/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.28.3/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.28.3/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.28.3/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.28.3/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/configmap-values.yaml b/resources/v1.28.3/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/configmap-values.yaml rename to resources/v1.28.3/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/configmap.yaml b/resources/v1.28.3/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/configmap.yaml rename to resources/v1.28.3/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.28.3/charts/istiod/templates/deployment.yaml b/resources/v1.28.3/charts/istiod/templates/deployment.yaml new file mode 100644 index 000000000..15107e745 --- /dev/null +++ b/resources/v1.28.3/charts/istiod/templates/deployment.yaml @@ -0,0 +1,314 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + istio: pilot + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +{{- range $key, $val := .Values.deploymentLabels }} + {{ $key }}: "{{ $val }}" +{{- end }} + {{- if .Values.deploymentAnnotations }} + annotations: +{{ toYaml .Values.deploymentAnnotations | indent 4 }} + {{- end }} +spec: +{{- if not .Values.autoscaleEnabled }} +{{- if .Values.replicaCount }} + replicas: {{ .Values.replicaCount }} +{{- end }} +{{- end }} + strategy: + rollingUpdate: + maxSurge: {{ .Values.rollingMaxSurge }} + maxUnavailable: {{ .Values.rollingMaxUnavailable }} + selector: + matchLabels: + {{- if ne .Values.revision "" }} + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + {{- else }} + istio: pilot + {{- end }} + template: + metadata: + labels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + sidecar.istio.io/inject: "false" + operator.istio.io/component: "Pilot" + {{- if ne .Values.revision "" }} + istio: istiod + {{- else }} + istio: pilot + {{- end }} + {{- range $key, $val := .Values.podLabels }} + {{ $key }}: "{{ $val }}" + {{- end }} + istio.io/dataplane-mode: none + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 8 }} + annotations: + prometheus.io/port: "15014" + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + {{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} +{{- with .Values.affinity }} + affinity: +{{- toYaml . | nindent 8 }} +{{- end }} + tolerations: + - key: cni.istio.io/not-ready + operator: "Exists" +{{- with .Values.tolerations }} +{{- toYaml . | nindent 8 }} +{{- end }} +{{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: +{{- toYaml . | nindent 8 }} +{{- end }} + serviceAccountName: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} +{{- if .Values.global.priorityClassName }} + priorityClassName: "{{ .Values.global.priorityClassName }}" +{{- end }} +{{- with .Values.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 8 }} +{{- end }} + containers: + - name: discovery +{{- if contains "/" .Values.image }} + image: "{{ .Values.image }}" +{{- else }} + image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "pilot" }}:{{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}}" +{{- end }} +{{- if .Values.global.imagePullPolicy }} + imagePullPolicy: {{ .Values.global.imagePullPolicy }} +{{- end }} + args: + - "discovery" + - --monitoringAddr=:15014 +{{- if .Values.global.logging.level }} + - --log_output_level={{ .Values.global.logging.level }} +{{- end}} +{{- if .Values.global.logAsJson }} + - --log_as_json +{{- end }} + - --domain + - {{ .Values.global.proxy.clusterDomain }} +{{- if .Values.taint.namespace }} + - --cniNamespace={{ .Values.taint.namespace }} +{{- end }} + - --keepaliveMaxServerConnectionAge + - "{{ .Values.keepaliveMaxServerConnectionAge }}" +{{- if .Values.extraContainerArgs }} + {{- with .Values.extraContainerArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} +{{- end }} + ports: + - containerPort: 8080 + protocol: TCP + name: http-debug + - containerPort: 15010 + protocol: TCP + name: grpc-xds + - containerPort: 15012 + protocol: TCP + name: tls-xds + - containerPort: 15017 + protocol: TCP + name: https-webhooks + - containerPort: 15014 + protocol: TCP + name: http-monitoring + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 1 + periodSeconds: 3 + timeoutSeconds: 5 + env: + - name: REVISION + value: "{{ .Values.revision | default `default` }}" + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.serviceAccountName + - name: KUBECONFIG + value: /var/run/secrets/remote/config + # If you explicitly told us where ztunnel lives, use that. + # Otherwise, assume it lives in our namespace + # Also, check for an explicit ENV override (legacy approach) and prefer that + # if present + {{ $ztTrustedNS := or .Values.trustedZtunnelNamespace .Release.Namespace }} + {{ $ztTrustedName := or .Values.trustedZtunnelName "ztunnel" }} + {{- if not .Values.env.CA_TRUSTED_NODE_ACCOUNTS }} + - name: CA_TRUSTED_NODE_ACCOUNTS + value: "{{ $ztTrustedNS }}/{{ $ztTrustedName }}" + {{- end }} + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key }} + value: "{{ $val }}" + {{- end }} + {{- end }} + {{- with .Values.envVarFrom }} + {{- toYaml . | nindent 10 }} + {{- end }} +{{- if .Values.traceSampling }} + - name: PILOT_TRACE_SAMPLING + value: "{{ .Values.traceSampling }}" +{{- end }} +# If externalIstiod is set via Values.Global, then enable the pilot env variable. However, if it's set via Values.pilot.env, then +# don't set it here to avoid duplication. +# TODO (nshankar13): Move from Helm chart to code: https://github.com/istio/istio/issues/52449 +{{- if and .Values.global.externalIstiod (not (and .Values.env .Values.env.EXTERNAL_ISTIOD)) }} + - name: EXTERNAL_ISTIOD + value: "{{ .Values.global.externalIstiod }}" +{{- end }} +{{- if .Values.global.trustBundleName }} + - name: PILOT_CA_CERT_CONFIGMAP + value: "{{ .Values.global.trustBundleName }}" +{{- end }} + - name: PILOT_ENABLE_ANALYSIS + value: "{{ .Values.global.istiod.enableAnalysis }}" + - name: CLUSTER_ID + value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: "1" + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: "1" + - name: PLATFORM + value: "{{ coalesce .Values.global.platform .Values.platform }}" + resources: +{{- if .Values.resources }} +{{ toYaml .Values.resources | trim | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | trim | indent 12 }} +{{- end }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL +{{- if .Values.seccompProfile }} + seccompProfile: +{{ toYaml .Values.seccompProfile | trim | indent 14 }} +{{- end }} + volumeMounts: + - name: istio-token + mountPath: /var/run/secrets/tokens + readOnly: true + - name: local-certs + mountPath: /var/run/secrets/istio-dns + - name: cacerts + mountPath: /etc/cacerts + readOnly: true + - name: istio-kubeconfig + mountPath: /var/run/secrets/remote + readOnly: true + {{- if .Values.jwksResolverExtraRootCA }} + - name: extracacerts + mountPath: /cacerts + {{- end }} + - name: istio-csr-dns-cert + mountPath: /var/run/secrets/istiod/tls + readOnly: true + - name: istio-csr-ca-configmap + mountPath: /var/run/secrets/istiod/ca + readOnly: true + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} + volumes: + # Technically not needed on this pod - but it helps debugging/testing SDS + # Should be removed after everything works. + - emptyDir: + medium: Memory + name: local-certs + - name: istio-token + projected: + sources: + - serviceAccountToken: + audience: {{ .Values.global.sds.token.aud }} + expirationSeconds: 43200 + path: istio-token + # Optional: user-generated root + - name: cacerts + secret: + secretName: cacerts + optional: true + - name: istio-kubeconfig + secret: + secretName: istio-kubeconfig + optional: true + # Optional: istio-csr dns pilot certs + - name: istio-csr-dns-cert + secret: + secretName: istiod-tls + optional: true + - name: istio-csr-ca-configmap + {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + optional: true + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + defaultMode: 420 + optional: true + {{- end }} + {{- if .Values.jwksResolverExtraRootCA }} + - name: extracacerts + configMap: + name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + {{- end }} + {{- with .Values.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} + +--- +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.28.3/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.28.3/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.28.3/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.28.3/charts/istiod/templates/istiod-injector-configmap.yaml new file mode 100644 index 000000000..a5a6cf9ae --- /dev/null +++ b/resources/v1.28.3/charts/istiod/templates/istiod-injector-configmap.yaml @@ -0,0 +1,83 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +{{- if not .Values.global.omitSidecarInjectorConfigMap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: +{{/* Scope the values to just top level fields used in the template, to reduce the size. */}} + values: |- +{{ $vals := pick .Values "global" "sidecarInjectorWebhook" "revision" -}} +{{ $pilotVals := pick .Values "cni" "env" -}} +{{ $vals = set $vals "pilot" $pilotVals -}} +{{ $gatewayVals := pick .Values.gateways "securityContext" "seccompProfile" -}} +{{ $vals = set $vals "gateways" $gatewayVals -}} +{{ $vals | toPrettyJson | indent 4 }} + + # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching + # and istiod webhook functionality. + # + # New fields should not use Values - it is a 'primary' config object, users should be able + # to fine tune it or use it with kube-inject. + config: |- + # defaultTemplates defines the default template to use for pods that do not explicitly specify a template + {{- if .Values.sidecarInjectorWebhook.defaultTemplates }} + defaultTemplates: +{{- range .Values.sidecarInjectorWebhook.defaultTemplates}} + - {{ . }} +{{- end }} + {{- else }} + defaultTemplates: [sidecar] + {{- end }} + policy: {{ .Values.global.proxy.autoInject }} + alwaysInjectSelector: +{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} + neverInjectSelector: +{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} + injectedAnnotations: + {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} + "{{ $key }}": {{ $val | quote }} + {{- end }} + {{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template + which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined". + This should make it obvious that their installation is broken. + */}} + template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }} + templates: +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }} + sidecar: | +{{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }} + gateway: | +{{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }} + grpc-simple: | +{{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }} + grpc-agent: | +{{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "waypoint") }} + waypoint: | +{{ .Files.Get "files/waypoint.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "kube-gateway") }} + kube-gateway: | +{{ .Files.Get "files/kube-gateway.yaml" | trim | indent 8 }} +{{- end }} +{{- with .Values.sidecarInjectorWebhook.templates }} +{{ toYaml . | trim | indent 6 }} +{{- end }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.28.3/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.28.3/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/networkpolicy.yaml b/resources/v1.28.3/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.28.3/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.28.3/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.28.3/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.28.3/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.28.3/charts/istiod/templates/reader-clusterrole.yaml new file mode 100644 index 000000000..e0b0ff42a --- /dev/null +++ b/resources/v1.28.3/charts/istiod/templates/reader-clusterrole.yaml @@ -0,0 +1,65 @@ +# Created if cluster resources are not omitted +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istio-reader + release: {{ .Release.Name }} + app.kubernetes.io/name: "istio-reader" + {{- include "istio.labels" . | nindent 4 }} +rules: + - apiGroups: + - "config.istio.io" + - "security.istio.io" + - "networking.istio.io" + - "authentication.istio.io" + - "rbac.istio.io" + - "telemetry.istio.io" + - "extensions.istio.io" + resources: ["*"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.istio.io"] + verbs: [ "get", "watch", "list" ] + resources: [ "workloadentries" ] + - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] + resources: ["gateways"] + verbs: ["get", "watch", "list"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceexports"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceimports"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] + - apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +{{- if .Values.istiodRemote.enabled }} + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "get", "list", "watch", "update"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update"] +{{- end}} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.28.3/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.28.3/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.28.3/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.28.3/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.28.3/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.28.3/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.28.3/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.28.3/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.28.3/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.28.3/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/role.yaml b/resources/v1.28.3/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/role.yaml rename to resources/v1.28.3/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/rolebinding.yaml b/resources/v1.28.3/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/rolebinding.yaml rename to resources/v1.28.3/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/service.yaml b/resources/v1.28.3/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/service.yaml rename to resources/v1.28.3/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/serviceaccount.yaml b/resources/v1.28.3/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.28.3/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.28.3/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.28.3/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.28.3/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.28.3/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.28.3/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.28.3/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/zzz_profile.yaml b/resources/v1.28.3/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.28.3/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.28.3/charts/istiod/values.yaml b/resources/v1.28.3/charts/istiod/values.yaml new file mode 100644 index 000000000..875383ea2 --- /dev/null +++ b/resources/v1.28.3/charts/istiod/values.yaml @@ -0,0 +1,583 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + autoscaleEnabled: true + autoscaleMin: 1 + autoscaleMax: 5 + autoscaleBehavior: {} + replicaCount: 1 + rollingMaxSurge: 100% + rollingMaxUnavailable: 25% + + hub: "" + tag: "" + variant: "" + + # Can be a full hub/image:tag + image: pilot + traceSampling: 1.0 + + # Resources for a small pilot install + resources: + requests: + cpu: 500m + memory: 2048Mi + + # Set to `type: RuntimeDefault` to use the default profile if available. + seccompProfile: {} + + # Whether to use an existing CNI installation + cni: + enabled: false + provider: default + + # Additional container arguments + extraContainerArgs: [] + + env: {} + + envVarFrom: [] + + # Settings related to the untaint controller + # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready + # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes + taint: + # Controls whether or not the untaint controller is active + enabled: false + # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod + namespace: "" + + affinity: {} + + tolerations: [] + + cpu: + targetAverageUtilization: 80 + memory: {} + # targetAverageUtilization: 80 + + # Additional volumeMounts to the istiod container + volumeMounts: [] + + # Additional volumes to the istiod pod + volumes: [] + + # Inject initContainers into the istiod pod + initContainers: [] + + nodeSelector: {} + podAnnotations: {} + serviceAnnotations: {} + serviceAccountAnnotations: {} + sidecarInjectorWebhookAnnotations: {} + + topologySpreadConstraints: [] + + # You can use jwksResolverExtraRootCA to provide a root certificate + # in PEM format. This will then be trusted by pilot when resolving + # JWKS URIs. + jwksResolverExtraRootCA: "" + + # The following is used to limit how long a sidecar can be connected + # to a pilot. It balances out load across pilot instances at the cost of + # increasing system churn. + keepaliveMaxServerConnectionAge: 30m + + # Additional labels to apply to the deployment. + deploymentLabels: {} + + # Annotations to apply to the istiod deployment. + deploymentAnnotations: {} + + ## Mesh config settings + + # Install the mesh config map, generated from values.yaml. + # If false, pilot wil use default values (by default) or user-supplied values. + configMap: true + + # Additional labels to apply on the pod level for monitoring and logging configuration. + podLabels: {} + + # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ipFamilyPolicy: "" + ipFamilies: [] + + # Ambient mode only. + # Set this if you install ztunnel to a different namespace from `istiod`. + # If set, `istiod` will allow connections from trusted node proxy ztunnels + # in the provided namespace. + # If unset, `istiod` will assume the trusted node proxy ztunnel resides + # in the same namespace as itself. + trustedZtunnelNamespace: "" + # Set this if you install ztunnel with a name different from the default. + trustedZtunnelName: "" + + sidecarInjectorWebhook: + # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or + # always skip the injection on pods that match that label selector, regardless of the global policy. + # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions + neverInjectSelector: [] + alwaysInjectSelector: [] + + # injectedAnnotations are additional annotations that will be added to the pod spec after injection + # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: + # + # annotations: + # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default + # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default + # + # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before + # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: + # injectedAnnotations: + # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default + # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default + injectedAnnotations: {} + + # This enables injection of sidecar in all namespaces, + # with the exception of namespaces with "istio-injection:disabled" annotation + # Only one environment should have this enabled. + enableNamespacesByDefault: false + + # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run + # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. + # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. + reinvocationPolicy: Never + + rewriteAppHTTPProbe: true + + # Templates defines a set of custom injection templates that can be used. For example, defining: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod + # being injected with the hello=world labels. + # This is intended for advanced configuration only; most users should use the built in template + templates: {} + + # Default templates specifies a set of default templates that are used in sidecar injection. + # By default, a template `sidecar` is always provided, which contains the template of default sidecar. + # To inject other additional templates, define it using the `templates` option, and add it to + # the default templates list. + # For example: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # defaultTemplates: ["sidecar", "hello"] + defaultTemplates: [] + istiodRemote: + # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, + # and istiod itself will NOT be installed in this cluster - only the support resources necessary + # to utilize a remote instance. + enabled: false + + # If `true`, indicates that this cluster/install should consume a "local istiod" installation, + # local istiod inject sidecars + enabledLocalInjectorIstiod: false + + # Sidecar injector mutating webhook configuration clientConfig.url value. + # For example: https://$remotePilotAddress:15017/inject + # The host should not refer to a service running in the cluster; use a service reference by specifying + # the clientConfig.service field instead. + injectionURL: "" + + # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. + # Override to pass env variables, for example: /inject/cluster/remote/net/network2 + injectionPath: "/inject" + + injectionCABundle: "" + telemetry: + enabled: true + v2: + # For Null VM case now. + # This also enables metadata exchange. + enabled: true + # Indicate if prometheus stats filter is enabled or not + prometheus: + enabled: true + # stackdriver filter settings. + stackdriver: + enabled: false + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + revision: "" + + # Revision tags are aliases to Istio control plane revisions + revisionTags: [] + + # For Helm compatibility. + ownerName: "" + + # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior + # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options + meshConfig: + enablePrometheusMerge: true + + experimental: + stableValidationPolicy: false + + global: + # Used to locate istiod. + istioNamespace: istio-system + # List of cert-signers to allow "approve" action in the istio cluster role + # + # certSigners: + # - clusterissuers.cert-manager.io/istio-ca + certSigners: [] + # enable pod disruption budget for the control plane, which is used to + # ensure Istio control plane components are gradually upgraded or recovered. + defaultPodDisruptionBudget: + enabled: true + # The values aren't mutable due to a current PodDisruptionBudget limitation + # minAvailable: 1 + + # A minimal set of requested resources to applied to all deployments so that + # Horizontal Pod Autoscaler will be able to function (if set). + # Each component can overwrite these default values by adding its own resources + # block in the relevant section below and setting the desired resources values. + defaultResources: + requests: + cpu: 10m + # memory: 128Mi + # limits: + # cpu: 100m + # memory: 128Mi + + # Default hub for Istio images. + # Releases are published to docker hub under 'istio' project. + # Dev builds from prow are on gcr.io + hub: gcr.io/istio-release + # Default tag for Istio images. + tag: 1.28.3 + # Variant of the image to use. + # Currently supported are: [debug, distroless] + variant: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent. + imagePullPolicy: "" + + # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) + # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + # - private-registry-key + + # Enabled by default in master for maximising testing. + istiod: + enableAnalysis: false + + # To output all istio components logs in json format by adding --log_as_json argument to each container argument + logAsJson: false + + # In order to use native nftable rules instead of iptable rules, set this flag to true. + nativeNftables: false + + # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: + # The control plane has different scopes depending on component, but can configure default log level across all components + # If empty, default scope and level will be used as configured in code + logging: + level: "default:info" + + # When enabled, default NetworkPolicy resources will be created + networkPolicy: + enabled: false + + omitSidecarInjectorConfigMap: false + + # resourceScope controls what resources will be processed by helm. + # This is useful when installing Istio on a cluster where some resources need to be owned by a cluster administrator and some can be owned by the mesh administrator. + # It can be one of: + # - all: all resources are processed + # - cluster: only cluster-scoped resources are processed + # - namespace: only namespace-scoped resources are processed + resourceScope: all + + # Configure whether Operator manages webhook configurations. The current behavior + # of Istiod is to manage its own webhook configurations. + # When this option is set as true, Istio Operator, instead of webhooks, manages the + # webhook configurations. When this option is set as false, webhooks manage their + # own webhook configurations. + operatorManageWebhooks: false + + # Custom DNS config for the pod to resolve names of services in other + # clusters. Use this to add additional search domains, and other settings. + # see + # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config + # This does not apply to gateway pods as they typically need a different + # set of DNS settings than the normal application pods (e.g., in + # multicluster scenarios). + # NOTE: If using templates, follow the pattern in the commented example below. + #podDNSSearchNamespaces: + #- global + #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" + + # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and + # system-node-critical, it is better to configure this in order to make sure your Istio pods + # will not be killed because of low priority class. + # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + # for more detail. + priorityClassName: "" + + proxy: + image: proxyv2 + + # This controls the 'policy' in the sidecar injector. + autoInject: enabled + + # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value + # cluster domain. Default value is "cluster.local". + clusterDomain: "cluster.local" + + # Per Component log level for proxy, applies to gateways and sidecars. If a component level is + # not set, then the global "logLevel" will be used. + componentLogLevel: "misc:error" + + # istio ingress capture allowlist + # examples: + # Redirect only selected ports: --includeInboundPorts="80,8080" + excludeInboundPorts: "" + includeInboundPorts: "*" + + # istio egress capture allowlist + # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly + # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" + # would only capture egress traffic on those two IP Ranges, all other outbound traffic would + # be allowed by the sidecar + includeIPRanges: "*" + excludeIPRanges: "" + includeOutboundPorts: "" + excludeOutboundPorts: "" + + # Log level for proxy, applies to gateways and sidecars. + # Expected values are: trace|debug|info|warning|error|critical|off + logLevel: warning + + # Specify the path to the outlier event log. + # Example: /dev/stdout + outlierLogPath: "" + + #If set to true, istio-proxy container will have privileged securityContext + privileged: false + + seccompProfile: {} + + # The number of successive failed probes before indicating readiness failure. + readinessFailureThreshold: 4 + + # The initial delay for readiness probes in seconds. + readinessInitialDelaySeconds: 0 + + # The period between readiness probes. + readinessPeriodSeconds: 15 + + # Enables or disables a startup probe. + # For optimal startup times, changing this should be tied to the readiness probe values. + # + # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. + # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), + # and doesn't spam the readiness endpoint too much + # + # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. + # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. + startupProbe: + enabled: true + failureThreshold: 600 # 10 minutes + + # Resources for the sidecar. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 2000m + memory: 1024Mi + + # Default port for Pilot agent health checks. A value of 0 will disable health checking. + statusPort: 15020 + + # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. + # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. + tracer: "none" + + proxy_init: + # Base name for the proxy_init container, used to configure iptables. + image: proxyv2 + # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. + # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. + forceApplyIptables: false + + # configure remote pilot and istiod service and endpoint + remotePilotAddress: "" + + ############################################################################################## + # The following values are found in other charts. To effectively modify these values, make # + # make sure they are consistent across your Istio helm charts # + ############################################################################################## + + # The customized CA address to retrieve certificates for the pods in the cluster. + # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. + # If not set explicitly, default to the Istio discovery address. + caAddress: "" + + # Enable control of remote clusters. + externalIstiod: false + + # Configure a remote cluster as the config cluster for an external istiod. + configCluster: false + + # configValidation enables the validation webhook for Istio configuration. + configValidation: true + + # Mesh ID means Mesh Identifier. It should be unique within the scope where + # meshes will interact with each other, but it is not required to be + # globally/universally unique. For example, if any of the following are true, + # then two meshes must have different Mesh IDs: + # - Meshes will have their telemetry aggregated in one place + # - Meshes will be federated together + # - Policy will be written referencing one mesh from the other + # + # If an administrator expects that any of these conditions may become true in + # the future, they should ensure their meshes have different Mesh IDs + # assigned. + # + # Within a multicluster mesh, each cluster must be (manually or auto) + # configured to have the same Mesh ID value. If an existing cluster 'joins' a + # multicluster mesh, it will need to be migrated to the new mesh ID. Details + # of migration TBD, and it may be a disruptive operation to change the Mesh + # ID post-install. + # + # If the mesh admin does not specify a value, Istio will use the value of the + # mesh's Trust Domain. The best practice is to select a proper Trust Domain + # value. + meshID: "" + + # Configure the mesh networks to be used by the Split Horizon EDS. + # + # The following example defines two networks with different endpoints association methods. + # For `network1` all endpoints that their IP belongs to the provided CIDR range will be + # mapped to network1. The gateway for this network example is specified by its public IP + # address and port. + # The second network, `network2`, in this example is defined differently with all endpoints + # retrieved through the specified Multi-Cluster registry being mapped to network2. The + # gateway is also defined differently with the name of the gateway service on the remote + # cluster. The public IP for the gateway will be determined from that remote service (only + # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, + # it still need to be configured manually). + # + # meshNetworks: + # network1: + # endpoints: + # - fromCidr: "192.168.0.1/24" + # gateways: + # - address: 1.1.1.1 + # port: 80 + # network2: + # endpoints: + # - fromRegistry: reg1 + # gateways: + # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local + # port: 443 + # + meshNetworks: {} + + # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. + mountMtlsCerts: false + + multiCluster: + # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection + # to properly label proxies + clusterName: "" + + # Network defines the network this cluster belong to. This name + # corresponds to the networks in the map of mesh networks. + network: "" + + # Configure the certificate provider for control plane communication. + # Currently, two providers are supported: "kubernetes" and "istiod". + # As some platforms may not have kubernetes signing APIs, + # Istiod is the default + pilotCertProvider: istiod + + sds: + # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. + # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the + # JWT is intended for the CA. + token: + aud: istio-ca + + sts: + # The service port used by Security Token Service (STS) server to handle token exchange requests. + # Setting this port to a non-zero value enables STS server. + servicePort: 0 + + # The name of the CA for workload certificates. + # For example, when caName=GkeWorkloadCertificate, GKE workload certificates + # will be used as the certificates for workloads. + # The default value is "" and when caName="", the CA will be configured by other + # mechanisms (e.g., environmental variable CA_PROVIDER). + caName: "" + + waypoint: + # Resources for the waypoint proxy. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: "2" + memory: 1Gi + + # If specified, affinity defines the scheduling constraints of waypoint pods. + affinity: {} + + # Topology Spread Constraints for the waypoint proxy. + topologySpreadConstraints: [] + + # Node labels for the waypoint proxy. + nodeSelector: {} + + # Tolerations for the waypoint proxy. + tolerations: [] + + base: + # For istioctl usage to disable istio config crds in base + enableIstioConfigCRDs: true + + # Gateway Settings + gateways: + # Define the security context for the pod. + # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. + # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. + securityContext: {} + + # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it + seccompProfile: {} + + # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. + # For example: + # gatewayClasses: + # istio: + # service: + # spec: + # type: ClusterIP + # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. + gatewayClasses: {} + + pdb: + # -- Minimum available pods set in PodDisruptionBudget. + # Define either 'minAvailable' or 'maxUnavailable', never both. + minAvailable: 1 + # -- Maximum unavailable pods set in PodDisruptionBudget. If set, 'minAvailable' is ignored. + # maxUnavailable: 1 + # -- Eviction policy for unhealthy pods guarded by PodDisruptionBudget. + # Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ + unhealthyPodEvictionPolicy: "" diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/Chart.yaml b/resources/v1.28.3/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/Chart.yaml rename to resources/v1.28.3/charts/revisiontags/Chart.yaml index b727003e4..a7e92aab5 100644 --- a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/Chart.yaml +++ b/resources/v1.28.3/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 +appVersion: 1.28.3 description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.28.3/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.28.3/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.28.3/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.28.3/charts/revisiontags/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 000000000..d04117bfc --- /dev/null +++ b/resources/v1.28.3/charts/revisiontags/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,14 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.28.3/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.28.3/charts/revisiontags/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 000000000..8fe80112b --- /dev/null +++ b/resources/v1.28.3/charts/revisiontags/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.3/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.28.3/charts/revisiontags/files/profile-compatibility-version-1.27.yaml new file mode 100644 index 000000000..209157ccc --- /dev/null +++ b/resources/v1.28.3/charts/revisiontags/files/profile-compatibility-version-1.27.yaml @@ -0,0 +1,9 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-demo.yaml b/resources/v1.28.3/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.28.3/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.28.3/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.28.3/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.28.3/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.28.3/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.28.3/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.28.3/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.28.3/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.28.3/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.28.3/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.28.3/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.28.3/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.28.3/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-preview.yaml b/resources/v1.28.3/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.28.3/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-remote.yaml b/resources/v1.28.3/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.28.3/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-stable.yaml b/resources/v1.28.3/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.28.3/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.28.3/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.28.3/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.28.3/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.28.3/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.28.3/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.28.3/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.28.3/charts/revisiontags/values.yaml b/resources/v1.28.3/charts/revisiontags/values.yaml new file mode 100644 index 000000000..875383ea2 --- /dev/null +++ b/resources/v1.28.3/charts/revisiontags/values.yaml @@ -0,0 +1,583 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + autoscaleEnabled: true + autoscaleMin: 1 + autoscaleMax: 5 + autoscaleBehavior: {} + replicaCount: 1 + rollingMaxSurge: 100% + rollingMaxUnavailable: 25% + + hub: "" + tag: "" + variant: "" + + # Can be a full hub/image:tag + image: pilot + traceSampling: 1.0 + + # Resources for a small pilot install + resources: + requests: + cpu: 500m + memory: 2048Mi + + # Set to `type: RuntimeDefault` to use the default profile if available. + seccompProfile: {} + + # Whether to use an existing CNI installation + cni: + enabled: false + provider: default + + # Additional container arguments + extraContainerArgs: [] + + env: {} + + envVarFrom: [] + + # Settings related to the untaint controller + # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready + # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes + taint: + # Controls whether or not the untaint controller is active + enabled: false + # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod + namespace: "" + + affinity: {} + + tolerations: [] + + cpu: + targetAverageUtilization: 80 + memory: {} + # targetAverageUtilization: 80 + + # Additional volumeMounts to the istiod container + volumeMounts: [] + + # Additional volumes to the istiod pod + volumes: [] + + # Inject initContainers into the istiod pod + initContainers: [] + + nodeSelector: {} + podAnnotations: {} + serviceAnnotations: {} + serviceAccountAnnotations: {} + sidecarInjectorWebhookAnnotations: {} + + topologySpreadConstraints: [] + + # You can use jwksResolverExtraRootCA to provide a root certificate + # in PEM format. This will then be trusted by pilot when resolving + # JWKS URIs. + jwksResolverExtraRootCA: "" + + # The following is used to limit how long a sidecar can be connected + # to a pilot. It balances out load across pilot instances at the cost of + # increasing system churn. + keepaliveMaxServerConnectionAge: 30m + + # Additional labels to apply to the deployment. + deploymentLabels: {} + + # Annotations to apply to the istiod deployment. + deploymentAnnotations: {} + + ## Mesh config settings + + # Install the mesh config map, generated from values.yaml. + # If false, pilot wil use default values (by default) or user-supplied values. + configMap: true + + # Additional labels to apply on the pod level for monitoring and logging configuration. + podLabels: {} + + # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ipFamilyPolicy: "" + ipFamilies: [] + + # Ambient mode only. + # Set this if you install ztunnel to a different namespace from `istiod`. + # If set, `istiod` will allow connections from trusted node proxy ztunnels + # in the provided namespace. + # If unset, `istiod` will assume the trusted node proxy ztunnel resides + # in the same namespace as itself. + trustedZtunnelNamespace: "" + # Set this if you install ztunnel with a name different from the default. + trustedZtunnelName: "" + + sidecarInjectorWebhook: + # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or + # always skip the injection on pods that match that label selector, regardless of the global policy. + # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions + neverInjectSelector: [] + alwaysInjectSelector: [] + + # injectedAnnotations are additional annotations that will be added to the pod spec after injection + # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: + # + # annotations: + # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default + # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default + # + # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before + # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: + # injectedAnnotations: + # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default + # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default + injectedAnnotations: {} + + # This enables injection of sidecar in all namespaces, + # with the exception of namespaces with "istio-injection:disabled" annotation + # Only one environment should have this enabled. + enableNamespacesByDefault: false + + # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run + # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. + # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. + reinvocationPolicy: Never + + rewriteAppHTTPProbe: true + + # Templates defines a set of custom injection templates that can be used. For example, defining: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod + # being injected with the hello=world labels. + # This is intended for advanced configuration only; most users should use the built in template + templates: {} + + # Default templates specifies a set of default templates that are used in sidecar injection. + # By default, a template `sidecar` is always provided, which contains the template of default sidecar. + # To inject other additional templates, define it using the `templates` option, and add it to + # the default templates list. + # For example: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # defaultTemplates: ["sidecar", "hello"] + defaultTemplates: [] + istiodRemote: + # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, + # and istiod itself will NOT be installed in this cluster - only the support resources necessary + # to utilize a remote instance. + enabled: false + + # If `true`, indicates that this cluster/install should consume a "local istiod" installation, + # local istiod inject sidecars + enabledLocalInjectorIstiod: false + + # Sidecar injector mutating webhook configuration clientConfig.url value. + # For example: https://$remotePilotAddress:15017/inject + # The host should not refer to a service running in the cluster; use a service reference by specifying + # the clientConfig.service field instead. + injectionURL: "" + + # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. + # Override to pass env variables, for example: /inject/cluster/remote/net/network2 + injectionPath: "/inject" + + injectionCABundle: "" + telemetry: + enabled: true + v2: + # For Null VM case now. + # This also enables metadata exchange. + enabled: true + # Indicate if prometheus stats filter is enabled or not + prometheus: + enabled: true + # stackdriver filter settings. + stackdriver: + enabled: false + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + revision: "" + + # Revision tags are aliases to Istio control plane revisions + revisionTags: [] + + # For Helm compatibility. + ownerName: "" + + # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior + # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options + meshConfig: + enablePrometheusMerge: true + + experimental: + stableValidationPolicy: false + + global: + # Used to locate istiod. + istioNamespace: istio-system + # List of cert-signers to allow "approve" action in the istio cluster role + # + # certSigners: + # - clusterissuers.cert-manager.io/istio-ca + certSigners: [] + # enable pod disruption budget for the control plane, which is used to + # ensure Istio control plane components are gradually upgraded or recovered. + defaultPodDisruptionBudget: + enabled: true + # The values aren't mutable due to a current PodDisruptionBudget limitation + # minAvailable: 1 + + # A minimal set of requested resources to applied to all deployments so that + # Horizontal Pod Autoscaler will be able to function (if set). + # Each component can overwrite these default values by adding its own resources + # block in the relevant section below and setting the desired resources values. + defaultResources: + requests: + cpu: 10m + # memory: 128Mi + # limits: + # cpu: 100m + # memory: 128Mi + + # Default hub for Istio images. + # Releases are published to docker hub under 'istio' project. + # Dev builds from prow are on gcr.io + hub: gcr.io/istio-release + # Default tag for Istio images. + tag: 1.28.3 + # Variant of the image to use. + # Currently supported are: [debug, distroless] + variant: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent. + imagePullPolicy: "" + + # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) + # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + # - private-registry-key + + # Enabled by default in master for maximising testing. + istiod: + enableAnalysis: false + + # To output all istio components logs in json format by adding --log_as_json argument to each container argument + logAsJson: false + + # In order to use native nftable rules instead of iptable rules, set this flag to true. + nativeNftables: false + + # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: + # The control plane has different scopes depending on component, but can configure default log level across all components + # If empty, default scope and level will be used as configured in code + logging: + level: "default:info" + + # When enabled, default NetworkPolicy resources will be created + networkPolicy: + enabled: false + + omitSidecarInjectorConfigMap: false + + # resourceScope controls what resources will be processed by helm. + # This is useful when installing Istio on a cluster where some resources need to be owned by a cluster administrator and some can be owned by the mesh administrator. + # It can be one of: + # - all: all resources are processed + # - cluster: only cluster-scoped resources are processed + # - namespace: only namespace-scoped resources are processed + resourceScope: all + + # Configure whether Operator manages webhook configurations. The current behavior + # of Istiod is to manage its own webhook configurations. + # When this option is set as true, Istio Operator, instead of webhooks, manages the + # webhook configurations. When this option is set as false, webhooks manage their + # own webhook configurations. + operatorManageWebhooks: false + + # Custom DNS config for the pod to resolve names of services in other + # clusters. Use this to add additional search domains, and other settings. + # see + # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config + # This does not apply to gateway pods as they typically need a different + # set of DNS settings than the normal application pods (e.g., in + # multicluster scenarios). + # NOTE: If using templates, follow the pattern in the commented example below. + #podDNSSearchNamespaces: + #- global + #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" + + # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and + # system-node-critical, it is better to configure this in order to make sure your Istio pods + # will not be killed because of low priority class. + # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + # for more detail. + priorityClassName: "" + + proxy: + image: proxyv2 + + # This controls the 'policy' in the sidecar injector. + autoInject: enabled + + # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value + # cluster domain. Default value is "cluster.local". + clusterDomain: "cluster.local" + + # Per Component log level for proxy, applies to gateways and sidecars. If a component level is + # not set, then the global "logLevel" will be used. + componentLogLevel: "misc:error" + + # istio ingress capture allowlist + # examples: + # Redirect only selected ports: --includeInboundPorts="80,8080" + excludeInboundPorts: "" + includeInboundPorts: "*" + + # istio egress capture allowlist + # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly + # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" + # would only capture egress traffic on those two IP Ranges, all other outbound traffic would + # be allowed by the sidecar + includeIPRanges: "*" + excludeIPRanges: "" + includeOutboundPorts: "" + excludeOutboundPorts: "" + + # Log level for proxy, applies to gateways and sidecars. + # Expected values are: trace|debug|info|warning|error|critical|off + logLevel: warning + + # Specify the path to the outlier event log. + # Example: /dev/stdout + outlierLogPath: "" + + #If set to true, istio-proxy container will have privileged securityContext + privileged: false + + seccompProfile: {} + + # The number of successive failed probes before indicating readiness failure. + readinessFailureThreshold: 4 + + # The initial delay for readiness probes in seconds. + readinessInitialDelaySeconds: 0 + + # The period between readiness probes. + readinessPeriodSeconds: 15 + + # Enables or disables a startup probe. + # For optimal startup times, changing this should be tied to the readiness probe values. + # + # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. + # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), + # and doesn't spam the readiness endpoint too much + # + # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. + # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. + startupProbe: + enabled: true + failureThreshold: 600 # 10 minutes + + # Resources for the sidecar. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 2000m + memory: 1024Mi + + # Default port for Pilot agent health checks. A value of 0 will disable health checking. + statusPort: 15020 + + # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. + # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. + tracer: "none" + + proxy_init: + # Base name for the proxy_init container, used to configure iptables. + image: proxyv2 + # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. + # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. + forceApplyIptables: false + + # configure remote pilot and istiod service and endpoint + remotePilotAddress: "" + + ############################################################################################## + # The following values are found in other charts. To effectively modify these values, make # + # make sure they are consistent across your Istio helm charts # + ############################################################################################## + + # The customized CA address to retrieve certificates for the pods in the cluster. + # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. + # If not set explicitly, default to the Istio discovery address. + caAddress: "" + + # Enable control of remote clusters. + externalIstiod: false + + # Configure a remote cluster as the config cluster for an external istiod. + configCluster: false + + # configValidation enables the validation webhook for Istio configuration. + configValidation: true + + # Mesh ID means Mesh Identifier. It should be unique within the scope where + # meshes will interact with each other, but it is not required to be + # globally/universally unique. For example, if any of the following are true, + # then two meshes must have different Mesh IDs: + # - Meshes will have their telemetry aggregated in one place + # - Meshes will be federated together + # - Policy will be written referencing one mesh from the other + # + # If an administrator expects that any of these conditions may become true in + # the future, they should ensure their meshes have different Mesh IDs + # assigned. + # + # Within a multicluster mesh, each cluster must be (manually or auto) + # configured to have the same Mesh ID value. If an existing cluster 'joins' a + # multicluster mesh, it will need to be migrated to the new mesh ID. Details + # of migration TBD, and it may be a disruptive operation to change the Mesh + # ID post-install. + # + # If the mesh admin does not specify a value, Istio will use the value of the + # mesh's Trust Domain. The best practice is to select a proper Trust Domain + # value. + meshID: "" + + # Configure the mesh networks to be used by the Split Horizon EDS. + # + # The following example defines two networks with different endpoints association methods. + # For `network1` all endpoints that their IP belongs to the provided CIDR range will be + # mapped to network1. The gateway for this network example is specified by its public IP + # address and port. + # The second network, `network2`, in this example is defined differently with all endpoints + # retrieved through the specified Multi-Cluster registry being mapped to network2. The + # gateway is also defined differently with the name of the gateway service on the remote + # cluster. The public IP for the gateway will be determined from that remote service (only + # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, + # it still need to be configured manually). + # + # meshNetworks: + # network1: + # endpoints: + # - fromCidr: "192.168.0.1/24" + # gateways: + # - address: 1.1.1.1 + # port: 80 + # network2: + # endpoints: + # - fromRegistry: reg1 + # gateways: + # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local + # port: 443 + # + meshNetworks: {} + + # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. + mountMtlsCerts: false + + multiCluster: + # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection + # to properly label proxies + clusterName: "" + + # Network defines the network this cluster belong to. This name + # corresponds to the networks in the map of mesh networks. + network: "" + + # Configure the certificate provider for control plane communication. + # Currently, two providers are supported: "kubernetes" and "istiod". + # As some platforms may not have kubernetes signing APIs, + # Istiod is the default + pilotCertProvider: istiod + + sds: + # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. + # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the + # JWT is intended for the CA. + token: + aud: istio-ca + + sts: + # The service port used by Security Token Service (STS) server to handle token exchange requests. + # Setting this port to a non-zero value enables STS server. + servicePort: 0 + + # The name of the CA for workload certificates. + # For example, when caName=GkeWorkloadCertificate, GKE workload certificates + # will be used as the certificates for workloads. + # The default value is "" and when caName="", the CA will be configured by other + # mechanisms (e.g., environmental variable CA_PROVIDER). + caName: "" + + waypoint: + # Resources for the waypoint proxy. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: "2" + memory: 1Gi + + # If specified, affinity defines the scheduling constraints of waypoint pods. + affinity: {} + + # Topology Spread Constraints for the waypoint proxy. + topologySpreadConstraints: [] + + # Node labels for the waypoint proxy. + nodeSelector: {} + + # Tolerations for the waypoint proxy. + tolerations: [] + + base: + # For istioctl usage to disable istio config crds in base + enableIstioConfigCRDs: true + + # Gateway Settings + gateways: + # Define the security context for the pod. + # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. + # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. + securityContext: {} + + # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it + seccompProfile: {} + + # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. + # For example: + # gatewayClasses: + # istio: + # service: + # spec: + # type: ClusterIP + # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. + gatewayClasses: {} + + pdb: + # -- Minimum available pods set in PodDisruptionBudget. + # Define either 'minAvailable' or 'maxUnavailable', never both. + minAvailable: 1 + # -- Maximum unavailable pods set in PodDisruptionBudget. If set, 'minAvailable' is ignored. + # maxUnavailable: 1 + # -- Eviction policy for unhealthy pods guarded by PodDisruptionBudget. + # Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ + unhealthyPodEvictionPolicy: "" diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/Chart.yaml b/resources/v1.28.3/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/Chart.yaml rename to resources/v1.28.3/charts/ztunnel/Chart.yaml index 967fa215e..d09d91961 100644 --- a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/Chart.yaml +++ b/resources/v1.28.3/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 +appVersion: 1.28.3 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 +version: 1.28.3 diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/README.md b/resources/v1.28.3/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/README.md rename to resources/v1.28.3/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.28.3/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.28.3/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.28.3/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.28.3/charts/ztunnel/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 000000000..d04117bfc --- /dev/null +++ b/resources/v1.28.3/charts/ztunnel/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,14 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.28.3/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.28.3/charts/ztunnel/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 000000000..8fe80112b --- /dev/null +++ b/resources/v1.28.3/charts/ztunnel/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.28.3/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.28.3/charts/ztunnel/files/profile-compatibility-version-1.27.yaml new file mode 100644 index 000000000..209157ccc --- /dev/null +++ b/resources/v1.28.3/charts/ztunnel/files/profile-compatibility-version-1.27.yaml @@ -0,0 +1,9 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.28 behavioral changes + DISABLE_SHADOW_HOST_SUFFIX: "false" + PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY: "false" diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-demo.yaml b/resources/v1.28.3/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.28.3/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.28.3/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.28.3/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.28.3/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.28.3/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.28.3/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.28.3/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.28.3/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.28.3/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.28.3/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.28.3/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.28.3/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.28.3/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-preview.yaml b/resources/v1.28.3/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.28.3/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-remote.yaml b/resources/v1.28.3/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.28.3/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-stable.yaml b/resources/v1.28.3/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.28.3/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/NOTES.txt b/resources/v1.28.3/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/NOTES.txt rename to resources/v1.28.3/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/_helpers.tpl b/resources/v1.28.3/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.28.3/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.28.3/charts/ztunnel/templates/daemonset.yaml b/resources/v1.28.3/charts/ztunnel/templates/daemonset.yaml new file mode 100644 index 000000000..b10e99cfa --- /dev/null +++ b/resources/v1.28.3/charts/ztunnel/templates/daemonset.yaml @@ -0,0 +1,212 @@ +{{- if or (eq .Values.resourceScope "all") (eq .Values.resourceScope "namespace") }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +spec: + {{- with .Values.updateStrategy }} + updateStrategy: + {{- toYaml . | nindent 4 }} + {{- end }} + selector: + matchLabels: + app: ztunnel + template: + metadata: + labels: + sidecar.istio.io/inject: "false" + istio.io/dataplane-mode: none + app: ztunnel + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 8}} +{{ with .Values.podLabels -}}{{ toYaml . | indent 8 }}{{ end }} + annotations: + sidecar.istio.io/inject: "false" +{{- if .Values.revision }} + istio.io/rev: {{ .Values.revision }} +{{- end }} +{{ with .Values.podAnnotations -}}{{ toYaml . | indent 8 }}{{ end }} + spec: + nodeSelector: + kubernetes.io/os: linux +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | trim | indent 8 }} +{{- end }} + serviceAccountName: {{ include "ztunnel.release-name" . }} +{{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | trim | indent 8 }} +{{- end }} + containers: + - name: istio-proxy +{{- if contains "/" .Values.image }} + image: "{{ .Values.image }}" +{{- else }} + image: "{{ .Values.hub }}/{{ .Values.image | default "ztunnel" }}:{{ .Values.tag }}{{with (.Values.variant )}}-{{.}}{{end}}" +{{- end }} + ports: + - containerPort: 15020 + name: ztunnel-stats + protocol: TCP + resources: +{{- if .Values.resources }} +{{ toYaml .Values.resources | trim | indent 10 }} +{{- end }} +{{- with .Values.imagePullPolicy }} + imagePullPolicy: {{ . }} +{{- end }} + securityContext: + # K8S docs are clear that CAP_SYS_ADMIN *or* privileged: true + # both force this to `true`: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # But there is a K8S validation bug that doesn't propery catch this: https://github.com/kubernetes/kubernetes/issues/119568 + allowPrivilegeEscalation: true + privileged: false + capabilities: + drop: + - ALL + add: # See https://man7.org/linux/man-pages/man7/capabilities.7.html + - NET_ADMIN # Required for TPROXY and setsockopt + - SYS_ADMIN # Required for `setns` - doing things in other netns + - NET_RAW # Required for RAW/PACKET sockets, TPROXY + readOnlyRootFilesystem: true + runAsGroup: 1337 + runAsNonRoot: false + runAsUser: 0 +{{- if .Values.seLinuxOptions }} + seLinuxOptions: +{{ toYaml .Values.seLinuxOptions | trim | indent 12 }} +{{- end }} + readinessProbe: + httpGet: + port: 15021 + path: /healthz/ready + args: + - proxy + - ztunnel + env: + - name: CA_ADDRESS + {{- if .Values.caAddress }} + value: {{ .Values.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 + {{- end }} + - name: XDS_ADDRESS + {{- if .Values.xdsAddress }} + value: {{ .Values.xdsAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 + {{- end }} + {{- if .Values.logAsJson }} + - name: LOG_FORMAT + value: json + {{- end}} + {{- if .Values.network }} + - name: NETWORK + value: {{ .Values.network | quote }} + {{- end }} + - name: RUST_LOG + value: {{ .Values.logLevel | quote }} + - name: RUST_BACKTRACE + value: "1" + - name: ISTIO_META_CLUSTER_ID + value: {{ .Values.multiCluster.clusterName | default "Kubernetes" }} + - name: INPOD_ENABLED + value: "true" + - name: TERMINATION_GRACE_PERIOD_SECONDS + value: "{{ .Values.terminationGracePeriodSeconds }}" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.meshConfig.defaultConfig.proxyMetadata }} + {{- range $key, $value := .Values.meshConfig.defaultConfig.proxyMetadata}} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + - name: ZTUNNEL_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + {{- with .Values.env }} + {{- range $key, $val := . }} + - name: {{ $key }} + value: "{{ $val }}" + {{- end }} + {{- end }} + volumeMounts: + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + - mountPath: /var/run/secrets/tokens + name: istio-token + - mountPath: /var/run/ztunnel + name: cni-ztunnel-sock-dir + - mountPath: /tmp + name: tmp + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + priorityClassName: system-node-critical + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + volumes: + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: istio-ca + - name: istiod-ca-cert + {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + - name: cni-ztunnel-sock-dir + hostPath: + path: /var/run/ztunnel + type: DirectoryOrCreate # ideally this would be a socket, but istio-cni may not have started yet. + # pprof needs a writable /tmp, and we don't have that thanks to `readOnlyRootFilesystem: true`, so mount one + - name: tmp + emptyDir: {} + {{- with .Values.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/rbac.yaml b/resources/v1.28.3/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/rbac.yaml rename to resources/v1.28.3/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.28.3/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.28.3/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.28.3/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.28.3/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.28.3/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.28.3/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.28.3/charts/ztunnel/values.yaml b/resources/v1.28.3/charts/ztunnel/values.yaml new file mode 100644 index 000000000..873922159 --- /dev/null +++ b/resources/v1.28.3/charts/ztunnel/values.yaml @@ -0,0 +1,136 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + # Hub to pull from. Image will be `Hub/Image:Tag-Variant` + hub: gcr.io/istio-release + # Tag to pull from. Image will be `Hub/Image:Tag-Variant` + tag: 1.28.3 + # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. + variant: "" + + # Image name to pull from. Image will be `Hub/Image:Tag-Variant` + # If Image contains a "/", it will replace the entire `image` in the pod. + image: ztunnel + + # Same as `global.network`, but will override it if set. + # Network defines the network this cluster belong to. This name + # corresponds to the networks in the map of mesh networks. + network: "" + + # resourceName, if set, will override the naming of resources. If not set, will default to 'ztunnel'. + # If you set this, you MUST also set `trustedZtunnelName` in the `istiod` chart. + resourceName: "" + + # Labels to apply to all top level resources + labels: {} + # Annotations to apply to all top level resources + annotations: {} + + # Additional volumeMounts to the ztunnel container + volumeMounts: [] + + # Additional volumes to the ztunnel pod + volumes: [] + + # Tolerations for the ztunnel pod + tolerations: + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + + # Annotations added to each pod. The default annotations are required for scraping prometheus (in most environments). + podAnnotations: + prometheus.io/port: "15020" + prometheus.io/scrape: "true" + + # Additional labels to apply on the pod level + podLabels: {} + + # Pod resource configuration + resources: + requests: + cpu: 200m + # Ztunnel memory scales with the size of the cluster and traffic load + # While there are many factors, this is enough for ~200k pod cluster or 100k concurrently open connections. + memory: 512Mi + + resourceQuotas: + enabled: false + pods: 5000 + + # List of secret names to add to the service account as image pull secrets + imagePullSecrets: [] + + # A `key: value` mapping of environment variables to add to the pod + env: {} + + # Override for the pod imagePullPolicy + imagePullPolicy: "" + + # Settings for multicluster + multiCluster: + # The name of the cluster we are installing in. Note this is a user-defined name, which must be consistent + # with Istiod configuration. + clusterName: "" + + # meshConfig defines runtime configuration of components. + # For ztunnel, only defaultConfig is used, but this is nested under `meshConfig` for consistency with other + # components. + # TODO: https://github.com/istio/istio/issues/43248 + meshConfig: + defaultConfig: + proxyMetadata: {} + + # This value defines: + # 1. how many seconds kube waits for ztunnel pod to gracefully exit before forcibly terminating it (this value) + # 2. how many seconds ztunnel waits to drain its own connections (this value - 1 sec) + # Default K8S value is 30 seconds + terminationGracePeriodSeconds: 30 + + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + # Used to locate the XDS and CA, if caAddress or xdsAddress are not set explicitly. + revision: "" + + # The customized CA address to retrieve certificates for the pods in the cluster. + # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. + caAddress: "" + + # The customized XDS address to retrieve configuration. + # This should include the port - 15012 for Istiod. TLS will be used with the certificates in "istiod-ca-cert" secret. + # By default, it is istiod.istio-system.svc:15012 if revision is not set, or istiod-..svc:15012 + xdsAddress: "" + + # Used to locate the XDS and CA, if caAddress or xdsAddress are not set. + istioNamespace: istio-system + + # Configuration log level of ztunnel binary, default is info. + # Valid values are: trace, debug, info, warn, error + logLevel: info + + # To output all logs in json format + logAsJson: false + + # Set to `type: RuntimeDefault` to use the default profile if available. + seLinuxOptions: {} + # TODO Ambient inpod - for OpenShift, set to the following to get writable sockets in hostmounts to work, eventually consider CSI driver instead + #seLinuxOptions: + # type: spc_t + + # resourceScope controls what resources will be processed by helm. + # This is useful when installing Istio on a cluster where some resources need to be owned by a cluster administrator and some can be owned by the mesh administrator. + # It can be one of: + # - all: all resources are processed + # - cluster: only cluster-scoped resources are processed + # - namespace: only namespace-scoped resources are processed + resourceScope: all + + # K8s DaemonSet update strategy. + # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 diff --git a/resources/v1.28.3/cni-1.28.3.tgz.etag b/resources/v1.28.3/cni-1.28.3.tgz.etag new file mode 100644 index 000000000..45b88f41b --- /dev/null +++ b/resources/v1.28.3/cni-1.28.3.tgz.etag @@ -0,0 +1 @@ +2fdce22e41dcf85b354a52ac22b38545 diff --git a/resources/v1.28.3/commit b/resources/v1.28.3/commit new file mode 100644 index 000000000..ac786b645 --- /dev/null +++ b/resources/v1.28.3/commit @@ -0,0 +1 @@ +1.28.3 diff --git a/resources/v1.28.3/gateway-1.28.3.tgz.etag b/resources/v1.28.3/gateway-1.28.3.tgz.etag new file mode 100644 index 000000000..6d1418137 --- /dev/null +++ b/resources/v1.28.3/gateway-1.28.3.tgz.etag @@ -0,0 +1 @@ +87531546798e63fea2011e05bf043b92 diff --git a/resources/v1.28.3/istiod-1.28.3.tgz.etag b/resources/v1.28.3/istiod-1.28.3.tgz.etag new file mode 100644 index 000000000..a2304b67b --- /dev/null +++ b/resources/v1.28.3/istiod-1.28.3.tgz.etag @@ -0,0 +1 @@ +80b4ccabd73127664f7e5eb5ee7ae6c9 diff --git a/resources/v1.30-alpha.4d7a765c/profiles/ambient.yaml b/resources/v1.28.3/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/profiles/ambient.yaml rename to resources/v1.28.3/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.4d7a765c/profiles/default.yaml b/resources/v1.28.3/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/profiles/default.yaml rename to resources/v1.28.3/profiles/default.yaml diff --git a/resources/v1.30-alpha.4d7a765c/profiles/demo.yaml b/resources/v1.28.3/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/profiles/demo.yaml rename to resources/v1.28.3/profiles/demo.yaml diff --git a/resources/v1.30-alpha.4d7a765c/profiles/empty.yaml b/resources/v1.28.3/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/profiles/empty.yaml rename to resources/v1.28.3/profiles/empty.yaml diff --git a/resources/v1.30-alpha.4d7a765c/profiles/openshift-ambient.yaml b/resources/v1.28.3/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/profiles/openshift-ambient.yaml rename to resources/v1.28.3/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.4d7a765c/profiles/openshift.yaml b/resources/v1.28.3/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/profiles/openshift.yaml rename to resources/v1.28.3/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.4d7a765c/profiles/preview.yaml b/resources/v1.28.3/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/profiles/preview.yaml rename to resources/v1.28.3/profiles/preview.yaml diff --git a/resources/v1.30-alpha.4d7a765c/profiles/remote.yaml b/resources/v1.28.3/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/profiles/remote.yaml rename to resources/v1.28.3/profiles/remote.yaml diff --git a/resources/v1.30-alpha.4d7a765c/profiles/stable.yaml b/resources/v1.28.3/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/profiles/stable.yaml rename to resources/v1.28.3/profiles/stable.yaml diff --git a/resources/v1.28.3/ztunnel-1.28.3.tgz.etag b/resources/v1.28.3/ztunnel-1.28.3.tgz.etag new file mode 100644 index 000000000..c12377522 --- /dev/null +++ b/resources/v1.28.3/ztunnel-1.28.3.tgz.etag @@ -0,0 +1 @@ +f1b915596d91081396743c9ab367bdf0 diff --git a/resources/v1.30-alpha.4d7a765c/base-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag b/resources/v1.30-alpha.4d7a765c/base-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag deleted file mode 100644 index 85334ecd1..000000000 --- a/resources/v1.30-alpha.4d7a765c/base-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -283d611e14bd90c04e8f8d9c69540d40 diff --git a/resources/v1.30-alpha.4d7a765c/cni-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag b/resources/v1.30-alpha.4d7a765c/cni-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag deleted file mode 100644 index ea7eaaa42..000000000 --- a/resources/v1.30-alpha.4d7a765c/cni-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -6b939885527922016788785fbfe7da24 diff --git a/resources/v1.30-alpha.4d7a765c/commit b/resources/v1.30-alpha.4d7a765c/commit deleted file mode 100644 index 721d81ee2..000000000 --- a/resources/v1.30-alpha.4d7a765c/commit +++ /dev/null @@ -1 +0,0 @@ -4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 diff --git a/resources/v1.30-alpha.4d7a765c/gateway-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag b/resources/v1.30-alpha.4d7a765c/gateway-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag deleted file mode 100644 index 0f444fa27..000000000 --- a/resources/v1.30-alpha.4d7a765c/gateway-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -b70d32150167b3535875943d7c49a0f2 diff --git a/resources/v1.30-alpha.4d7a765c/istiod-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag b/resources/v1.30-alpha.4d7a765c/istiod-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag deleted file mode 100644 index f3cf30bf1..000000000 --- a/resources/v1.30-alpha.4d7a765c/istiod-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -7e66f963be0cc5475febc19e0b8de31e diff --git a/resources/v1.30-alpha.4d7a765c/ztunnel-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag b/resources/v1.30-alpha.4d7a765c/ztunnel-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag deleted file mode 100644 index 6c5c9a8ee..000000000 --- a/resources/v1.30-alpha.4d7a765c/ztunnel-1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -7aebb7ed2739fd7d3d33c3fe8ec8ced7 diff --git a/resources/v1.30-alpha.941c7435/base-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag b/resources/v1.30-alpha.941c7435/base-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag new file mode 100644 index 000000000..384d307b2 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/base-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag @@ -0,0 +1 @@ +ef28ce92284285af18772f29ced1cbb6 diff --git a/resources/v1.30-alpha.941c7435/charts/base/Chart.yaml b/resources/v1.30-alpha.941c7435/charts/base/Chart.yaml new file mode 100644 index 000000000..4adcc033b --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +description: Helm chart for deploying Istio cluster resources and CRDs +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio +name: base +sources: +- https://github.com/istio/istio +version: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 diff --git a/resources/v1.30-alpha.941c7435/charts/base/README.md b/resources/v1.30-alpha.941c7435/charts/base/README.md new file mode 100644 index 000000000..ae8f6d5b0 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/README.md @@ -0,0 +1,35 @@ +# Istio base Helm Chart + +This chart installs resources shared by all Istio revisions. This includes Istio CRDs. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `istio-base`: + +```console +kubectl create namespace istio-system +helm install istio-base istio/base -n istio-system +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.941c7435/charts/base/files/profile-ambient.yaml new file mode 100644 index 000000000..495fbcd43 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.941c7435/charts/base/files/profile-demo.yaml new file mode 100644 index 000000000..d6dc36dd0 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-gke.yaml new file mode 100644 index 000000000..dfe8a7d74 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-k3d.yaml new file mode 100644 index 000000000..cd86d9ec5 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-k3s.yaml new file mode 100644 index 000000000..07820106d --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-microk8s.yaml new file mode 100644 index 000000000..57d7f5e3c --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-minikube.yaml new file mode 100644 index 000000000..fa9992e20 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-openshift.yaml new file mode 100644 index 000000000..8ddc5e165 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.941c7435/charts/base/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.941c7435/charts/base/files/profile-remote.yaml new file mode 100644 index 000000000..d17b9a801 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.941c7435/charts/base/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.941c7435/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.941c7435/charts/base/templates/NOTES.txt new file mode 100644 index 000000000..f12616f57 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/templates/NOTES.txt @@ -0,0 +1,5 @@ +Istio base successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.30-alpha.941c7435/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.941c7435/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml new file mode 100644 index 000000000..30049df98 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml @@ -0,0 +1,55 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +{{- if and .Values.experimental.stableValidationPolicy (not (eq .Values.defaultRevision "")) }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicy +metadata: + name: "stable-channel-default-policy.istio.io" + labels: + release: {{ .Release.Name }} + istio: istiod + istio.io/rev: {{ .Values.defaultRevision }} + app.kubernetes.io/name: "istiod" + {{ include "istio.labels" . | nindent 4 }} +spec: + failurePolicy: Fail + matchConstraints: + resourceRules: + - apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: ["*"] + operations: ["CREATE", "UPDATE"] + resources: ["*"] + variables: + - name: isEnvoyFilter + expression: "object.kind == 'EnvoyFilter'" + - name: isWasmPlugin + expression: "object.kind == 'WasmPlugin'" + - name: isProxyConfig + expression: "object.kind == 'ProxyConfig'" + - name: isTelemetry + expression: "object.kind == 'Telemetry'" + validations: + - expression: "!variables.isEnvoyFilter" + - expression: "!variables.isWasmPlugin" + - expression: "!variables.isProxyConfig" + - expression: | + !( + variables.isTelemetry && ( + (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || + (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || + (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) + ) + ) +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicyBinding +metadata: + name: "stable-channel-default-policy-binding.istio.io" +spec: + policyName: "stable-channel-default-policy.istio.io" + validationActions: [Deny] +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.941c7435/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml new file mode 100644 index 000000000..dcd16e964 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml @@ -0,0 +1,58 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +{{- if not (eq .Values.defaultRevision "") }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: istiod-default-validator + labels: + app: istiod + release: {{ .Release.Name }} + istio: istiod + istio.io/rev: {{ .Values.defaultRevision | quote }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +webhooks: + - name: validation.istio.io + clientConfig: + {{- if .Values.base.validationURL }} + url: {{ .Values.base.validationURL }} + {{- else }} + service: + {{- if (eq .Values.defaultRevision "default") }} + name: istiod + {{- else }} + name: istiod-{{ .Values.defaultRevision }} + {{- end }} + namespace: {{ .Values.global.istioNamespace }} + path: "/validate" + {{- end }} + {{- if .Values.base.validationCABundle }} + caBundle: "{{ .Values.base.validationCABundle }}" + {{- end }} + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: + - "*" + resources: + - "*" + + {{- if .Values.base.validationCABundle }} + # Disable webhook controller in Pilot to stop patching it + failurePolicy: Fail + {{- else }} + # Fail open until the validation webhook is ready. The webhook controller + # will update this to `Fail` and patch in the `caBundle` when the webhook + # endpoint is ready. + failurePolicy: Ignore + {{- end }} + sideEffects: None + admissionReviewVersions: ["v1"] +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.941c7435/charts/base/templates/reader-serviceaccount.yaml new file mode 100644 index 000000000..bb7a74ff4 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/templates/reader-serviceaccount.yaml @@ -0,0 +1,22 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# This singleton service account aggregates reader permissions for the revisions in a given cluster +# ATM this is a singleton per cluster with Istio installed, and is not revisioned. It maybe should be, +# as otherwise compromising the token for this SA would give you access to *every* installed revision. +# Should be used for remote secret creation. +apiVersion: v1 +kind: ServiceAccount + {{- if .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +metadata: + name: istio-reader-service-account + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istio-reader + release: {{ .Release.Name }} + app.kubernetes.io/name: "istio-reader" + {{- include "istio.labels" . | nindent 4 }} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.941c7435/charts/base/templates/zzz_profile.yaml new file mode 100644 index 000000000..3d8495648 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.941c7435/charts/base/values.yaml b/resources/v1.30-alpha.941c7435/charts/base/values.yaml new file mode 100644 index 000000000..8353c57d6 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/base/values.yaml @@ -0,0 +1,45 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + global: + + # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + + # Used to locate istiod. + istioNamespace: istio-system + + # resourceScope controls what resources will be processed by helm. + # This is useful when installing Istio on a cluster where some resources need to be owned by a cluster administrator and some can be owned by the mesh administrator. + # It can be one of: + # - all: all resources are processed + # - cluster: only cluster-scoped resources are processed + # - namespace: only namespace-scoped resources are processed + resourceScope: all + base: + # A list of CRDs to exclude. Requires `enableCRDTemplates` to be true. + # Example: `excludedCRDs: ["envoyfilters.networking.istio.io"]`. + # Note: when installing with `istioctl`, `enableIstioConfigCRDs=false` must also be set. + excludedCRDs: [] + # Helm (as of V3) does not support upgrading CRDs, because it is not universally + # safe for them to support this. + # Istio as a project enforces certain backwards-compat guarantees that allow us + # to safely upgrade CRDs in spite of this, so we default to self-managing CRDs + # as standard K8S resources in Helm, and disable Helm's CRD management. See also: + # https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts + enableCRDTemplates: true + + # Validation webhook configuration url + # For example: https://$remotePilotAddress:15017/validate + validationURL: "" + # Validation webhook caBundle value. Useful when running pilot with a well known cert + validationCABundle: "" + + # For istioctl usage to disable istio config crds in base + enableIstioConfigCRDs: true + + defaultRevision: "default" + experimental: + stableValidationPolicy: false diff --git a/resources/v1.30-alpha.941c7435/charts/cni/Chart.yaml b/resources/v1.30-alpha.941c7435/charts/cni/Chart.yaml new file mode 100644 index 000000000..2f5562424 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +appVersion: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +description: Helm chart for istio-cni components +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio-cni +- istio +name: cni +sources: +- https://github.com/istio/istio +version: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 diff --git a/resources/v1.30-alpha.941c7435/charts/cni/README.md b/resources/v1.30-alpha.941c7435/charts/cni/README.md new file mode 100644 index 000000000..f7e5cbd37 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/README.md @@ -0,0 +1,65 @@ +# Istio CNI Helm Chart + +This chart installs the Istio CNI Plugin. See the [CNI installation guide](https://istio.io/latest/docs/setup/additional-setup/cni/) +for more information. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `istio-cni`: + +```console +helm install istio-cni istio/cni -n kube-system +``` + +Installation in `kube-system` is recommended to ensure the [`system-node-critical`](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) +`priorityClassName` can be used. You can install in other namespace only on K8S clusters that allow +'system-node-critical' outside of kube-system. + +## Configuration + +To view supported configuration options and documentation, run: + +```console +helm show values istio/istio-cni +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. + +### Ambient + +To enable ambient, you can use the ambient profile: `--set profile=ambient`. + +#### Calico + +For Calico, you must also modify the settings to allow source spoofing: + +- if deployed by operator, `kubectl patch felixconfigurations default --type='json' -p='[{"op": "add", "path": "/spec/workloadSourceSpoofing", "value": "Any"}]'` +- if deployed by manifest, add env `FELIX_WORKLOADSOURCESPOOFING` with value `Any` in `spec.template.spec.containers.env` for daemonset `calico-node`. (This will allow PODs with specified annotation to skip the rpf check. ) + +### GKE notes + +On GKE, 'kube-system' is required. + +If using `helm template`, `--set cni.cniBinDir=/home/kubernetes/bin` is required - with `helm install` +it is auto-detected. diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-ambient.yaml new file mode 100644 index 000000000..495fbcd43 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-demo.yaml new file mode 100644 index 000000000..d6dc36dd0 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-gke.yaml new file mode 100644 index 000000000..dfe8a7d74 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-k3d.yaml new file mode 100644 index 000000000..cd86d9ec5 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-k3s.yaml new file mode 100644 index 000000000..07820106d --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-microk8s.yaml new file mode 100644 index 000000000..57d7f5e3c --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-minikube.yaml new file mode 100644 index 000000000..fa9992e20 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-openshift.yaml new file mode 100644 index 000000000..8ddc5e165 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-remote.yaml new file mode 100644 index 000000000..d17b9a801 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.941c7435/charts/cni/templates/NOTES.txt new file mode 100644 index 000000000..fb35525b9 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/templates/NOTES.txt @@ -0,0 +1,5 @@ +"{{ .Release.Name }}" successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.941c7435/charts/cni/templates/_helpers.tpl new file mode 100644 index 000000000..73cc17b2f --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/templates/_helpers.tpl @@ -0,0 +1,8 @@ +{{- define "name" -}} + istio-cni +{{- end }} + + +{{- define "istio-tag" -}} + {{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.941c7435/charts/cni/templates/clusterrole.yaml new file mode 100644 index 000000000..51af4ce7f --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/templates/clusterrole.yaml @@ -0,0 +1,84 @@ +# Created if cluster resources are not omitted +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +rules: +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +- apiGroups: [""] + resources: ["pods","nodes","namespaces"] + verbs: ["get", "list", "watch"] +{{- if (eq ((coalesce .Values.platform .Values.global.platform) | default "") "openshift") }} +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +{{- end }} +--- +{{- if .Values.repair.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-repair-role + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["watch", "get", "list"] +{{- if .Values.repair.repairPods }} +{{- /* No privileges needed*/}} +{{- else if .Values.repair.deletePods }} + - apiGroups: [""] + resources: ["pods"] + verbs: ["delete"] +{{- else if .Values.repair.labelPods }} + - apiGroups: [""] + {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} + resources: ["pods/status"] + verbs: ["patch", "update"] +{{- end }} +{{- end }} +--- +{{- if .Values.ambient.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-ambient + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} + resources: ["pods/status"] + verbs: ["patch", "update"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + resourceNames: ["{{ template "name" . }}-node"] + verbs: ["get"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.941c7435/charts/cni/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..60e3c28be --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/templates/clusterrolebinding.yaml @@ -0,0 +1,66 @@ +# Created if cluster resources are not omitted +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "name" . }} + namespace: {{ .Release.Namespace }} +--- +{{- if .Values.repair.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-repair-rolebinding + labels: + k8s-app: {{ template "name" . }}-repair + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ template "name" . }} + namespace: {{ .Release.Namespace}} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-repair-role +{{- end }} +--- +{{- if .Values.ambient.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-ambient + labels: + k8s-app: {{ template "name" . }}-repair + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ template "name" . }} + namespace: {{ .Release.Namespace}} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-ambient +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.941c7435/charts/cni/templates/configmap-cni.yaml new file mode 100644 index 000000000..98bc60ac0 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/templates/configmap-cni.yaml @@ -0,0 +1,43 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ template "name" . }}-config + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +data: + CURRENT_AGENT_VERSION: {{ .Values.tag | default .Values.global.tag | quote }} + AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} + AMBIENT_ENABLEMENT_SELECTOR: {{ .Values.ambient.enablementSelectors | toYaml | quote }} + AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | quote }} + AMBIENT_IPV6: {{ .Values.ambient.ipv6 | quote }} + AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | quote }} + {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values + CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. + {{- end }} + ISTIO_OWNED_CNI_CONFIG: {{ .Values.istioOwnedCNIConfig | quote }} + {{- if .Values.istioOwnedCNIConfig }} + ISTIO_OWNED_CNI_CONF_FILENAME: {{ .Values.istioOwnedCNIConfigFileName | quote }} + {{- end }} + CHAINED_CNI_PLUGIN: {{ .Values.chained | quote }} + EXCLUDE_NAMESPACES: "{{ range $idx, $ns := .Values.excludeNamespaces }}{{ if $idx }},{{ end }}{{ $ns }}{{ end }}" + REPAIR_ENABLED: {{ .Values.repair.enabled | quote }} + REPAIR_LABEL_PODS: {{ .Values.repair.labelPods | quote }} + REPAIR_DELETE_PODS: {{ .Values.repair.deletePods | quote }} + REPAIR_REPAIR_PODS: {{ .Values.repair.repairPods | quote }} + REPAIR_INIT_CONTAINER_NAME: {{ .Values.repair.initContainerName | quote }} + REPAIR_BROKEN_POD_LABEL_KEY: {{ .Values.repair.brokenPodLabelKey | quote }} + REPAIR_BROKEN_POD_LABEL_VALUE: {{ .Values.repair.brokenPodLabelValue | quote }} + NATIVE_NFTABLES: {{ .Values.global.nativeNftables | quote }} + {{- with .Values.env }} + {{- range $key, $val := . }} + {{ $key }}: "{{ $val }}" + {{- end }} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.941c7435/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.941c7435/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.941c7435/charts/cni/templates/network-attachment-definition.yaml new file mode 100644 index 000000000..37ef7c3e6 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/templates/network-attachment-definition.yaml @@ -0,0 +1,13 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +{{- if eq .Values.provider "multus" }} +apiVersion: k8s.cni.cncf.io/v1 +kind: NetworkAttachmentDefinition +metadata: + name: {{ template "name" . }} + namespace: default + labels: + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.941c7435/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.941c7435/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.941c7435/charts/cni/templates/resourcequota.yaml new file mode 100644 index 000000000..2e0be5ab4 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/templates/resourcequota.yaml @@ -0,0 +1,21 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +{{- if .Values.resourceQuotas.enabled }} +apiVersion: v1 +kind: ResourceQuota +metadata: + name: {{ template "name" . }}-resource-quota + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +spec: + hard: + pods: {{ .Values.resourceQuotas.pods | quote }} + scopeSelector: + matchExpressions: + - operator: In + scopeName: PriorityClass + values: + - system-node-critical +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.941c7435/charts/cni/templates/serviceaccount.yaml new file mode 100644 index 000000000..17c8e64a9 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/templates/serviceaccount.yaml @@ -0,0 +1,20 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +apiVersion: v1 +kind: ServiceAccount +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} +metadata: + name: {{ template "name" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.941c7435/charts/cni/templates/zzy_descope_legacy.yaml new file mode 100644 index 000000000..a9584ac29 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/templates/zzy_descope_legacy.yaml @@ -0,0 +1,3 @@ +{{/* Copy anything under `.cni` to `.`, to avoid the need to specify a redundant prefix. +Due to the file naming, this always happens after zzz_profile.yaml */}} +{{- $_ := mustMergeOverwrite $.Values (index $.Values "cni") }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.941c7435/charts/cni/templates/zzz_profile.yaml new file mode 100644 index 000000000..3d8495648 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/cni/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.4d7a765c/charts/cni/values.yaml b/resources/v1.30-alpha.941c7435/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.4d7a765c/charts/cni/values.yaml rename to resources/v1.30-alpha.941c7435/charts/cni/values.yaml index 4d671e339..c8e42469f 100644 --- a/resources/v1.30-alpha.4d7a765c/charts/cni/values.yaml +++ b/resources/v1.30-alpha.941c7435/charts/cni/values.yaml @@ -153,7 +153,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 + tag: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/Chart.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/Chart.yaml new file mode 100644 index 000000000..e554f98f6 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +appVersion: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +description: Helm chart for deploying Istio gateways +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio +- gateways +name: gateway +sources: +- https://github.com/istio/istio +type: application +version: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/README.md b/resources/v1.30-alpha.941c7435/charts/gateway/README.md new file mode 100644 index 000000000..6344859a2 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/README.md @@ -0,0 +1,170 @@ +# Istio Gateway Helm Chart + +This chart installs an Istio gateway deployment. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `istio-ingressgateway`: + +```console +helm install istio-ingressgateway istio/gateway +``` + +## Uninstalling the Chart + +To uninstall/delete the `istio-ingressgateway` deployment: + +```console +helm delete istio-ingressgateway +``` + +## Configuration + +To view supported configuration options and documentation, run: + +```console +helm show values istio/gateway +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. + +### OpenShift + +When deploying the gateway in an OpenShift cluster, use the `openshift` profile to override the default values, for example: + +```console +helm install istio-ingressgateway istio/gateway --set profile=openshift +``` + +### `image: auto` Information + +The image used by the chart, `auto`, may be unintuitive. +This exists because the pod spec will be automatically populated at runtime, using the same mechanism as [Sidecar Injection](istio.io/latest/docs/setup/additional-setup/sidecar-injection). +This allows the same configurations and lifecycle to apply to gateways as sidecars. + +Note: this does mean that the namespace the gateway is deployed in must not have the `istio-injection=disabled` label. +See [Controlling the injection policy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) for more info. + +### Examples + +#### Egress Gateway + +Deploying a Gateway to be used as an [Egress Gateway](https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/): + +```yaml +service: + # Egress gateways do not need an external LoadBalancer IP + type: ClusterIP +``` + +#### Multi-network/VM Gateway + +Deploying a Gateway to be used as a [Multi-network Gateway](https://istio.io/latest/docs/setup/install/multicluster/) for network `network-1`: + +```yaml +networkGateway: network-1 +``` + +### Migrating from other installation methods + +Installations from other installation methods (such as istioctl, Istio Operator, other helm charts, etc) can be migrated to use the new Helm charts +following the guidance below. +If you are able to, a clean installation is simpler. However, this often requires an external IP migration which can be challenging. + +WARNING: when installing over an existing deployment, the two deployments will be merged together by Helm, which may lead to unexpected results. + +#### Legacy Gateway Helm charts + +Istio historically offered two different charts - `manifests/charts/gateways/istio-ingress` and `manifests/charts/gateways/istio-egress`. +These are replaced by this chart. +While not required, it is recommended all new users use this chart, and existing users migrate when possible. + +This chart has the following benefits and differences: +* Designed with Helm best practices in mind (standardized values options, values schema, values are not all nested under `gateways.istio-ingressgateway.*`, release name and namespace taken into account, etc). +* Utilizes Gateway injection, simplifying upgrades, allowing gateways to run in any namespace, and avoiding repeating config for sidecars and gateways. +* Published to official Istio Helm repository. +* Single chart for all gateways (Ingress, Egress, East West). + +#### General concerns + +For a smooth migration, the resource names and `Deployment.spec.selector` labels must match. + +If you install with `helm install istio-gateway istio/gateway`, resources will be named `istio-gateway` and the `selector` labels set to: + +```yaml +app: istio-gateway +istio: gateway # the release name with leading istio- prefix stripped +``` + +If your existing installation doesn't follow these names, you can override them. For example, if you have resources named `my-custom-gateway` with `selector` labels +`foo=bar,istio=ingressgateway`: + +```yaml +name: my-custom-gateway # Override the name to match existing resources +labels: + app: "" # Unset default app selector label + istio: ingressgateway # override default istio selector label + foo: bar # Add the existing custom selector label +``` + +#### Migrating an existing Helm release + +An existing helm release can be `helm upgrade`d to this chart by using the same release name. For example, if a previous +installation was done like: + +```console +helm install istio-ingress manifests/charts/gateways/istio-ingress -n istio-system +``` + +It could be upgraded with + +```console +helm upgrade istio-ingress manifests/charts/gateway -n istio-system --set name=istio-ingressgateway --set labels.app=istio-ingressgateway --set labels.istio=ingressgateway +``` + +Note the name and labels are overridden to match the names of the existing installation. + +Warning: the helm charts here default to using port 80 and 443, while the old charts used 8080 and 8443. +If you have AuthorizationPolicies that reference port these ports, you should update them during this process, +or customize the ports to match the old defaults. +See the [security advisory](https://istio.io/latest/news/security/istio-security-2021-002/) for more information. + +#### Other migrations + +If you see errors like `rendered manifests contain a resource that already exists` during installation, you may need to forcibly take ownership. + +The script below can handle this for you. Replace `RELEASE` and `NAMESPACE` with the name and namespace of the release: + +```console +KINDS=(service deployment) +RELEASE=istio-ingressgateway +NAMESPACE=istio-system +for KIND in "${KINDS[@]}"; do + kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-name=$RELEASE + kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-namespace=$NAMESPACE + kubectl --namespace $NAMESPACE --overwrite=true label $KIND $RELEASE app.kubernetes.io/managed-by=Helm +done +``` + +You may ignore errors about resources not being found. diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-ambient.yaml new file mode 100644 index 000000000..495fbcd43 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-demo.yaml new file mode 100644 index 000000000..d6dc36dd0 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-gke.yaml new file mode 100644 index 000000000..dfe8a7d74 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-k3d.yaml new file mode 100644 index 000000000..cd86d9ec5 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-k3s.yaml new file mode 100644 index 000000000..07820106d --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-microk8s.yaml new file mode 100644 index 000000000..57d7f5e3c --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-minikube.yaml new file mode 100644 index 000000000..fa9992e20 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-openshift.yaml new file mode 100644 index 000000000..8ddc5e165 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-remote.yaml new file mode 100644 index 000000000..d17b9a801 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.941c7435/charts/gateway/templates/NOTES.txt new file mode 100644 index 000000000..fd0142911 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/templates/NOTES.txt @@ -0,0 +1,9 @@ +"{{ include "gateway.name" . }}" successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} + +Next steps: + * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ + * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.941c7435/charts/gateway/templates/_helpers.tpl new file mode 100644 index 000000000..e5a0a9b3c --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/templates/_helpers.tpl @@ -0,0 +1,40 @@ +{{- define "gateway.name" -}} +{{- if eq .Release.Name "RELEASE-NAME" -}} + {{- .Values.name | default "istio-ingressgateway" -}} +{{- else -}} + {{- .Values.name | default .Release.Name | default "istio-ingressgateway" -}} +{{- end -}} +{{- end }} + +{{- define "gateway.labels" -}} +{{ include "gateway.selectorLabels" . }} +{{- range $key, $val := .Values.labels }} +{{- if and (ne $key "app") (ne $key "istio") }} +{{ $key | quote }}: {{ $val | quote }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "gateway.selectorLabels" -}} +app: {{ (.Values.labels.app | quote) | default (include "gateway.name" .) }} +istio: {{ (.Values.labels.istio | quote) | default (include "gateway.name" . | trimPrefix "istio-") }} +{{- end }} + +{{/* +Keep sidecar injection labels together +https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy +*/}} +{{- define "gateway.sidecarInjectionLabels" -}} +sidecar.istio.io/inject: "true" +{{- with .Values.revision }} +istio.io/rev: {{ . | quote }} +{{- end }} +{{- end }} + +{{- define "gateway.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- .Values.serviceAccount.name | default (include "gateway.name" .) }} +{{- else }} +{{- .Values.serviceAccount.name | default "default" }} +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/templates/deployment.yaml new file mode 100644 index 000000000..1d8f93a47 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/templates/deployment.yaml @@ -0,0 +1,145 @@ +apiVersion: apps/v1 +kind: {{ .Values.kind | default "Deployment" }} +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + {{- if and (hasKey .Values "replicaCount") (ne .Values.replicaCount nil) }} + replicas: {{ .Values.replicaCount }} + {{- end }} + {{- end }} + {{- with .Values.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.minReadySeconds }} + minReadySeconds: {{ . }} + {{- end }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.sidecarInjectionLabels" . | nindent 8 }} + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 8}} + {{- range $key, $val := .Values.labels }} + {{- if and (ne $key "app") (ne $key "istio") }} + {{ $key | quote }}: {{ $val | quote }} + {{- end }} + {{- end }} + {{- with .Values.networkGateway }} + topology.istio.io/network: "{{.}}" + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.serviceAccountName" . }} + securityContext: + {{- if .Values.securityContext }} + {{- toYaml .Values.securityContext | nindent 8 }} + {{- else }} + # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326 + sysctls: + - name: net.ipv4.ip_unprivileged_port_start + value: "0" + {{- end }} + {{- with .Values.volumes }} + volumes: + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: istio-proxy + # "auto" will be populated at runtime by the mutating webhook. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#customizing-injection + image: auto + {{- with .Values.imagePullPolicy }} + imagePullPolicy: {{ . }} + {{- end }} + securityContext: + {{- if .Values.containerSecurityContext }} + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- else }} + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + {{- if not (eq (.Values.platform | default "") "openshift") }} + runAsUser: 1337 + runAsGroup: 1337 + {{- end }} + runAsNonRoot: true + {{- end }} + env: + {{- with .Values.networkGateway }} + - name: ISTIO_META_REQUESTED_NETWORK_VIEW + value: "{{.}}" + {{- end }} + {{- range $key, $val := .Values.env }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + {{- with .Values.envVarFrom }} + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.lifecycle }} + lifecycle: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.additionalContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/templates/hpa.yaml new file mode 100644 index 000000000..64ecb6a4c --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/templates/hpa.yaml @@ -0,0 +1,40 @@ +{{- if and (.Values.autoscaling.enabled) (eq .Values.kind "Deployment") }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4 }} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: {{ .Values.kind | default "Deployment" }} + name: {{ include "gateway.name" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + type: Utilization + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + type: Utilization + {{- end }} + {{- if .Values.autoscaling.autoscaleBehavior }} + behavior: {{ toYaml .Values.autoscaling.autoscaleBehavior | nindent 4 }} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/templates/networkpolicy.yaml new file mode 100644 index 000000000..ea2fab97b --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/templates/networkpolicy.yaml @@ -0,0 +1,47 @@ +{{- if (.Values.global.networkPolicy).enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "gateway.name" . }}{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "gateway.name" . }} + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Gateway" + istio: {{ (.Values.labels.istio | quote) | default (include "gateway.name" . | trimPrefix "istio-") }} + release: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "gateway.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + policyTypes: + - Ingress + - Egress + ingress: + # Status/health check port + - from: [] + ports: + - protocol: TCP + port: 15021 + # Metrics endpoints for monitoring/prometheus + - from: [] + ports: + - protocol: TCP + port: 15020 + - protocol: TCP + port: 15090 + # Main gateway traffic ports +{{- if .Values.service.ports }} +{{- range .Values.service.ports }} + - from: [] + ports: + - protocol: {{ .protocol | default "TCP" }} + port: {{ .targetPort | default .port }} +{{- end }} +{{- end }} + egress: + # Allow all egress (gateways need to reach external services, istiod, and other cluster services) + - {} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/templates/poddisruptionbudget.yaml new file mode 100644 index 000000000..91869a0ea --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/templates/poddisruptionbudget.yaml @@ -0,0 +1,21 @@ +{{- if .Values.podDisruptionBudget }} +# a workaround for https://github.com/kubernetes/kubernetes/issues/93476 +{{- if or (and .Values.autoscaling.enabled (gt (int .Values.autoscaling.minReplicas) 1)) (and (not .Values.autoscaling.enabled) (gt (int .Values.replicaCount) 1)) }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} +spec: + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + {{- with .Values.podDisruptionBudget }} + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/templates/role.yaml new file mode 100644 index 000000000..3d1607963 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/templates/role.yaml @@ -0,0 +1,37 @@ +{{/*Set up roles for Istio Gateway. Not required for gateway-api*/}} +{{- if .Values.rbac.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "gateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "gateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "gateway.serviceAccountName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "gateway.serviceAccountName" . }} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/templates/service.yaml new file mode 100644 index 000000000..d172364d0 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/templates/service.yaml @@ -0,0 +1,78 @@ +{{- if not (eq .Values.service.type "None") }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.networkGateway }} + topology.istio.io/network: "{{.}}" + {{- end }} + annotations: + {{- merge (deepCopy .Values.service.annotations) .Values.annotations | toYaml | nindent 4 }} +spec: +{{- with .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ . }}" +{{- end }} +{{- if eq .Values.service.type "LoadBalancer" }} + {{- if hasKey .Values.service "allocateLoadBalancerNodePorts" }} + allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }} + {{- end }} + {{- if hasKey .Values.service "loadBalancerClass" }} + loadBalancerClass: {{ .Values.service.loadBalancerClass }} + {{- end }} +{{- end }} +{{- if .Values.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} +{{- end }} +{{- if .Values.service.ipFamilies }} + ipFamilies: +{{- range .Values.service.ipFamilies }} + - {{ . }} +{{- end }} +{{- end }} +{{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml . | indent 4 }} +{{- end }} +{{- with .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: "{{ . }}" +{{- end }} +{{- with .Values.service.internalTrafficPolicy }} + internalTrafficPolicy: "{{ . }}" +{{- end }} + type: {{ .Values.service.type }} +{{- if not (eq .Values.service.clusterIP "") }} + clusterIP: {{ .Values.service.clusterIP }} +{{- end }} + ports: +{{- if .Values.networkGateway }} + - name: status-port + port: 15021 + targetPort: 15021 + - name: tls + port: 15443 + targetPort: 15443 + - name: tls-istiod + port: 15012 + targetPort: 15012 + - name: tls-webhook + port: 15017 + targetPort: 15017 +{{- else }} +{{ .Values.service.ports | toYaml | indent 4 }} +{{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: {{- range .Values.service.externalIPs }} + - {{.}} + {{- end }} +{{- end }} + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + {{- with .Values.service.selectorLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/templates/serviceaccount.yaml new file mode 100644 index 000000000..c88afeadd --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/templates/zzz_profile.yaml new file mode 100644 index 000000000..606c55669 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if true }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.4d7a765c/charts/gateway/values.schema.json b/resources/v1.30-alpha.941c7435/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/gateway/values.schema.json rename to resources/v1.30-alpha.941c7435/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/values.yaml b/resources/v1.30-alpha.941c7435/charts/gateway/values.yaml new file mode 100644 index 000000000..d463634ec --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/gateway/values.yaml @@ -0,0 +1,204 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + # Name allows overriding the release name. Generally this should not be set + name: "" + # revision declares which revision this gateway is a part of + revision: "" + + # Controls the spec.replicas setting for the Gateway deployment if set. + # Otherwise defaults to Kubernetes Deployment default (1). + replicaCount: + + kind: Deployment + + rbac: + # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed + # when using http://gateway-api.org/. + enabled: true + + serviceAccount: + # If set, a service account will be created. Otherwise, the default is used + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set, the release name is used + name: "" + + podAnnotations: + prometheus.io/port: "15020" + prometheus.io/scrape: "true" + prometheus.io/path: "/stats/prometheus" + inject.istio.io/templates: "gateway" + sidecar.istio.io/inject: "true" + + # Define the security context for the pod. + # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. + # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. + securityContext: {} + containerSecurityContext: {} + + service: + # Type of service. Set to "None" to disable the service entirely + type: LoadBalancer + # Set to a specific ClusterIP, or "" for automatic assignment + clusterIP: "" + # Additional labels to add to the service selector + selectorLabels: {} + ports: + - name: status-port + port: 15021 + protocol: TCP + targetPort: 15021 + - name: http2 + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + annotations: {} + loadBalancerIP: "" + loadBalancerSourceRanges: [] + externalTrafficPolicy: "" + externalIPs: [] + ipFamilyPolicy: "" + ipFamilies: [] + ## Whether to automatically allocate NodePorts (only for LoadBalancers). + # allocateLoadBalancerNodePorts: false + ## Set LoadBalancer class (only for LoadBalancers). + # loadBalancerClass: "" + + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 2000m + memory: 1024Mi + + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: {} + autoscaleBehavior: {} + + # Pod environment variables + env: {} + + # Use envVarFrom to define full environment variable entries with complex sources, + # such as valueFrom.secretKeyRef, valueFrom.configMapKeyRef. Each item must include a `name` and `valueFrom`. + # + # Example: + # envVarFrom: + # - name: EXAMPLE_SECRET + # valueFrom: + # secretKeyRef: + # name: example-name + # key: example-key + envVarFrom: [] + + # Deployment Update strategy + strategy: {} + + # Sets the Deployment minReadySeconds value + minReadySeconds: + + # Optionally configure a custom readinessProbe. By default the control plane + # automatically injects the readinessProbe. If you wish to override that + # behavior, you may define your own readinessProbe here. + readinessProbe: {} + + # Labels to apply to all resources + labels: + # By default, don't enroll gateways into the ambient dataplane + "istio.io/dataplane-mode": none + + # Annotations to apply to all resources + annotations: {} + + nodeSelector: {} + + tolerations: [] + + topologySpreadConstraints: [] + + affinity: {} + + # If specified, the gateway will act as a network gateway for the given network. + networkGateway: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent + imagePullPolicy: "" + + imagePullSecrets: [] + + # This value is used to configure a Kubernetes PodDisruptionBudget for the gateway. + # + # By default, the `podDisruptionBudget` is disabled (set to `{}`), + # which means that no PodDisruptionBudget resource will be created. + # + # The PodDisruptionBudget can be only enabled if autoscaling is enabled + # with minReplicas > 1 or if autoscaling is disabled but replicaCount > 1. + # + # To enable the PodDisruptionBudget, configure it by specifying the + # `minAvailable` or `maxUnavailable`. For example, to set the + # minimum number of available replicas to 1, you can update this value as follows: + # + # podDisruptionBudget: + # minAvailable: 1 + # + # Or, to allow a maximum of 1 unavailable replica, you can set: + # + # podDisruptionBudget: + # maxUnavailable: 1 + # + # You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`. + # For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows: + # + # podDisruptionBudget: + # minAvailable: 1 + # unhealthyPodEvictionPolicy: AlwaysAllow + # + # To disable the PodDisruptionBudget, you can leave it as an empty object `{}`: + # + # podDisruptionBudget: {} + # + podDisruptionBudget: {} + + # Sets the per-pod terminationGracePeriodSeconds setting. + terminationGracePeriodSeconds: 30 + + # A list of `Volumes` added into the Gateway Pods. See + # https://kubernetes.io/docs/concepts/storage/volumes/. + volumes: [] + + # A list of `VolumeMounts` added into the Gateway Pods. See + # https://kubernetes.io/docs/concepts/storage/volumes/. + volumeMounts: [] + + # Inject initContainers into the Gateway Pods. + initContainers: [] + + # Inject additional containers into the Gateway Pods. + additionalContainers: [] + + # Configure this to a higher priority class in order to make sure your Istio gateway pods + # will not be killed because of low priority class. + # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + # for more detail. + priorityClassName: "" + + # Configure the lifecycle hooks for the gateway. See + # https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/. + lifecycle: {} + + # When enabled, a default NetworkPolicy for gateways will be created + global: + networkPolicy: + enabled: false diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/Chart.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/Chart.yaml new file mode 100644 index 000000000..d3f876b0b --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +appVersion: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +description: Helm chart for istio control plane +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio +- istiod +- istio-discovery +name: istiod +sources: +- https://github.com/istio/istio +version: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/README.md b/resources/v1.30-alpha.941c7435/charts/istiod/README.md new file mode 100644 index 000000000..44f7b1d8c --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/README.md @@ -0,0 +1,73 @@ +# Istiod Helm Chart + +This chart installs an Istiod deployment. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +Before installing, ensure CRDs are installed in the cluster (from the `istio/base` chart). + +To install the chart with the release name `istiod`: + +```console +kubectl create namespace istio-system +helm install istiod istio/istiod --namespace istio-system +``` + +## Uninstalling the Chart + +To uninstall/delete the `istiod` deployment: + +```console +helm delete istiod --namespace istio-system +``` + +## Configuration + +To view supported configuration options and documentation, run: + +```console +helm show values istio/istiod +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. + +### Examples + +#### Configuring mesh configuration settings + +Any [Mesh Config](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/) options can be configured like below: + +```yaml +meshConfig: + accessLogFile: /dev/stdout +``` + +#### Revisions + +Control plane revisions allow deploying multiple versions of the control plane in the same cluster. +This allows safe [canary upgrades](https://istio.io/latest/docs/setup/upgrade/canary/) + +```yaml +revision: my-revision-name +``` diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.941c7435/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.941c7435/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/grpc-agent.yaml new file mode 100644 index 000000000..6e3102e4c --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/files/grpc-agent.yaml @@ -0,0 +1,318 @@ +{{- define "resources" }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} + requests: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} + cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" + {{ end }} + {{- end }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + limits: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} + cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} + memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" + {{ end }} + {{- end }} + {{- else }} + {{- if .Values.global.proxy.resources }} + {{ toYaml .Values.global.proxy.resources | indent 6 }} + {{- end }} + {{- end }} +{{- end }} +{{- $containers := list }} +{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} +metadata: + labels: + {{/* security.istio.io/tlsMode: istio must be set by user, if gRPC is using mTLS initialization code. We can't set it automatically. */}} + service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} + service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} + annotations: { + istio.io/rev: {{ .Revision | default "default" | quote }}, + {{- if ge (len $containers) 1 }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} + kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", + {{- end }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} + kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", + {{- end }} + {{- end }} + sidecar.istio.io/rewriteAppHTTPProbers: "false", + } +spec: + containers: + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + ports: + - containerPort: 15020 + protocol: TCP + name: mesh-metrics + args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} + - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} + - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + lifecycle: + postStart: + exec: + command: + - pilot-agent + - wait + - --url=http://localhost:15020/healthz/ready + env: + - name: ISTIO_META_GENERATOR + value: grpc + - name: OUTPUT_CERTS + value: /var/lib/istio/data + {{- if eq .InboundTrafficPolicyMode "localhost" }} + - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION + value: "true" + {{- end }} + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: ISTIO_META_APP_CONTAINERS + value: "{{ $containers | join "," }}" + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{- if .DeploymentMeta.Name }} + - name: ISTIO_META_WORKLOAD_NAME + value: "{{ .DeploymentMeta.Name }}" + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + # grpc uses xds:/// to resolve – no need to resolve VIP + - name: ISTIO_META_DNS_CAPTURE + value: "false" + - name: DISABLE_ENVOY + value: "true" + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} + readinessProbe: + httpGet: + path: /healthz/ready + port: 15020 + initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} + timeoutSeconds: 3 + failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} + resources: + {{ template "resources" . }} + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + # UDS channel between istioagent and gRPC client for XDS/SDS + - mountPath: /etc/istio/proxy + name: istio-xds + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- end }} + - name: istio-podinfo + mountPath: /etc/istio/pod + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} + {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 6 }} + {{ end }} + {{- end }} +{{- range $index, $container := .Spec.Containers }} +{{ if not (eq $container.Name "istio-proxy") }} + - name: {{ $container.Name }} + env: + - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" + value: "true" + - name: "GRPC_XDS_BOOTSTRAP" + value: "/etc/istio/proxy/grpc-bootstrap.json" + volumeMounts: + - mountPath: /var/lib/istio/data + name: istio-data + # UDS channel between istioagent and gRPC client for XDS/SDS + - mountPath: /etc/istio/proxy + name: istio-xds + {{- if eq $.Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} +{{- end }} +{{- end }} + volumes: + - emptyDir: + name: workload-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else }} + - emptyDir: + name: workload-certs + {{- end }} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: custom-bootstrap-volume + configMap: + name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-xds + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} + {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 4 }} + {{ end }} + {{ end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/grpc-simple.yaml new file mode 100644 index 000000000..9ba0c7a46 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/files/grpc-simple.yaml @@ -0,0 +1,65 @@ +metadata: + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "false" +spec: + initContainers: + - name: grpc-bootstrap-init + image: busybox:1.28 + volumeMounts: + - mountPath: /var/lib/grpc/data/ + name: grpc-io-proxyless-bootstrap + env: + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ISTIO_NAMESPACE + value: | + {{ .Values.global.istioNamespace }} + command: + - sh + - "-c" + - |- + NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local" + SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010" + echo ' + { + "xds_servers": [ + { + "server_uri": "'${SERVER_URI}'", + "channel_creds": [{"type": "insecure"}], + "server_features" : ["xds_v3"] + } + ], + "node": { + "id": "'${NODE_ID}'", + "metadata": { + "GENERATOR": "grpc" + } + } + }' > /var/lib/grpc/data/bootstrap.json + containers: + {{- range $index, $container := .Spec.Containers }} + - name: {{ $container.Name }} + env: + - name: GRPC_XDS_BOOTSTRAP + value: /var/lib/grpc/data/bootstrap.json + - name: GRPC_GO_LOG_VERBOSITY_LEVEL + value: "99" + - name: GRPC_GO_LOG_SEVERITY_LEVEL + value: info + volumeMounts: + - mountPath: /var/lib/grpc/data/ + name: grpc-io-proxyless-bootstrap + {{- end }} + volumes: + - name: grpc-io-proxyless-bootstrap + emptyDir: {} diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.941c7435/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.941c7435/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-ambient.yaml new file mode 100644 index 000000000..495fbcd43 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-demo.yaml new file mode 100644 index 000000000..d6dc36dd0 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-gke.yaml new file mode 100644 index 000000000..dfe8a7d74 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-k3d.yaml new file mode 100644 index 000000000..cd86d9ec5 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-k3s.yaml new file mode 100644 index 000000000..07820106d --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-microk8s.yaml new file mode 100644 index 000000000..57d7f5e3c --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-minikube.yaml new file mode 100644 index 000000000..fa9992e20 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-openshift.yaml new file mode 100644 index 000000000..8ddc5e165 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-remote.yaml new file mode 100644 index 000000000..d17b9a801 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.941c7435/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.941c7435/charts/istiod/templates/NOTES.txt new file mode 100644 index 000000000..0d07ea7f4 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/NOTES.txt @@ -0,0 +1,82 @@ +"istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}" successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} + +Next steps: +{{- $profile := default "" .Values.profile }} +{{- if (eq $profile "ambient") }} + * Get started with ambient: https://istio.io/latest/docs/ops/ambient/getting-started/ + * Review ambient's architecture: https://istio.io/latest/docs/ops/ambient/architecture/ +{{- else }} + * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/ + * Try out our tasks to get started on common configurations: + * https://istio.io/latest/docs/tasks/traffic-management + * https://istio.io/latest/docs/tasks/security/ + * https://istio.io/latest/docs/tasks/policy-enforcement/ +{{- end }} + * Review the list of actively supported releases, CVE publications and our hardening guide: + * https://istio.io/latest/docs/releases/supported-releases/ + * https://istio.io/latest/news/security/ + * https://istio.io/latest/docs/ops/best-practices/security/ + +For further documentation see https://istio.io website + +{{- + $deps := dict + "global.outboundTrafficPolicy" "meshConfig.outboundTrafficPolicy" + "global.certificates" "meshConfig.certificates" + "global.localityLbSetting" "meshConfig.localityLbSetting" + "global.policyCheckFailOpen" "meshConfig.policyCheckFailOpen" + "global.enableTracing" "meshConfig.enableTracing" + "global.proxy.accessLogFormat" "meshConfig.accessLogFormat" + "global.proxy.accessLogFile" "meshConfig.accessLogFile" + "global.proxy.concurrency" "meshConfig.defaultConfig.concurrency" + "global.proxy.envoyAccessLogService" "meshConfig.defaultConfig.envoyAccessLogService" + "global.proxy.envoyAccessLogService.enabled" "meshConfig.enableEnvoyAccessLogService" + "global.proxy.envoyMetricsService" "meshConfig.defaultConfig.envoyMetricsService" + "global.proxy.protocolDetectionTimeout" "meshConfig.protocolDetectionTimeout" + "global.proxy.holdApplicationUntilProxyStarts" "meshConfig.defaultConfig.holdApplicationUntilProxyStarts" + "pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" + "global.mtls.enabled" "the PeerAuthentication resource" + "global.mtls.auto" "meshConfig.enableAutoMtls" + "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address" + "global.tracer.lightstep.accessToken" "meshConfig.defaultConfig.tracing.lightstep.accessToken" + "global.tracer.zipkin.address" "meshConfig.defaultConfig.tracing.zipkin.address" + "global.tracer.datadog.address" "meshConfig.defaultConfig.tracing.datadog.address" + "global.meshExpansion.enabled" "Gateway and other Istio networking resources, such as in samples/multicluster/" + "istiocoredns.enabled" "the in-proxy DNS capturing (ISTIO_META_DNS_CAPTURE)" +}} +{{- range $dep, $replace := $deps }} +{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} +{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} +{{- if not (eq $res "")}} +WARNING: {{$dep|quote}} is deprecated; use {{$replace|quote}} instead. +{{- end }} +{{- end }} +{{- + $failDeps := dict + "telemetry.v2.prometheus.configOverride" + "telemetry.v2.stackdriver.configOverride" + "telemetry.v2.stackdriver.disableOutbound" + "telemetry.v2.stackdriver.outboundAccessLogging" + "global.tracer.stackdriver.debug" "meshConfig.defaultConfig.tracing.stackdriver.debug" + "global.tracer.stackdriver.maxNumberOfAttributes" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" + "global.tracer.stackdriver.maxNumberOfAnnotations" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" + "global.tracer.stackdriver.maxNumberOfMessageEvents" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" + "meshConfig.defaultConfig.tracing.stackdriver.debug" "Istio supported tracers" + "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" "Istio supported tracers" + "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" "Istio supported tracers" + "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" "Istio supported tracers" +}} +{{- range $dep, $replace := $failDeps }} +{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} +{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} +{{- if not (eq $res "")}} +{{fail (print $dep " is removed")}} +{{- end }} +{{- end }} +{{- if eq $.Values.global.pilotCertProvider "kubernetes" }} +{{- fail "pilotCertProvider=kubernetes is not supported" }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.941c7435/charts/istiod/templates/_helpers.tpl new file mode 100644 index 000000000..042c92538 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Default Prometheus is enabled if its enabled and there are no config overrides set */}} +{{ define "default-prometheus" }} +{{- and + (not .Values.meshConfig.defaultProviders) + .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.prometheus.enabled +}} +{{- end }} + +{{/* SD has metrics and logging split. Default metrics are enabled if SD is enabled */}} +{{ define "default-sd-metrics" }} +{{- and + (not .Values.meshConfig.defaultProviders) + .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled +}} +{{- end }} + +{{/* SD has metrics and logging split. */}} +{{ define "default-sd-logs" }} +{{- and + (not .Values.meshConfig.defaultProviders) + .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled +}} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/autoscale.yaml new file mode 100644 index 000000000..9ab43b5bf --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/autoscale.yaml @@ -0,0 +1,45 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + maxReplicas: {{ .Values.autoscaleMax }} + minReplicas: {{ .Values.autoscaleMin }} + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.cpu.targetAverageUtilization }} + {{- if .Values.memory.targetAverageUtilization }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.memory.targetAverageUtilization }} + {{- end }} + {{- if .Values.autoscaleBehavior }} + behavior: {{ toYaml .Values.autoscaleBehavior | nindent 4 }} + {{- end }} +--- +{{- end }} +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/clusterrole.yaml new file mode 100644 index 000000000..3280c96b5 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/clusterrole.yaml @@ -0,0 +1,216 @@ +# Created if cluster resources are not omitted +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +rules: + # sidecar injection controller + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update", "patch"] + + # configuration validation webhook controller + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update"] + + # istio configuration + # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) + # please proceed with caution + - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] + verbs: ["get", "watch", "list"] + resources: ["*"] +{{- if .Values.global.istiod.enableAnalysis }} + - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] + verbs: ["update", "patch"] + resources: + - authorizationpolicies/status + - destinationrules/status + - envoyfilters/status + - gateways/status + - peerauthentications/status + - proxyconfigs/status + - requestauthentications/status + - serviceentries/status + - sidecars/status + - telemetries/status + - virtualservices/status + - wasmplugins/status + - workloadentries/status + - workloadgroups/status +{{- end }} + - apiGroups: ["networking.istio.io"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "workloadentries" ] + - apiGroups: ["networking.istio.io"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "workloadentries/status", "serviceentries/status" ] + - apiGroups: ["security.istio.io"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "authorizationpolicies/status" ] + - apiGroups: [""] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "services/status" ] + + # auto-detect installed CRD definitions + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + + # discovery and routing + - apiGroups: [""] + resources: ["pods", "nodes", "services", "namespaces", "endpoints"] + verbs: ["get", "list", "watch"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] + +{{- if .Values.taint.enabled }} + - apiGroups: [""] + resources: ["nodes"] + verbs: ["patch"] +{{- end }} + + # ingress controller +{{- if .Values.global.istiod.enableAnalysis }} + - apiGroups: ["extensions", "networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["extensions", "networking.k8s.io"] + resources: ["ingresses/status"] + verbs: ["*"] +{{- end}} + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses", "ingressclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses/status"] + verbs: ["*"] + + # required for CA's namespace controller + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "get", "list", "watch", "update"] + + # Istiod and bootstrap. +{{- $omitCertProvidersForClusterRole := list "istiod" "custom" "none"}} +{{- if or .Values.env.EXTERNAL_CA (not (has .Values.global.pilotCertProvider $omitCertProvidersForClusterRole)) }} + - apiGroups: ["certificates.k8s.io"] + resources: + - "certificatesigningrequests" + - "certificatesigningrequests/approval" + - "certificatesigningrequests/status" + verbs: ["update", "create", "get", "delete", "watch"] + - apiGroups: ["certificates.k8s.io"] + resources: + - "signers" + resourceNames: +{{- range .Values.global.certSigners }} + - {{ . | quote }} +{{- end }} + verbs: ["approve"] +{{- end}} +{{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + - apiGroups: ["certificates.k8s.io"] + resources: ["clustertrustbundles"] + verbs: ["update", "create", "delete", "list", "watch", "get"] + - apiGroups: ["certificates.k8s.io"] + resources: ["signers"] + resourceNames: ["istio.io/istiod-ca"] + verbs: ["attest"] +{{- end }} + + # Used by Istiod to verify the JWT tokens + - apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] + + # Used by Istiod to verify gateway SDS + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] + + # Use for Kubernetes Service APIs + - apiGroups: ["gateway.networking.k8s.io", "gateway.networking.x-k8s.io"] + resources: ["*"] + verbs: ["get", "watch", "list"] + - apiGroups: ["gateway.networking.x-k8s.io"] + resources: + - xbackendtrafficpolicies/status + - xlistenersets/status + verbs: ["update", "patch"] + - apiGroups: ["gateway.networking.k8s.io"] + resources: + - backendtlspolicies/status + - gatewayclasses/status + - gateways/status + - grpcroutes/status + - httproutes/status + - referencegrants/status + - tcproutes/status + - tlsroutes/status + - udproutes/status + verbs: ["update", "patch"] + - apiGroups: ["gateway.networking.k8s.io"] + resources: ["gatewayclasses"] + verbs: ["create", "update", "patch", "delete"] + - apiGroups: ["inference.networking.k8s.io"] + resources: ["inferencepools"] + verbs: ["get", "watch", "list"] + - apiGroups: ["inference.networking.k8s.io"] + resources: ["inferencepools/status"] + verbs: ["update", "patch"] + + # Needed for multicluster secret reading, possibly ingress certs in the future + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] + + # Used for MCS serviceexport management + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceexports"] + verbs: [ "get", "watch", "list", "create", "delete"] + + # Used for MCS serviceimport management + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceimports"] + verbs: ["get", "watch", "list"] +--- +{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +rules: + - apiGroups: ["apps"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "deployments" ] + - apiGroups: ["autoscaling"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "horizontalpodautoscalers" ] + - apiGroups: ["policy"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "poddisruptionbudgets" ] + - apiGroups: [""] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "services" ] + - apiGroups: [""] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "serviceaccounts"] +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..0ca21b957 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/clusterrolebinding.yaml @@ -0,0 +1,43 @@ +# Created if cluster resources are not omitted +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} +--- +{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +subjects: +- kind: ServiceAccount + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap-jwks.yaml new file mode 100644 index 000000000..45943d383 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap-jwks.yaml @@ -0,0 +1,20 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +{{- if .Values.jwksResolverExtraRootCA }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: + extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} +{{- end }} +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap-values.yaml new file mode 100644 index 000000000..dcd1e3530 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap-values.yaml @@ -0,0 +1,21 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: values{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + annotations: + kubernetes.io/description: This ConfigMap contains the Helm values used during chart rendering. This ConfigMap is rendered for debugging purposes and external tooling; modifying these values has no effect. + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: + original-values: |- +{{ .Values._original | toPrettyJson | indent 4 }} +{{- $_ := unset $.Values "_original" }} + merged-values: |- +{{ .Values | toPrettyJson | indent 4 }} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap.yaml new file mode 100644 index 000000000..a24ff9ee2 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap.yaml @@ -0,0 +1,113 @@ +{{- define "mesh" }} + # The trust domain corresponds to the trust root of a system. + # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain + trustDomain: "cluster.local" + + # The namespace to treat as the administrative root namespace for Istio configuration. + # When processing a leaf namespace Istio will search for declarations in that namespace first + # and if none are found it will search in the root namespace. Any matching declaration found in the root namespace + # is processed as if it were declared in the leaf namespace. + rootNamespace: {{ .Values.meshConfig.rootNamespace | default .Values.global.istioNamespace }} + + {{ $prom := include "default-prometheus" . | eq "true" }} + {{ $sdMetrics := include "default-sd-metrics" . | eq "true" }} + {{ $sdLogs := include "default-sd-logs" . | eq "true" }} + {{- if or $prom $sdMetrics $sdLogs }} + defaultProviders: + {{- if or $prom $sdMetrics }} + metrics: + {{ if $prom }}- prometheus{{ end }} + {{ if and $sdMetrics $sdLogs }}- stackdriver{{ end }} + {{- end }} + {{- if and $sdMetrics $sdLogs }} + accessLogging: + - stackdriver + {{- end }} + {{- end }} + + defaultConfig: + {{- if .Values.global.meshID }} + meshId: "{{ .Values.global.meshID }}" + {{- end }} + {{- with (.Values.global.proxy.variant | default .Values.global.variant) }} + image: + imageType: {{. | quote}} + {{- end }} + {{- if not (eq .Values.global.proxy.tracer "none") }} + tracing: + {{- if eq .Values.global.proxy.tracer "lightstep" }} + lightstep: + # Address of the LightStep Satellite pool + address: {{ .Values.global.tracer.lightstep.address }} + # Access Token used to communicate with the Satellite pool + accessToken: {{ .Values.global.tracer.lightstep.accessToken }} + {{- else if eq .Values.global.proxy.tracer "zipkin" }} + zipkin: + # Address of the Zipkin collector + address: {{ ((.Values.global.tracer).zipkin).address | default (print "zipkin." .Values.global.istioNamespace ":9411") }} + {{- else if eq .Values.global.proxy.tracer "datadog" }} + datadog: + # Address of the Datadog Agent + address: {{ ((.Values.global.tracer).datadog).address | default "$(HOST_IP):8126" }} + {{- else if eq .Values.global.proxy.tracer "stackdriver" }} + stackdriver: + # enables trace output to stdout. + debug: {{ (($.Values.global.tracer).stackdriver).debug | default "false" }} + # The global default max number of attributes per span. + maxNumberOfAttributes: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAttributes | default "200" }} + # The global default max number of annotation events per span. + maxNumberOfAnnotations: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAnnotations | default "200" }} + # The global default max number of message events per span. + maxNumberOfMessageEvents: {{ (($.Values.global.tracer).stackdriver).maxNumberOfMessageEvents | default "200" }} + {{- end }} + {{- end }} + {{- if .Values.global.remotePilotAddress }} + {{- if and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod }} + # only primary `istiod` to xds and local `istiod` injection installs. + discoveryAddress: {{ printf "istiod-remote.%s.svc" .Release.Namespace }}:15012 + {{- else }} + discoveryAddress: {{ printf "istiod.%s.svc" .Release.Namespace }}:15012 + {{- end }} + {{- else }} + discoveryAddress: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{.Release.Namespace}}.svc:15012 + {{- end }} +{{- end }} + +{{/* We take the mesh config above, defined with individual values.yaml, and merge with .Values.meshConfig */}} +{{/* The intent here is that meshConfig.foo becomes the API, rather than re-inventing the API in values.yaml */}} +{{- $originalMesh := include "mesh" . | fromYaml }} +{{- $mesh := mergeOverwrite $originalMesh .Values.meshConfig }} + +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +{{- if .Values.configMap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: + + # Configuration file for the mesh networks to be used by the Split Horizon EDS. + meshNetworks: |- + {{- if .Values.global.meshNetworks }} + networks: +{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} + {{- else }} + networks: {} + {{- end }} + + mesh: |- +{{- if .Values.meshConfig }} +{{ $mesh | toYaml | indent 4 }} +{{- else }} +{{- include "mesh" . }} +{{- end }} +--- +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.941c7435/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/gateway-class-configmap.yaml new file mode 100644 index 000000000..9f7cdb01d --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/gateway-class-configmap.yaml @@ -0,0 +1,22 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +{{ range $key, $value := .Values.gatewayClasses }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-{{ $.Values.revision | default "default" }}-gatewayclass-{{$key}} + namespace: {{ $.Release.Namespace }} + labels: + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + gateway.istio.io/defaults-for-class: {{$key|quote}} + {{- include "istio.labels" $ | nindent 4 }} +data: +{{ range $kind, $overlay := $value }} + {{$kind}}: | +{{$overlay|toYaml|trim|indent 4}} +{{ end }} +--- +{{ end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.941c7435/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/mutatingwebhook.yaml new file mode 100644 index 000000000..26a6c8f00 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/mutatingwebhook.yaml @@ -0,0 +1,167 @@ +# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. +{{- /* Core defines the common configuration used by all webhook segments */}} +{{/* Copy just what we need to avoid expensive deepCopy */}} +{{- $whv := dict +"revision" .Values.revision + "injectionPath" .Values.istiodRemote.injectionPath + "injectionURL" .Values.istiodRemote.injectionURL + "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy + "caBundle" .Values.istiodRemote.injectionCABundle + "namespace" .Release.Namespace }} +{{- define "core" }} +{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign +a unique prefix to each. */}} +- name: {{.Prefix}}sidecar-injector.istio.io + clientConfig: + {{- if .injectionURL }} + url: "{{ .injectionURL }}" + {{- else }} + service: + name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} + namespace: {{ .namespace }} + path: "{{ .injectionPath }}" + port: 443 + {{- end }} + {{- if .caBundle }} + caBundle: "{{ .caBundle }}" + {{- end }} + sideEffects: None + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + failurePolicy: Fail + reinvocationPolicy: "{{ .reinvocationPolicy }}" + admissionReviewVersions: ["v1"] +{{- end }} + +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +{{- /* Installed for each revision - not installed for cluster resources ( cluster roles, bindings, crds) */}} +{{- if not .Values.global.operatorManageWebhooks }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: +{{- if eq .Release.Namespace "istio-system"}} + name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} +{{- else }} + name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +{{- end }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: sidecar-injector + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +{{- if $.Values.sidecarInjectorWebhookAnnotations }} + annotations: +{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} +{{- end }} +webhooks: +{{- /* Set up the selectors. First section is for revision, rest is for "default" revision */}} + +{{- /* Case 1: namespace selector matches, and object doesn't disable */}} +{{- /* Note: if both revision and legacy selector, we give precedence to the legacy one */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: No namespace selector, but object selects our revision (and doesn't disable) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: DoesNotExist + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} + + +{{- /* Webhooks for default revision */}} +{{- if (eq .Values.revision "") }} + +{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: In + values: + - enabled + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: In + values: + - "true" + - key: istio.io/rev + operator: DoesNotExist + +{{- if .Values.sidecarInjectorWebhook.enableNamespacesByDefault }} +{{- /* Special case 3: no labels at all */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + - key: "kubernetes.io/metadata.name" + operator: "NotIn" + values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist +{{- end }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/networkpolicy.yaml new file mode 100644 index 000000000..e844d5e5d --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/networkpolicy.yaml @@ -0,0 +1,47 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +{{- if (.Values.global.networkPolicy).enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + istio: pilot + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + policyTypes: + - Ingress + - Egress + ingress: + # Webhook from kube-apiserver + - from: [] + ports: + - protocol: TCP + port: 15017 + # xDS from potentially anywhere + - from: [] + ports: + - protocol: TCP + port: 15010 + - protocol: TCP + port: 15011 + - protocol: TCP + port: 15012 + - protocol: TCP + port: 8080 + - protocol: TCP + port: 15014 + # Allow all egress (needed because features like JWKS require connections to user-defined endpoints) + egress: + - {} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/poddisruptionbudget.yaml new file mode 100644 index 000000000..0ac37d1cd --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/poddisruptionbudget.yaml @@ -0,0 +1,41 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +{{- if .Values.global.defaultPodDisruptionBudget.enabled }} +# a workaround for https://github.com/kubernetes/kubernetes/issues/93476 +{{- if or (and .Values.autoscaleEnabled (gt (int .Values.autoscaleMin) 1)) (and (not .Values.autoscaleEnabled) (gt (int .Values.replicaCount) 1)) }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + istio: pilot + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + {{- if and .Values.pdb.minAvailable (not (hasKey .Values.pdb "maxUnavailable")) }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- else if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + {{- if .Values.pdb.unhealthyPodEvictionPolicy }} + unhealthyPodEvictionPolicy: {{ .Values.pdb.unhealthyPodEvictionPolicy }} + {{- end }} + selector: + matchLabels: + app: istiod + {{- if ne .Values.revision "" }} + istio.io/rev: {{ .Values.revision | quote }} + {{- else }} + istio: pilot + {{- end }} +--- +{{- end }} +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.941c7435/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/reader-clusterrolebinding.yaml new file mode 100644 index 000000000..624f00dce --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/reader-clusterrolebinding.yaml @@ -0,0 +1,20 @@ +# Created if cluster resources are not omitted +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istio-reader + release: {{ .Release.Name }} + app.kubernetes.io/name: "istio-reader" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: istio-reader-service-account + namespace: {{ .Values.global.istioNamespace }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/remote-istiod-endpointslices.yaml new file mode 100644 index 000000000..e2f4ff03b --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/remote-istiod-endpointslices.yaml @@ -0,0 +1,42 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +{{- if and .Values.global.remotePilotAddress .Values.istiodRemote.enabled }} +# if the remotePilotAddress is an IP addr +{{- if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }} +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice +metadata: + {{- if .Values.istiodRemote.enabledLocalInjectorIstiod }} + # This file is only used for remote `istiod` installs. + # only primary `istiod` to xds and local `istiod` injection installs. + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }}-remote + {{- else }} + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} + {{- end }} + namespace: {{ .Release.Namespace }} + labels: + {{- if .Values.istiodRemote.enabledLocalInjectorIstiod }} + # only primary `istiod` to xds and local `istiod` injection installs. + kubernetes.io/service-name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }}-remote + {{- else }} + kubernetes.io/service-name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} + {{- end }} + {{- if .Release.Service }} + endpointslice.kubernetes.io/managed-by: {{ .Release.Service | quote }} + {{- end }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +addressType: IPv4 +endpoints: +- addresses: + - {{ .Values.global.remotePilotAddress }} +ports: +- port: 15012 + name: tcp-istiod + protocol: TCP +- port: 15017 + name: tcp-webhook + protocol: TCP +--- +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/remote-istiod-service.yaml new file mode 100644 index 000000000..ab14497ba --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/remote-istiod-service.yaml @@ -0,0 +1,43 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# This file is only used for remote +{{- if and .Values.global.remotePilotAddress .Values.istiodRemote.enabled }} +apiVersion: v1 +kind: Service +metadata: + {{- if .Values.istiodRemote.enabledLocalInjectorIstiod }} + # only primary `istiod` to xds and local `istiod` injection installs. + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }}-remote + {{- else }} + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} + {{- end }} + namespace: {{ .Release.Namespace }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + app.kubernetes.io/name: "istiod" + {{ include "istio.labels" . | nindent 4 }} +spec: + ports: + - port: 15012 + name: tcp-istiod + protocol: TCP + - port: 443 + targetPort: 15017 + name: tcp-webhook + protocol: TCP + {{- if and .Values.global.remotePilotAddress (not (regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress)) }} + # if the remotePilotAddress is not an IP addr, we use ExternalName + type: ExternalName + externalName: {{ .Values.global.remotePilotAddress }} + {{- end }} +{{- if .Values.global.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy }} +{{- end }} +{{- if .Values.global.ipFamilies }} + ipFamilies: +{{- range .Values.global.ipFamilies }} + - {{ . }} +{{- end }} +{{- end }} +--- +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/revision-tags-mwc.yaml new file mode 100644 index 000000000..556bb2f1e --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/revision-tags-mwc.yaml @@ -0,0 +1,154 @@ +# Adapted from istio-discovery/templates/mutatingwebhook.yaml +# Removed paths for legacy and default selectors since a revision tag +# is inherently created from a specific revision +# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. +{{- $whv := dict +"revision" .Values.revision + "injectionPath" .Values.istiodRemote.injectionPath + "injectionURL" .Values.istiodRemote.injectionURL + "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy + "caBundle" .Values.istiodRemote.injectionCABundle + "namespace" .Release.Namespace }} +{{- define "core" }} +{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign +a unique prefix to each. */}} +- name: {{.Prefix}}sidecar-injector.istio.io + clientConfig: + {{- if .injectionURL }} + url: "{{ .injectionURL }}" + {{- else }} + service: + name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} + namespace: {{ .namespace }} + path: "{{ .injectionPath }}" + port: 443 + {{- end }} + sideEffects: None + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + failurePolicy: Fail + reinvocationPolicy: "{{ .reinvocationPolicy }}" + admissionReviewVersions: ["v1"] +{{- end }} + +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +{{- if not .Values.global.operatorManageWebhooks }} +{{- range $tagName := $.Values.revisionTags }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: +{{- if eq $.Release.Namespace "istio-system"}} + name: istio-revision-tag-{{ $tagName }} +{{- else }} + name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} +{{- end }} + labels: + istio.io/tag: {{ $tagName }} + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: sidecar-injector + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" $ | nindent 4 }} +{{- if $.Values.sidecarInjectorWebhookAnnotations }} + annotations: +{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} +{{- end }} +webhooks: +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: DoesNotExist + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + +{{- /* When the tag is "default" we want to create webhooks for the default revision */}} +{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} +{{- if (eq $tagName "default") }} + +{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: In + values: + - enabled + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: In + values: + - "true" + - key: istio.io/rev + operator: DoesNotExist + +{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} +{{- /* Special case 3: no labels at all */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + - key: "kubernetes.io/metadata.name" + operator: "NotIn" + values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist +{{- end }} + +{{- end }} +--- +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/revision-tags-svc.yaml new file mode 100644 index 000000000..5c4826d23 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/revision-tags-svc.yaml @@ -0,0 +1,57 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Adapted from istio-discovery/templates/service.yaml +{{- range $tagName := .Values.revisionTags }} +apiVersion: v1 +kind: Service +metadata: + name: istiod-revision-tag-{{ $tagName }} + namespace: {{ $.Release.Namespace }} + {{- if $.Values.serviceAnnotations }} + annotations: +{{ toYaml $.Values.serviceAnnotations | indent 4 }} + {{- end }} + labels: + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + istio.io/tag: {{ $tagName }} + operator.istio.io/component: "Pilot" + app: istiod + istio: pilot + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" $ | nindent 4 }} +spec: + ports: + - port: 15010 + name: grpc-xds # plaintext + protocol: TCP + - port: 15012 + name: https-dns # mTLS with k8s-signed cert + protocol: TCP + - port: 443 + name: https-webhook # validation and injection + targetPort: 15017 + protocol: TCP + - port: 15014 + name: http-monitoring # prometheus stats + protocol: TCP + selector: + app: istiod + {{- if ne $.Values.revision "" }} + istio.io/rev: {{ $.Values.revision | quote }} + {{- else }} + # Label used by the 'default' service. For versioned deployments we match with app and version. + # This avoids default deployment picking the canary + istio: pilot + {{- end }} + {{- if $.Values.ipFamilyPolicy }} + ipFamilyPolicy: {{ $.Values.ipFamilyPolicy }} + {{- end }} + {{- if $.Values.ipFamilies }} + ipFamilies: + {{- range $.Values.ipFamilies }} + - {{ . }} + {{- end }} + {{- end }} +--- +{{- end -}} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/role.yaml new file mode 100644 index 000000000..8abe608b6 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/role.yaml @@ -0,0 +1,37 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +rules: +# permissions to verify the webhook is ready and rejecting +# invalid config. We use --server-dry-run so no config is persisted. +- apiGroups: ["networking.istio.io"] + verbs: ["create"] + resources: ["gateways"] + +# For storing CA secret +- apiGroups: [""] + resources: ["secrets"] + # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config + verbs: ["create", "get", "watch", "list", "update", "delete"] + +# For status controller, so it can delete the distribution report configmap +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["delete"] + +# For gateway deployment controller +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "update", "patch", "create"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/rolebinding.yaml new file mode 100644 index 000000000..731964f04 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/rolebinding.yaml @@ -0,0 +1,23 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} +subjects: + - kind: ServiceAccount + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/service.yaml new file mode 100644 index 000000000..c3aade8a4 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/service.yaml @@ -0,0 +1,59 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +apiVersion: v1 +kind: Service +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + {{- if .Values.serviceAnnotations }} + annotations: +{{ toYaml .Values.serviceAnnotations | indent 4 }} + {{- end }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: istiod + istio: pilot + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + ports: + - port: 15010 + name: grpc-xds # plaintext + protocol: TCP + - port: 15012 + name: https-dns # mTLS with k8s-signed cert + protocol: TCP + - port: 443 + name: https-webhook # validation and injection + targetPort: 15017 + protocol: TCP + - port: 15014 + name: http-monitoring # prometheus stats + protocol: TCP + selector: + app: istiod + {{- if ne .Values.revision "" }} + istio.io/rev: {{ .Values.revision | quote }} + {{- else }} + # Label used by the 'default' service. For versioned deployments we match with app and version. + # This avoids default deployment picking the canary + istio: pilot + {{- end }} + {{- if .Values.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.ipFamilyPolicy }} + {{- end }} + {{- if .Values.ipFamilies }} + ipFamilies: + {{- range .Values.ipFamilies }} + - {{ . }} + {{- end }} + {{- end }} + {{- if .Values.trafficDistribution }} + trafficDistribution: {{ .Values.trafficDistribution }} + {{- end }} +--- +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/serviceaccount.yaml new file mode 100644 index 000000000..ee40eedf8 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/serviceaccount.yaml @@ -0,0 +1,26 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: v1 +kind: ServiceAccount + {{- if .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} + {{- if .Values.serviceAccountAnnotations }} + annotations: +{{- toYaml .Values.serviceAccountAnnotations | nindent 4 }} + {{- end }} +{{- end }} +--- +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/validatingadmissionpolicy.yaml new file mode 100644 index 000000000..838d9fbaf --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/validatingadmissionpolicy.yaml @@ -0,0 +1,65 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +{{- if .Values.experimental.stableValidationPolicy }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicy +metadata: + name: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" + labels: + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + failurePolicy: Fail + matchConstraints: + resourceRules: + - apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: ["*"] + operations: ["CREATE", "UPDATE"] + resources: ["*"] + objectSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} + variables: + - name: isEnvoyFilter + expression: "object.kind == 'EnvoyFilter'" + - name: isWasmPlugin + expression: "object.kind == 'WasmPlugin'" + - name: isProxyConfig + expression: "object.kind == 'ProxyConfig'" + - name: isTelemetry + expression: "object.kind == 'Telemetry'" + validations: + - expression: "!variables.isEnvoyFilter" + - expression: "!variables.isWasmPlugin" + - expression: "!variables.isProxyConfig" + - expression: | + !( + variables.isTelemetry && ( + (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || + (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || + (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) + ) + ) +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicyBinding +metadata: + name: "stable-channel-policy-binding{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" +spec: + policyName: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" + validationActions: [Deny] +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/validatingwebhookconfiguration.yaml new file mode 100644 index 000000000..6903b29b5 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/validatingwebhookconfiguration.yaml @@ -0,0 +1,70 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +{{- if .Values.global.configValidation }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: istio-validator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + istio: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +webhooks: + # Webhook handling per-revision validation. Mostly here so we can determine whether webhooks + # are rejecting invalid configs on a per-revision basis. + - name: rev.validation.istio.io + clientConfig: + # Should change from base but cannot for API compat + {{- if .Values.base.validationURL }} + url: {{ .Values.base.validationURL }} + {{- else }} + service: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + path: "/validate" + {{- end }} + {{- if .Values.base.validationCABundle }} + caBundle: "{{ .Values.base.validationCABundle }}" + {{- end }} + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: + - "*" + resources: + - "*" + {{- if .Values.base.validationCABundle }} + # Disable webhook controller in Pilot to stop patching it + failurePolicy: Fail + {{- else }} + # Fail open until the validation webhook is ready. The webhook controller + # will update this to `Fail` and patch in the `caBundle` when the webhook + # endpoint is ready. + failurePolicy: Ignore + {{- end }} + sideEffects: None + admissionReviewVersions: ["v1"] + objectSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} +--- +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/zzy_descope_legacy.yaml new file mode 100644 index 000000000..73202418c --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/zzy_descope_legacy.yaml @@ -0,0 +1,3 @@ +{{/* Copy anything under `.pilot` to `.`, to avoid the need to specify a redundant prefix. +Due to the file naming, this always happens after zzz_profile.yaml */}} +{{- $_ := mustMergeOverwrite $.Values (index $.Values "pilot") }} diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/templates/zzz_profile.yaml new file mode 100644 index 000000000..3d8495648 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/istiod/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.4d7a765c/charts/istiod/values.yaml b/resources/v1.30-alpha.941c7435/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.4d7a765c/charts/istiod/values.yaml rename to resources/v1.30-alpha.941c7435/charts/istiod/values.yaml index 913981a10..dadead189 100644 --- a/resources/v1.30-alpha.4d7a765c/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.941c7435/charts/istiod/values.yaml @@ -254,7 +254,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 + tag: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/Chart.yaml new file mode 100644 index 000000000..3af797f80 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +appVersion: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +description: Helm chart for istio revision tags +name: revisiontags +sources: +- https://github.com/istio-ecosystem/sail-operator +version: 0.1.0 + diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-ambient.yaml new file mode 100644 index 000000000..495fbcd43 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-demo.yaml new file mode 100644 index 000000000..d6dc36dd0 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-gke.yaml new file mode 100644 index 000000000..dfe8a7d74 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-k3d.yaml new file mode 100644 index 000000000..cd86d9ec5 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-k3s.yaml new file mode 100644 index 000000000..07820106d --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-microk8s.yaml new file mode 100644 index 000000000..57d7f5e3c --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-minikube.yaml new file mode 100644 index 000000000..fa9992e20 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-openshift.yaml new file mode 100644 index 000000000..8ddc5e165 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-remote.yaml new file mode 100644 index 000000000..d17b9a801 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/templates/revision-tags-mwc.yaml new file mode 100644 index 000000000..556bb2f1e --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/templates/revision-tags-mwc.yaml @@ -0,0 +1,154 @@ +# Adapted from istio-discovery/templates/mutatingwebhook.yaml +# Removed paths for legacy and default selectors since a revision tag +# is inherently created from a specific revision +# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. +{{- $whv := dict +"revision" .Values.revision + "injectionPath" .Values.istiodRemote.injectionPath + "injectionURL" .Values.istiodRemote.injectionURL + "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy + "caBundle" .Values.istiodRemote.injectionCABundle + "namespace" .Release.Namespace }} +{{- define "core" }} +{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign +a unique prefix to each. */}} +- name: {{.Prefix}}sidecar-injector.istio.io + clientConfig: + {{- if .injectionURL }} + url: "{{ .injectionURL }}" + {{- else }} + service: + name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} + namespace: {{ .namespace }} + path: "{{ .injectionPath }}" + port: 443 + {{- end }} + sideEffects: None + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + failurePolicy: Fail + reinvocationPolicy: "{{ .reinvocationPolicy }}" + admissionReviewVersions: ["v1"] +{{- end }} + +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "cluster") }} +{{- if not .Values.global.operatorManageWebhooks }} +{{- range $tagName := $.Values.revisionTags }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: +{{- if eq $.Release.Namespace "istio-system"}} + name: istio-revision-tag-{{ $tagName }} +{{- else }} + name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} +{{- end }} + labels: + istio.io/tag: {{ $tagName }} + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: sidecar-injector + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" $ | nindent 4 }} +{{- if $.Values.sidecarInjectorWebhookAnnotations }} + annotations: +{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} +{{- end }} +webhooks: +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: DoesNotExist + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + +{{- /* When the tag is "default" we want to create webhooks for the default revision */}} +{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} +{{- if (eq $tagName "default") }} + +{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: In + values: + - enabled + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: In + values: + - "true" + - key: istio.io/rev + operator: DoesNotExist + +{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} +{{- /* Special case 3: no labels at all */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + - key: "kubernetes.io/metadata.name" + operator: "NotIn" + values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist +{{- end }} + +{{- end }} +--- +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/templates/revision-tags-svc.yaml new file mode 100644 index 000000000..5c4826d23 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/templates/revision-tags-svc.yaml @@ -0,0 +1,57 @@ +{{- if or (eq .Values.global.resourceScope "all") (eq .Values.global.resourceScope "namespace") }} +# Adapted from istio-discovery/templates/service.yaml +{{- range $tagName := .Values.revisionTags }} +apiVersion: v1 +kind: Service +metadata: + name: istiod-revision-tag-{{ $tagName }} + namespace: {{ $.Release.Namespace }} + {{- if $.Values.serviceAnnotations }} + annotations: +{{ toYaml $.Values.serviceAnnotations | indent 4 }} + {{- end }} + labels: + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + istio.io/tag: {{ $tagName }} + operator.istio.io/component: "Pilot" + app: istiod + istio: pilot + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" $ | nindent 4 }} +spec: + ports: + - port: 15010 + name: grpc-xds # plaintext + protocol: TCP + - port: 15012 + name: https-dns # mTLS with k8s-signed cert + protocol: TCP + - port: 443 + name: https-webhook # validation and injection + targetPort: 15017 + protocol: TCP + - port: 15014 + name: http-monitoring # prometheus stats + protocol: TCP + selector: + app: istiod + {{- if ne $.Values.revision "" }} + istio.io/rev: {{ $.Values.revision | quote }} + {{- else }} + # Label used by the 'default' service. For versioned deployments we match with app and version. + # This avoids default deployment picking the canary + istio: pilot + {{- end }} + {{- if $.Values.ipFamilyPolicy }} + ipFamilyPolicy: {{ $.Values.ipFamilyPolicy }} + {{- end }} + {{- if $.Values.ipFamilies }} + ipFamilies: + {{- range $.Values.ipFamilies }} + - {{ . }} + {{- end }} + {{- end }} +--- +{{- end -}} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/templates/zzz_profile.yaml new file mode 100644 index 000000000..3d8495648 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/values.yaml b/resources/v1.30-alpha.941c7435/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.4d7a765c/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.941c7435/charts/revisiontags/values.yaml index 913981a10..dadead189 100644 --- a/resources/v1.30-alpha.4d7a765c/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.941c7435/charts/revisiontags/values.yaml @@ -254,7 +254,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 + tag: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/Chart.yaml new file mode 100644 index 000000000..1346e3afb --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +appVersion: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +description: Helm chart for istio ztunnel components +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio-ztunnel +- istio +name: ztunnel +sources: +- https://github.com/istio/istio +version: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/README.md b/resources/v1.30-alpha.941c7435/charts/ztunnel/README.md new file mode 100644 index 000000000..72ea6892e --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/README.md @@ -0,0 +1,50 @@ +# Istio Ztunnel Helm Chart + +This chart installs an Istio ztunnel. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart: + +```console +helm install ztunnel istio/ztunnel +``` + +## Uninstalling the Chart + +To uninstall/delete the chart: + +```console +helm delete ztunnel +``` + +## Configuration + +To view supported configuration options and documentation, run: + +```console +helm show values istio/ztunnel +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-ambient.yaml new file mode 100644 index 000000000..495fbcd43 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-demo.yaml new file mode 100644 index 000000000..d6dc36dd0 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-gke.yaml new file mode 100644 index 000000000..dfe8a7d74 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-k3d.yaml new file mode 100644 index 000000000..cd86d9ec5 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-k3s.yaml new file mode 100644 index 000000000..07820106d --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-microk8s.yaml new file mode 100644 index 000000000..57d7f5e3c --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-minikube.yaml new file mode 100644 index 000000000..fa9992e20 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-openshift.yaml new file mode 100644 index 000000000..8ddc5e165 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-remote.yaml new file mode 100644 index 000000000..d17b9a801 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/NOTES.txt new file mode 100644 index 000000000..244f59db0 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/NOTES.txt @@ -0,0 +1,5 @@ +ztunnel successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/_helpers.tpl new file mode 100644 index 000000000..46a7a0b79 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/_helpers.tpl @@ -0,0 +1 @@ +{{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }} diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.941c7435/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.941c7435/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/rbac.yaml new file mode 100644 index 000000000..18291716b --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/rbac.yaml @@ -0,0 +1,51 @@ +{{- if or (eq .Values.resourceScope "all") (eq .Values.resourceScope "cluster") }} +{{- if (eq (.Values.platform | default "") "openshift") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "ztunnel.release-name" . }} + labels: + app: ztunnel + release: {{ include "ztunnel.release-name" . }} + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +rules: +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ztunnel.release-name" . }} + labels: + app: ztunnel + release: {{ include "ztunnel.release-name" . }} + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "ztunnel.release-name" . }} +subjects: +- kind: ServiceAccount + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +--- +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/resourcequota.yaml new file mode 100644 index 000000000..d33c9fe13 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/resourcequota.yaml @@ -0,0 +1,22 @@ +{{- if or (eq .Values.resourceScope "all") (eq .Values.resourceScope "namespace") }} +{{- if .Values.resourceQuotas.enabled }} +apiVersion: v1 +kind: ResourceQuota +metadata: + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} +spec: + hard: + pods: {{ .Values.resourceQuotas.pods | quote }} + scopeSelector: + matchExpressions: + - operator: In + scopeName: PriorityClass + values: + - system-node-critical +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/serviceaccount.yaml new file mode 100644 index 000000000..e1146f392 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/serviceaccount.yaml @@ -0,0 +1,24 @@ +{{- if or (eq .Values.resourceScope "all") (eq .Values.resourceScope "namespace") }} +apiVersion: v1 +kind: ServiceAccount + {{- with .Values.imagePullSecrets }} +imagePullSecrets: + {{- range . }} + - name: {{ . }} + {{- end }} + {{- end }} +metadata: + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/zzz_profile.yaml new file mode 100644 index 000000000..606c55669 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if true }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/values.yaml b/resources/v1.30-alpha.941c7435/charts/ztunnel/values.yaml similarity index 98% rename from resources/v1.30-alpha.4d7a765c/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.941c7435/charts/ztunnel/values.yaml index 8aa690924..70c5dc052 100644 --- a/resources/v1.30-alpha.4d7a765c/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.941c7435/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.4d7a765cf81a69e8c1a3e38b5f64c5fc1bc64360 + tag: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.941c7435/cni-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag b/resources/v1.30-alpha.941c7435/cni-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag new file mode 100644 index 000000000..193de9d78 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/cni-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag @@ -0,0 +1 @@ +061525c2e2bc82573153bc98b79a1797 diff --git a/resources/v1.30-alpha.941c7435/commit b/resources/v1.30-alpha.941c7435/commit new file mode 100644 index 000000000..efbc2ee05 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/commit @@ -0,0 +1 @@ +941c7435d35fdebdea431237a8dc966bd0bbdd64 diff --git a/resources/v1.30-alpha.941c7435/gateway-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag b/resources/v1.30-alpha.941c7435/gateway-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag new file mode 100644 index 000000000..16001cf45 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/gateway-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag @@ -0,0 +1 @@ +9a7f97b56bf2d837b5831d999c79c060 diff --git a/resources/v1.30-alpha.941c7435/istiod-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag b/resources/v1.30-alpha.941c7435/istiod-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag new file mode 100644 index 000000000..513224177 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/istiod-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag @@ -0,0 +1 @@ +284c1d538fe95d0e2f8a64868ad1d2f3 diff --git a/resources/v1.30-alpha.941c7435/profiles/ambient.yaml b/resources/v1.30-alpha.941c7435/profiles/ambient.yaml new file mode 100644 index 000000000..71ea784a8 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/profiles/ambient.yaml @@ -0,0 +1,5 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: ambient diff --git a/resources/v1.30-alpha.941c7435/profiles/default.yaml b/resources/v1.30-alpha.941c7435/profiles/default.yaml new file mode 100644 index 000000000..8f1ef1967 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/profiles/default.yaml @@ -0,0 +1,12 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + # Most default values come from the helm chart's values.yaml + # Below are the things that differ + values: + defaultRevision: "" + global: + istioNamespace: istio-system + configValidation: true + ztunnel: + resourceName: ztunnel diff --git a/resources/v1.30-alpha.941c7435/profiles/demo.yaml b/resources/v1.30-alpha.941c7435/profiles/demo.yaml new file mode 100644 index 000000000..53c4b4163 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/profiles/demo.yaml @@ -0,0 +1,5 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: demo diff --git a/resources/v1.30-alpha.941c7435/profiles/empty.yaml b/resources/v1.30-alpha.941c7435/profiles/empty.yaml new file mode 100644 index 000000000..4477cb1fe --- /dev/null +++ b/resources/v1.30-alpha.941c7435/profiles/empty.yaml @@ -0,0 +1,5 @@ +# The empty profile has everything disabled +# This is useful as a base for custom user configuration +apiVersion: sailoperator.io/v1 +kind: Istio +spec: {} diff --git a/resources/v1.30-alpha.941c7435/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.941c7435/profiles/openshift-ambient.yaml new file mode 100644 index 000000000..76edf00cd --- /dev/null +++ b/resources/v1.30-alpha.941c7435/profiles/openshift-ambient.yaml @@ -0,0 +1,7 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: ambient + global: + platform: openshift diff --git a/resources/v1.30-alpha.941c7435/profiles/openshift.yaml b/resources/v1.30-alpha.941c7435/profiles/openshift.yaml new file mode 100644 index 000000000..41492660f --- /dev/null +++ b/resources/v1.30-alpha.941c7435/profiles/openshift.yaml @@ -0,0 +1,6 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + global: + platform: openshift diff --git a/resources/v1.30-alpha.941c7435/profiles/preview.yaml b/resources/v1.30-alpha.941c7435/profiles/preview.yaml new file mode 100644 index 000000000..59d545c84 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/profiles/preview.yaml @@ -0,0 +1,8 @@ +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: preview diff --git a/resources/v1.30-alpha.941c7435/profiles/remote.yaml b/resources/v1.30-alpha.941c7435/profiles/remote.yaml new file mode 100644 index 000000000..54c65c8ba --- /dev/null +++ b/resources/v1.30-alpha.941c7435/profiles/remote.yaml @@ -0,0 +1,7 @@ +# The remote profile is used to configure a mesh cluster without a locally deployed control plane. +# Only the injector mutating webhook configuration is installed. +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: remote diff --git a/resources/v1.30-alpha.941c7435/profiles/stable.yaml b/resources/v1.30-alpha.941c7435/profiles/stable.yaml new file mode 100644 index 000000000..285feba24 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/profiles/stable.yaml @@ -0,0 +1,5 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: stable diff --git a/resources/v1.30-alpha.941c7435/ztunnel-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag b/resources/v1.30-alpha.941c7435/ztunnel-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag new file mode 100644 index 000000000..f6bb4ab35 --- /dev/null +++ b/resources/v1.30-alpha.941c7435/ztunnel-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag @@ -0,0 +1 @@ +bca30c2e5b68342659d2f846d1b4968a From bd2d9dcc63950543cfd41ea13431226ca180bb01 Mon Sep 17 00:00:00 2001 From: Francisco Herrera Date: Wed, 21 Jan 2026 14:10:27 +0100 Subject: [PATCH 07/40] Enable external registry support for OCP e2e tests in CI (#1514) * Enable external registry support for OCP e2e tests in CI Signed-off-by: Francisco Herrera Revert "Enable external registry support for OCP e2e tests in CI" This reverts commit 5f331385fbc5cde46d2e91cf93a0e55ec0385278. Enable external registry support for OCP e2e tests in CI Signed-off-by: Francisco Herrera * Fix lint Signed-off-by: Francisco Herrera * Update tests/e2e/common-operator-integ-suite.sh Co-authored-by: Filip Brychta Signed-off-by: Francisco Herrera * Add some improvements around the use of internal registry Signed-off-by: Francisco Herrera --------- Signed-off-by: Francisco Herrera Co-authored-by: Filip Brychta --- tests/e2e/README.md | 30 +++++++++++++++++ tests/e2e/common-operator-integ-suite.sh | 39 +++++++++++++++++++--- tests/e2e/setup/build-and-push-operator.sh | 6 +++- 3 files changed, 70 insertions(+), 5 deletions(-) diff --git a/tests/e2e/README.md b/tests/e2e/README.md index e4ee6a3b5..f9abed675 100644 --- a/tests/e2e/README.md +++ b/tests/e2e/README.md @@ -15,6 +15,7 @@ This end-to-end test suite utilizes Ginkgo, a testing framework known for its ex 1. [Pre-requisites](#pre-requisites) 1. [How to Run the test](#how-to-run-the-test) 1. [Running the test locally](#running-the-test-locally) + 1. [Test Run scenarios while running on OCP](#test-run-scenarios-while-running-on-ocp) 1. [Settings for end-to-end test execution](#settings-for-end-to-end-test-execution) 1. [Customizing the test run](#customizing-the-test-run) 1. [Get test definitions for the end-to-end test](#get-test-definitions-for-the-end-to-end-test) @@ -248,6 +249,35 @@ Note: if you are running the test against a cluster that has a different archite TARGET_ARCH=arm64 make test.e2e.ocp ``` +#### Test Run scenarios while running on OCP +When running the E2E test on OpenShift clusters, the framework supports three different registry scenarios: + +**Scenario 1: Test run with Internal Registry (Default behaviour)** +For test run on OpenShift with the default settings, no additional configuration is needed. The test scripts will automatically configure and use the OpenShift internal registry: + +```sh +# No HUB setting needed - uses internal registry by default +make test.e2e.ocp +``` + +**Scenario 2: Test run with CI Mode with External Registry** +In CI environments, set `CI=true` to use external registries with proper tagging: + +```sh +export CI=true +# Uses default HUB=quay.io/sail-dev with auto-generated tags if no PR_NUMBER var is being set +make test.e2e.ocp +``` + +**Scenario 3: Test run with custom External Registry** +For custom external registries, specify your own HUB value: + +```sh +export HUB=your-registry.com/your-namespace +export TAG=your-tag +make test.e2e.ocp +``` + ### Settings for end-to-end test execution The following environment variables define the behavior of the test run: diff --git a/tests/e2e/common-operator-integ-suite.sh b/tests/e2e/common-operator-integ-suite.sh index 35b428e33..d717c6e76 100755 --- a/tests/e2e/common-operator-integ-suite.sh +++ b/tests/e2e/common-operator-integ-suite.sh @@ -124,12 +124,39 @@ initialize_variables() { OPERATOR_SDK=${LOCALBIN}/operator-sdk IP_FAMILY=${IP_FAMILY:-ipv4} ISTIO_MANIFEST="chart/samples/istio-sample.yaml" + CI=${CI:-"false"} # export to be sure that the variables are available in the subshell export IMAGE_BASE="${IMAGE_BASE:-sail-operator}" export TAG="${TAG:-latest}" export HUB="${HUB:-localhost:5000}" + # Handle OCP registry scenarios + # Note: Makefile.core.mk sets HUB=quay.io/sail-dev and TAG=1.29-latest by default + if [ "${OCP}" == "true" ]; then + if [ "${CI}" == "true" ] && [ "${HUB}" == "quay.io/sail-dev" ]; then + # Scenario 2: CI mode with default HUB -> use external registry with proper CI tag + echo "CI mode detected for OCP, using external registry ${HUB}" + + # Use PR_NUMBER if available, otherwise generate timestamp tag + if [ -n "${PR_NUMBER:-}" ]; then + export TAG="pr-${PR_NUMBER}" + echo "Using PR-based tag: ${TAG}" + else + TAG="ci-test-$(date +%s)" + export TAG + echo "Using timestamp-based tag: ${TAG}" + fi + elif [ "${HUB}" != "quay.io/sail-dev" ]; then + # Scenario 3: Custom registry provided by user + echo "Using custom registry: ${HUB}" + else + # Scenario 1: Local development -> use internal OCP registry + echo "Local development mode, will use OCP internal registry" + export USE_INTERNAL_REGISTRY="true" + fi + fi + echo "Setting Istio manifest file: ${ISTIO_MANIFEST}" ISTIO_NAME=$(yq eval '.metadata.name' "${WD}/../../$ISTIO_MANIFEST") @@ -216,7 +243,7 @@ parse_flags "$@" initialize_variables # Export necessary vars -export COMMAND OCP HUB IMAGE_BASE TAG NAMESPACE +export COMMAND OCP HUB IMAGE_BASE TAG NAMESPACE USE_INTERNAL_REGISTRY if [ "${SKIP_BUILD}" == "false" ]; then "${WD}/setup/build-and-push-operator.sh" @@ -225,9 +252,13 @@ if [ "${SKIP_BUILD}" == "false" ]; then # This is a workaround when pulling the image from internal registry # To avoid errors of certificates meanwhile we are pulling the operator image from the internal registry # We need to set image $HUB to a fixed known value after the push - # This value always will be equal to the svc url of the internal registry - HUB="image-registry.openshift-image-registry.svc:5000/istio-images" - echo "Using internal registry: ${HUB}" + # Convert from route URL to service URL format for image pulling + if [[ "${HUB}" == *"/istio-images" ]]; then + HUB="image-registry.openshift-image-registry.svc:5000/istio-images" + echo "Using internal registry service URL: ${HUB}" + else + echo "Using external registry: ${HUB}" + fi # Workaround for OCP helm operator installation issues: # To avoid any cleanup issues, after we build and push the image we check if the namespace exists and delete it if it does. diff --git a/tests/e2e/setup/build-and-push-operator.sh b/tests/e2e/setup/build-and-push-operator.sh index f4527fa45..fadc990c8 100755 --- a/tests/e2e/setup/build-and-push-operator.sh +++ b/tests/e2e/setup/build-and-push-operator.sh @@ -85,8 +85,12 @@ build_and_push_operator_image() { } # Main logic -if [ "${OCP}" == "true" ]; then +# Only use internal registry for OCP local development (when USE_INTERNAL_REGISTRY is set) +if [ "${OCP}" == "true" ] && [ "${USE_INTERNAL_REGISTRY:-false}" == "true" ]; then + echo "Setting up OCP internal registry for local development..." get_internal_registry fi +echo "Registry: ${HUB}" + build_and_push_operator_image \ No newline at end of file From cd99c5299a74f94c62d49a2a6f0f39b051d52811 Mon Sep 17 00:00:00 2001 From: Praneeth Bajjuri Date: Wed, 21 Jan 2026 12:25:36 -0500 Subject: [PATCH 08/40] update eol istio versions (#1529) This change updates the End-of-Life versions for Istio to the latest supported releases in the sail-operator. Signed-off-by: pbajjuri20 --- api/v1/istio_types.go | 4 +- api/v1/istiocni_types.go | 4 +- api/v1/istiorevision_types.go | 4 +- api/v1/ztunnel_types.go | 4 +- api/v1alpha1/ztunnel_types.go | 4 +- .../sailoperator.clusterserviceversion.yaml | 95 +-- .../manifests/sailoperator.io_istiocnis.yaml | 2 +- .../sailoperator.io_istiorevisions.yaml | 2 +- bundle/manifests/sailoperator.io_istios.yaml | 2 +- .../manifests/sailoperator.io_ztunnels.yaml | 4 +- chart/crds/sailoperator.io_istiocnis.yaml | 2 +- .../crds/sailoperator.io_istiorevisions.yaml | 2 +- chart/crds/sailoperator.io_istios.yaml | 2 +- chart/crds/sailoperator.io_ztunnels.yaml | 4 +- chart/values.yaml | 46 -- docs/api-reference/sailoperator.io.md | 10 +- pkg/istioversion/versions.yaml | 91 +-- resources/v1.26.0/base-1.26.0.tgz.etag | 1 - ...6bedef385e6f98904a001eebc9c4811ff.tgz.etag | 1 - resources/v1.26.0/charts/base/Chart.yaml | 10 - resources/v1.26.0/charts/base/README.md | 35 -- .../charts/base/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/base/files/profile-demo.yaml | 94 --- .../base/files/profile-platform-gke.yaml | 10 - .../base/files/profile-platform-k3d.yaml | 7 - .../base/files/profile-platform-k3s.yaml | 7 - .../base/files/profile-platform-microk8s.yaml | 7 - .../base/files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/base/files/profile-preview.yaml | 13 - .../charts/base/files/profile-remote.yaml | 13 - .../charts/base/files/profile-stable.yaml | 8 - .../v1.26.0/charts/base/templates/NOTES.txt | 5 - ...ultrevision-validatingadmissionpolicy.yaml | 53 -- ...vision-validatingwebhookconfiguration.yaml | 56 -- .../base/templates/reader-serviceaccount.yaml | 20 - .../charts/base/templates/zzz_profile.yaml | 75 --- resources/v1.26.0/charts/base/values.yaml | 37 -- resources/v1.26.0/charts/cni/Chart.yaml | 11 - resources/v1.26.0/charts/cni/README.md | 65 -- .../charts/cni/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/cni/files/profile-demo.yaml | 94 --- .../cni/files/profile-platform-gke.yaml | 10 - .../cni/files/profile-platform-k3d.yaml | 7 - .../cni/files/profile-platform-k3s.yaml | 7 - .../cni/files/profile-platform-microk8s.yaml | 7 - .../cni/files/profile-platform-minikube.yaml | 6 - .../cni/files/profile-platform-openshift.yaml | 19 - .../charts/cni/files/profile-preview.yaml | 13 - .../charts/cni/files/profile-remote.yaml | 13 - .../charts/cni/files/profile-stable.yaml | 8 - .../v1.26.0/charts/cni/templates/NOTES.txt | 5 - .../v1.26.0/charts/cni/templates/_helpers.tpl | 8 - .../charts/cni/templates/clusterrole.yaml | 81 --- .../cni/templates/clusterrolebinding.yaml | 63 -- .../charts/cni/templates/configmap-cni.yaml | 35 -- .../charts/cni/templates/daemonset.yaml | 245 -------- .../network-attachment-definition.yaml | 11 - .../charts/cni/templates/resourcequota.yaml | 19 - .../charts/cni/templates/serviceaccount.yaml | 18 - .../cni/templates/zzy_descope_legacy.yaml | 3 - .../charts/cni/templates/zzz_profile.yaml | 75 --- resources/v1.26.0/charts/cni/values.yaml | 152 ----- resources/v1.26.0/charts/gateway/Chart.yaml | 12 - resources/v1.26.0/charts/gateway/README.md | 170 ------ .../charts/gateway/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/gateway/files/profile-demo.yaml | 94 --- .../gateway/files/profile-platform-gke.yaml | 10 - .../gateway/files/profile-platform-k3d.yaml | 7 - .../gateway/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/gateway/files/profile-preview.yaml | 13 - .../charts/gateway/files/profile-remote.yaml | 13 - .../charts/gateway/files/profile-stable.yaml | 8 - .../charts/gateway/templates/NOTES.txt | 9 - .../charts/gateway/templates/_helpers.tpl | 40 -- .../charts/gateway/templates/deployment.yaml | 131 ----- .../v1.26.0/charts/gateway/templates/hpa.yaml | 40 -- .../templates/poddisruptionbudget.yaml | 18 - .../charts/gateway/templates/role.yaml | 37 -- .../charts/gateway/templates/service.yaml | 69 --- .../gateway/templates/serviceaccount.yaml | 15 - .../charts/gateway/templates/zzz_profile.yaml | 75 --- .../v1.26.0/charts/gateway/values.schema.json | 330 ----------- resources/v1.26.0/charts/gateway/values.yaml | 170 ------ resources/v1.26.0/charts/istiod/Chart.yaml | 12 - resources/v1.26.0/charts/istiod/README.md | 73 --- .../files/gateway-injection-template.yaml | 261 --------- .../charts/istiod/files/grpc-agent.yaml | 318 ---------- .../charts/istiod/files/grpc-simple.yaml | 65 -- .../istiod/files/injection-template.yaml | 530 ----------------- .../charts/istiod/files/kube-gateway.yaml | 401 ------------- .../charts/istiod/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/istiod/files/profile-demo.yaml | 94 --- .../istiod/files/profile-platform-gke.yaml | 10 - .../istiod/files/profile-platform-k3d.yaml | 7 - .../istiod/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/istiod/files/profile-preview.yaml | 13 - .../charts/istiod/files/profile-remote.yaml | 13 - .../charts/istiod/files/profile-stable.yaml | 8 - .../v1.26.0/charts/istiod/files/waypoint.yaml | 396 ------------- .../v1.26.0/charts/istiod/templates/NOTES.txt | 82 --- .../charts/istiod/templates/_helpers.tpl | 23 - .../charts/istiod/templates/autoscale.yaml | 43 -- .../charts/istiod/templates/clusterrole.yaml | 206 ------- .../istiod/templates/clusterrolebinding.yaml | 40 -- .../istiod/templates/configmap-jwks.yaml | 18 - .../istiod/templates/configmap-values.yaml | 19 - .../charts/istiod/templates/configmap.yaml | 106 ---- .../charts/istiod/templates/deployment.yaml | 304 ---------- .../templates/gateway-class-configmap.yaml | 20 - .../templates/istiod-injector-configmap.yaml | 81 --- .../istiod/templates/mutatingwebhook.yaml | 164 ------ .../istiod/templates/poddisruptionbudget.yaml | 29 - .../istiod/templates/reader-clusterrole.yaml | 64 -- .../templates/reader-clusterrolebinding.yaml | 17 - .../templates/remote-istiod-endpoints.yaml | 25 - .../templates/remote-istiod-service.yaml | 35 -- .../istiod/templates/revision-tags.yaml | 148 ----- .../v1.26.0/charts/istiod/templates/role.yaml | 35 -- .../charts/istiod/templates/rolebinding.yaml | 21 - .../charts/istiod/templates/service.yaml | 54 -- .../istiod/templates/serviceaccount.yaml | 24 - .../templates/validatingadmissionpolicy.yaml | 63 -- .../validatingwebhookconfiguration.yaml | 68 --- .../istiod/templates/zzy_descope_legacy.yaml | 3 - .../charts/istiod/templates/zzz_profile.yaml | 75 --- resources/v1.26.0/charts/istiod/values.yaml | 553 ------------------ .../v1.26.0/charts/revisiontags/Chart.yaml | 8 - .../revisiontags/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../revisiontags/files/profile-demo.yaml | 94 --- .../files/profile-platform-gke.yaml | 10 - .../files/profile-platform-k3d.yaml | 7 - .../files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../revisiontags/files/profile-preview.yaml | 13 - .../revisiontags/files/profile-remote.yaml | 13 - .../revisiontags/files/profile-stable.yaml | 8 - .../revisiontags/templates/revision-tags.yaml | 148 ----- .../revisiontags/templates/zzz_profile.yaml | 75 --- .../v1.26.0/charts/revisiontags/values.yaml | 553 ------------------ resources/v1.26.0/charts/ztunnel/Chart.yaml | 11 - resources/v1.26.0/charts/ztunnel/README.md | 50 -- .../charts/ztunnel/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/ztunnel/files/profile-demo.yaml | 94 --- .../ztunnel/files/profile-platform-gke.yaml | 10 - .../ztunnel/files/profile-platform-k3d.yaml | 7 - .../ztunnel/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/ztunnel/files/profile-preview.yaml | 13 - .../charts/ztunnel/files/profile-remote.yaml | 13 - .../charts/ztunnel/files/profile-stable.yaml | 8 - .../charts/ztunnel/templates/NOTES.txt | 5 - .../charts/ztunnel/templates/_helpers.tpl | 1 - .../charts/ztunnel/templates/daemonset.yaml | 205 ------- .../charts/ztunnel/templates/rbac.yaml | 72 --- .../ztunnel/templates/resourcequota.yaml | 20 - .../charts/ztunnel/templates/zzz_profile.yaml | 75 --- resources/v1.26.0/charts/ztunnel/values.yaml | 114 ---- resources/v1.26.0/cni-1.26.0.tgz.etag | 1 - ...6bedef385e6f98904a001eebc9c4811ff.tgz.etag | 1 - resources/v1.26.0/commit | 1 - resources/v1.26.0/gateway-1.26.0.tgz.etag | 1 - ...6bedef385e6f98904a001eebc9c4811ff.tgz.etag | 1 - resources/v1.26.0/istiod-1.26.0.tgz.etag | 1 - ...6bedef385e6f98904a001eebc9c4811ff.tgz.etag | 1 - resources/v1.26.0/profiles/ambient.yaml | 5 - resources/v1.26.0/profiles/default.yaml | 12 - resources/v1.26.0/profiles/demo.yaml | 5 - resources/v1.26.0/profiles/empty.yaml | 5 - .../v1.26.0/profiles/openshift-ambient.yaml | 7 - resources/v1.26.0/profiles/openshift.yaml | 6 - resources/v1.26.0/profiles/preview.yaml | 8 - resources/v1.26.0/profiles/remote.yaml | 7 - resources/v1.26.0/profiles/stable.yaml | 5 - resources/v1.26.0/ztunnel-1.26.0.tgz.etag | 1 - ...6bedef385e6f98904a001eebc9c4811ff.tgz.etag | 1 - resources/v1.26.1/base-1.26.1.tgz.etag | 1 - resources/v1.26.1/charts/base/Chart.yaml | 10 - resources/v1.26.1/charts/base/README.md | 35 -- .../charts/base/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/base/files/profile-demo.yaml | 94 --- .../base/files/profile-platform-gke.yaml | 10 - .../base/files/profile-platform-k3d.yaml | 7 - .../base/files/profile-platform-k3s.yaml | 7 - .../base/files/profile-platform-microk8s.yaml | 7 - .../base/files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/base/files/profile-preview.yaml | 13 - .../charts/base/files/profile-remote.yaml | 13 - .../charts/base/files/profile-stable.yaml | 8 - .../v1.26.1/charts/base/templates/NOTES.txt | 5 - ...ultrevision-validatingadmissionpolicy.yaml | 53 -- ...vision-validatingwebhookconfiguration.yaml | 56 -- .../base/templates/reader-serviceaccount.yaml | 20 - .../charts/base/templates/zzz_profile.yaml | 75 --- resources/v1.26.1/charts/base/values.yaml | 37 -- resources/v1.26.1/charts/cni/Chart.yaml | 11 - resources/v1.26.1/charts/cni/README.md | 65 -- .../charts/cni/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/cni/files/profile-demo.yaml | 94 --- .../cni/files/profile-platform-gke.yaml | 10 - .../cni/files/profile-platform-k3d.yaml | 7 - .../cni/files/profile-platform-k3s.yaml | 7 - .../cni/files/profile-platform-microk8s.yaml | 7 - .../cni/files/profile-platform-minikube.yaml | 6 - .../cni/files/profile-platform-openshift.yaml | 19 - .../charts/cni/files/profile-preview.yaml | 13 - .../charts/cni/files/profile-remote.yaml | 13 - .../charts/cni/files/profile-stable.yaml | 8 - .../v1.26.1/charts/cni/templates/NOTES.txt | 5 - .../v1.26.1/charts/cni/templates/_helpers.tpl | 8 - .../charts/cni/templates/clusterrole.yaml | 81 --- .../cni/templates/clusterrolebinding.yaml | 63 -- .../charts/cni/templates/configmap-cni.yaml | 35 -- .../charts/cni/templates/daemonset.yaml | 245 -------- .../network-attachment-definition.yaml | 11 - .../charts/cni/templates/resourcequota.yaml | 19 - .../charts/cni/templates/serviceaccount.yaml | 18 - .../cni/templates/zzy_descope_legacy.yaml | 3 - .../charts/cni/templates/zzz_profile.yaml | 75 --- resources/v1.26.1/charts/cni/values.yaml | 152 ----- resources/v1.26.1/charts/gateway/Chart.yaml | 12 - resources/v1.26.1/charts/gateway/README.md | 170 ------ .../charts/gateway/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/gateway/files/profile-demo.yaml | 94 --- .../gateway/files/profile-platform-gke.yaml | 10 - .../gateway/files/profile-platform-k3d.yaml | 7 - .../gateway/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/gateway/files/profile-preview.yaml | 13 - .../charts/gateway/files/profile-remote.yaml | 13 - .../charts/gateway/files/profile-stable.yaml | 8 - .../charts/gateway/templates/NOTES.txt | 9 - .../charts/gateway/templates/_helpers.tpl | 40 -- .../charts/gateway/templates/deployment.yaml | 131 ----- .../v1.26.1/charts/gateway/templates/hpa.yaml | 40 -- .../templates/poddisruptionbudget.yaml | 18 - .../charts/gateway/templates/role.yaml | 37 -- .../charts/gateway/templates/service.yaml | 69 --- .../gateway/templates/serviceaccount.yaml | 15 - .../charts/gateway/templates/zzz_profile.yaml | 75 --- .../v1.26.1/charts/gateway/values.schema.json | 330 ----------- resources/v1.26.1/charts/gateway/values.yaml | 170 ------ resources/v1.26.1/charts/istiod/Chart.yaml | 12 - resources/v1.26.1/charts/istiod/README.md | 73 --- .../files/gateway-injection-template.yaml | 261 --------- .../charts/istiod/files/grpc-agent.yaml | 318 ---------- .../charts/istiod/files/grpc-simple.yaml | 65 -- .../istiod/files/injection-template.yaml | 530 ----------------- .../charts/istiod/files/kube-gateway.yaml | 401 ------------- .../charts/istiod/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/istiod/files/profile-demo.yaml | 94 --- .../istiod/files/profile-platform-gke.yaml | 10 - .../istiod/files/profile-platform-k3d.yaml | 7 - .../istiod/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/istiod/files/profile-preview.yaml | 13 - .../charts/istiod/files/profile-remote.yaml | 13 - .../charts/istiod/files/profile-stable.yaml | 8 - .../v1.26.1/charts/istiod/files/waypoint.yaml | 396 ------------- .../v1.26.1/charts/istiod/templates/NOTES.txt | 82 --- .../charts/istiod/templates/_helpers.tpl | 23 - .../charts/istiod/templates/autoscale.yaml | 43 -- .../charts/istiod/templates/clusterrole.yaml | 206 ------- .../istiod/templates/clusterrolebinding.yaml | 40 -- .../istiod/templates/configmap-jwks.yaml | 18 - .../istiod/templates/configmap-values.yaml | 19 - .../charts/istiod/templates/configmap.yaml | 106 ---- .../charts/istiod/templates/deployment.yaml | 304 ---------- .../templates/gateway-class-configmap.yaml | 20 - .../templates/istiod-injector-configmap.yaml | 81 --- .../istiod/templates/mutatingwebhook.yaml | 164 ------ .../istiod/templates/poddisruptionbudget.yaml | 29 - .../istiod/templates/reader-clusterrole.yaml | 64 -- .../templates/reader-clusterrolebinding.yaml | 17 - .../templates/remote-istiod-endpoints.yaml | 25 - .../templates/remote-istiod-service.yaml | 35 -- .../istiod/templates/revision-tags.yaml | 148 ----- .../v1.26.1/charts/istiod/templates/role.yaml | 35 -- .../charts/istiod/templates/rolebinding.yaml | 21 - .../charts/istiod/templates/service.yaml | 54 -- .../istiod/templates/serviceaccount.yaml | 24 - .../templates/validatingadmissionpolicy.yaml | 63 -- .../validatingwebhookconfiguration.yaml | 68 --- .../istiod/templates/zzy_descope_legacy.yaml | 3 - .../charts/istiod/templates/zzz_profile.yaml | 75 --- resources/v1.26.1/charts/istiod/values.yaml | 553 ------------------ .../v1.26.1/charts/revisiontags/Chart.yaml | 8 - .../revisiontags/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../revisiontags/files/profile-demo.yaml | 94 --- .../files/profile-platform-gke.yaml | 10 - .../files/profile-platform-k3d.yaml | 7 - .../files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../revisiontags/files/profile-preview.yaml | 13 - .../revisiontags/files/profile-remote.yaml | 13 - .../revisiontags/files/profile-stable.yaml | 8 - .../revisiontags/templates/revision-tags.yaml | 148 ----- .../revisiontags/templates/zzz_profile.yaml | 75 --- .../v1.26.1/charts/revisiontags/values.yaml | 553 ------------------ resources/v1.26.1/charts/ztunnel/Chart.yaml | 11 - resources/v1.26.1/charts/ztunnel/README.md | 50 -- .../charts/ztunnel/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/ztunnel/files/profile-demo.yaml | 94 --- .../ztunnel/files/profile-platform-gke.yaml | 10 - .../ztunnel/files/profile-platform-k3d.yaml | 7 - .../ztunnel/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/ztunnel/files/profile-preview.yaml | 13 - .../charts/ztunnel/files/profile-remote.yaml | 13 - .../charts/ztunnel/files/profile-stable.yaml | 8 - .../charts/ztunnel/templates/NOTES.txt | 5 - .../charts/ztunnel/templates/_helpers.tpl | 1 - .../charts/ztunnel/templates/daemonset.yaml | 205 ------- .../charts/ztunnel/templates/rbac.yaml | 72 --- .../ztunnel/templates/resourcequota.yaml | 20 - .../charts/ztunnel/templates/zzz_profile.yaml | 75 --- resources/v1.26.1/charts/ztunnel/values.yaml | 114 ---- resources/v1.26.1/cni-1.26.1.tgz.etag | 1 - resources/v1.26.1/commit | 1 - resources/v1.26.1/gateway-1.26.1.tgz.etag | 1 - resources/v1.26.1/istiod-1.26.1.tgz.etag | 1 - resources/v1.26.1/profiles/ambient.yaml | 5 - resources/v1.26.1/profiles/default.yaml | 12 - resources/v1.26.1/profiles/demo.yaml | 5 - resources/v1.26.1/profiles/empty.yaml | 5 - .../v1.26.1/profiles/openshift-ambient.yaml | 7 - resources/v1.26.1/profiles/openshift.yaml | 6 - resources/v1.26.1/profiles/preview.yaml | 8 - resources/v1.26.1/profiles/remote.yaml | 7 - resources/v1.26.1/profiles/stable.yaml | 5 - resources/v1.26.1/ztunnel-1.26.1.tgz.etag | 1 - resources/v1.26.2/base-1.26.2.tgz.etag | 1 - resources/v1.26.2/charts/base/Chart.yaml | 10 - resources/v1.26.2/charts/base/README.md | 35 -- .../charts/base/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/base/files/profile-demo.yaml | 94 --- .../base/files/profile-platform-gke.yaml | 10 - .../base/files/profile-platform-k3d.yaml | 7 - .../base/files/profile-platform-k3s.yaml | 7 - .../base/files/profile-platform-microk8s.yaml | 7 - .../base/files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/base/files/profile-preview.yaml | 13 - .../charts/base/files/profile-remote.yaml | 13 - .../charts/base/files/profile-stable.yaml | 8 - .../v1.26.2/charts/base/templates/NOTES.txt | 5 - ...ultrevision-validatingadmissionpolicy.yaml | 53 -- ...vision-validatingwebhookconfiguration.yaml | 56 -- .../base/templates/reader-serviceaccount.yaml | 20 - .../charts/base/templates/zzz_profile.yaml | 75 --- resources/v1.26.2/charts/base/values.yaml | 37 -- resources/v1.26.2/charts/cni/Chart.yaml | 11 - resources/v1.26.2/charts/cni/README.md | 65 -- .../charts/cni/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/cni/files/profile-demo.yaml | 94 --- .../cni/files/profile-platform-gke.yaml | 10 - .../cni/files/profile-platform-k3d.yaml | 7 - .../cni/files/profile-platform-k3s.yaml | 7 - .../cni/files/profile-platform-microk8s.yaml | 7 - .../cni/files/profile-platform-minikube.yaml | 6 - .../cni/files/profile-platform-openshift.yaml | 19 - .../charts/cni/files/profile-preview.yaml | 13 - .../charts/cni/files/profile-remote.yaml | 13 - .../charts/cni/files/profile-stable.yaml | 8 - .../v1.26.2/charts/cni/templates/NOTES.txt | 5 - .../v1.26.2/charts/cni/templates/_helpers.tpl | 8 - .../charts/cni/templates/clusterrole.yaml | 81 --- .../cni/templates/clusterrolebinding.yaml | 63 -- .../charts/cni/templates/configmap-cni.yaml | 35 -- .../charts/cni/templates/daemonset.yaml | 245 -------- .../network-attachment-definition.yaml | 11 - .../charts/cni/templates/resourcequota.yaml | 19 - .../charts/cni/templates/serviceaccount.yaml | 18 - .../cni/templates/zzy_descope_legacy.yaml | 3 - .../charts/cni/templates/zzz_profile.yaml | 75 --- resources/v1.26.2/charts/cni/values.yaml | 152 ----- resources/v1.26.2/charts/gateway/Chart.yaml | 12 - resources/v1.26.2/charts/gateway/README.md | 170 ------ .../charts/gateway/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/gateway/files/profile-demo.yaml | 94 --- .../gateway/files/profile-platform-gke.yaml | 10 - .../gateway/files/profile-platform-k3d.yaml | 7 - .../gateway/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/gateway/files/profile-preview.yaml | 13 - .../charts/gateway/files/profile-remote.yaml | 13 - .../charts/gateway/files/profile-stable.yaml | 8 - .../charts/gateway/templates/NOTES.txt | 9 - .../charts/gateway/templates/_helpers.tpl | 40 -- .../charts/gateway/templates/deployment.yaml | 131 ----- .../v1.26.2/charts/gateway/templates/hpa.yaml | 40 -- .../templates/poddisruptionbudget.yaml | 18 - .../charts/gateway/templates/role.yaml | 37 -- .../charts/gateway/templates/service.yaml | 69 --- .../gateway/templates/serviceaccount.yaml | 15 - .../charts/gateway/templates/zzz_profile.yaml | 75 --- .../v1.26.2/charts/gateway/values.schema.json | 330 ----------- resources/v1.26.2/charts/gateway/values.yaml | 170 ------ resources/v1.26.2/charts/istiod/Chart.yaml | 12 - resources/v1.26.2/charts/istiod/README.md | 73 --- .../files/gateway-injection-template.yaml | 261 --------- .../charts/istiod/files/grpc-agent.yaml | 318 ---------- .../charts/istiod/files/grpc-simple.yaml | 65 -- .../istiod/files/injection-template.yaml | 532 ----------------- .../charts/istiod/files/kube-gateway.yaml | 401 ------------- .../charts/istiod/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/istiod/files/profile-demo.yaml | 94 --- .../istiod/files/profile-platform-gke.yaml | 10 - .../istiod/files/profile-platform-k3d.yaml | 7 - .../istiod/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/istiod/files/profile-preview.yaml | 13 - .../charts/istiod/files/profile-remote.yaml | 13 - .../charts/istiod/files/profile-stable.yaml | 8 - .../v1.26.2/charts/istiod/files/waypoint.yaml | 396 ------------- .../v1.26.2/charts/istiod/templates/NOTES.txt | 82 --- .../charts/istiod/templates/_helpers.tpl | 23 - .../charts/istiod/templates/autoscale.yaml | 43 -- .../charts/istiod/templates/clusterrole.yaml | 206 ------- .../istiod/templates/clusterrolebinding.yaml | 40 -- .../istiod/templates/configmap-jwks.yaml | 18 - .../istiod/templates/configmap-values.yaml | 19 - .../charts/istiod/templates/configmap.yaml | 106 ---- .../charts/istiod/templates/deployment.yaml | 304 ---------- .../templates/gateway-class-configmap.yaml | 20 - .../templates/istiod-injector-configmap.yaml | 81 --- .../istiod/templates/mutatingwebhook.yaml | 164 ------ .../istiod/templates/poddisruptionbudget.yaml | 29 - .../istiod/templates/reader-clusterrole.yaml | 64 -- .../templates/reader-clusterrolebinding.yaml | 17 - .../templates/remote-istiod-endpoints.yaml | 25 - .../templates/remote-istiod-service.yaml | 35 -- .../istiod/templates/revision-tags.yaml | 148 ----- .../v1.26.2/charts/istiod/templates/role.yaml | 35 -- .../charts/istiod/templates/rolebinding.yaml | 21 - .../charts/istiod/templates/service.yaml | 54 -- .../istiod/templates/serviceaccount.yaml | 24 - .../templates/validatingadmissionpolicy.yaml | 63 -- .../validatingwebhookconfiguration.yaml | 68 --- .../istiod/templates/zzy_descope_legacy.yaml | 3 - .../charts/istiod/templates/zzz_profile.yaml | 75 --- resources/v1.26.2/charts/istiod/values.yaml | 553 ------------------ .../v1.26.2/charts/revisiontags/Chart.yaml | 8 - .../revisiontags/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../revisiontags/files/profile-demo.yaml | 94 --- .../files/profile-platform-gke.yaml | 10 - .../files/profile-platform-k3d.yaml | 7 - .../files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../revisiontags/files/profile-preview.yaml | 13 - .../revisiontags/files/profile-remote.yaml | 13 - .../revisiontags/files/profile-stable.yaml | 8 - .../revisiontags/templates/revision-tags.yaml | 148 ----- .../revisiontags/templates/zzz_profile.yaml | 75 --- .../v1.26.2/charts/revisiontags/values.yaml | 553 ------------------ resources/v1.26.2/charts/ztunnel/Chart.yaml | 11 - resources/v1.26.2/charts/ztunnel/README.md | 50 -- .../charts/ztunnel/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/ztunnel/files/profile-demo.yaml | 94 --- .../ztunnel/files/profile-platform-gke.yaml | 10 - .../ztunnel/files/profile-platform-k3d.yaml | 7 - .../ztunnel/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/ztunnel/files/profile-preview.yaml | 13 - .../charts/ztunnel/files/profile-remote.yaml | 13 - .../charts/ztunnel/files/profile-stable.yaml | 8 - .../charts/ztunnel/templates/NOTES.txt | 5 - .../charts/ztunnel/templates/_helpers.tpl | 1 - .../charts/ztunnel/templates/daemonset.yaml | 205 ------- .../charts/ztunnel/templates/rbac.yaml | 72 --- .../ztunnel/templates/resourcequota.yaml | 20 - .../charts/ztunnel/templates/zzz_profile.yaml | 75 --- resources/v1.26.2/charts/ztunnel/values.yaml | 114 ---- resources/v1.26.2/cni-1.26.2.tgz.etag | 1 - resources/v1.26.2/commit | 1 - resources/v1.26.2/gateway-1.26.2.tgz.etag | 1 - resources/v1.26.2/istiod-1.26.2.tgz.etag | 1 - resources/v1.26.2/profiles/ambient.yaml | 5 - resources/v1.26.2/profiles/default.yaml | 12 - resources/v1.26.2/profiles/demo.yaml | 5 - resources/v1.26.2/profiles/empty.yaml | 5 - .../v1.26.2/profiles/openshift-ambient.yaml | 7 - resources/v1.26.2/profiles/openshift.yaml | 6 - resources/v1.26.2/profiles/preview.yaml | 8 - resources/v1.26.2/profiles/remote.yaml | 7 - resources/v1.26.2/profiles/stable.yaml | 5 - resources/v1.26.2/ztunnel-1.26.2.tgz.etag | 1 - resources/v1.26.3/base-1.26.3.tgz.etag | 1 - resources/v1.26.3/charts/base/Chart.yaml | 10 - resources/v1.26.3/charts/base/README.md | 35 -- .../charts/base/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/base/files/profile-demo.yaml | 94 --- .../base/files/profile-platform-gke.yaml | 10 - .../base/files/profile-platform-k3d.yaml | 7 - .../base/files/profile-platform-k3s.yaml | 7 - .../base/files/profile-platform-microk8s.yaml | 7 - .../base/files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/base/files/profile-preview.yaml | 13 - .../charts/base/files/profile-remote.yaml | 13 - .../charts/base/files/profile-stable.yaml | 8 - .../v1.26.3/charts/base/templates/NOTES.txt | 5 - ...ultrevision-validatingadmissionpolicy.yaml | 53 -- ...vision-validatingwebhookconfiguration.yaml | 56 -- .../base/templates/reader-serviceaccount.yaml | 20 - .../charts/base/templates/zzz_profile.yaml | 75 --- resources/v1.26.3/charts/base/values.yaml | 37 -- resources/v1.26.3/charts/cni/Chart.yaml | 11 - resources/v1.26.3/charts/cni/README.md | 65 -- .../charts/cni/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/cni/files/profile-demo.yaml | 94 --- .../cni/files/profile-platform-gke.yaml | 10 - .../cni/files/profile-platform-k3d.yaml | 7 - .../cni/files/profile-platform-k3s.yaml | 7 - .../cni/files/profile-platform-microk8s.yaml | 7 - .../cni/files/profile-platform-minikube.yaml | 6 - .../cni/files/profile-platform-openshift.yaml | 19 - .../charts/cni/files/profile-preview.yaml | 13 - .../charts/cni/files/profile-remote.yaml | 13 - .../charts/cni/files/profile-stable.yaml | 8 - .../v1.26.3/charts/cni/templates/NOTES.txt | 5 - .../v1.26.3/charts/cni/templates/_helpers.tpl | 8 - .../charts/cni/templates/clusterrole.yaml | 81 --- .../cni/templates/clusterrolebinding.yaml | 63 -- .../charts/cni/templates/configmap-cni.yaml | 35 -- .../charts/cni/templates/daemonset.yaml | 245 -------- .../network-attachment-definition.yaml | 11 - .../charts/cni/templates/resourcequota.yaml | 19 - .../charts/cni/templates/serviceaccount.yaml | 18 - .../cni/templates/zzy_descope_legacy.yaml | 3 - .../charts/cni/templates/zzz_profile.yaml | 75 --- resources/v1.26.3/charts/cni/values.yaml | 152 ----- resources/v1.26.3/charts/gateway/Chart.yaml | 12 - resources/v1.26.3/charts/gateway/README.md | 170 ------ .../charts/gateway/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/gateway/files/profile-demo.yaml | 94 --- .../gateway/files/profile-platform-gke.yaml | 10 - .../gateway/files/profile-platform-k3d.yaml | 7 - .../gateway/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/gateway/files/profile-preview.yaml | 13 - .../charts/gateway/files/profile-remote.yaml | 13 - .../charts/gateway/files/profile-stable.yaml | 8 - .../charts/gateway/templates/NOTES.txt | 9 - .../charts/gateway/templates/_helpers.tpl | 40 -- .../charts/gateway/templates/deployment.yaml | 131 ----- .../v1.26.3/charts/gateway/templates/hpa.yaml | 40 -- .../templates/poddisruptionbudget.yaml | 18 - .../charts/gateway/templates/role.yaml | 37 -- .../charts/gateway/templates/service.yaml | 69 --- .../gateway/templates/serviceaccount.yaml | 15 - .../charts/gateway/templates/zzz_profile.yaml | 75 --- .../v1.26.3/charts/gateway/values.schema.json | 330 ----------- resources/v1.26.3/charts/gateway/values.yaml | 170 ------ resources/v1.26.3/charts/istiod/Chart.yaml | 12 - resources/v1.26.3/charts/istiod/README.md | 73 --- .../files/gateway-injection-template.yaml | 261 --------- .../charts/istiod/files/grpc-agent.yaml | 318 ---------- .../charts/istiod/files/grpc-simple.yaml | 65 -- .../istiod/files/injection-template.yaml | 532 ----------------- .../charts/istiod/files/kube-gateway.yaml | 401 ------------- .../charts/istiod/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/istiod/files/profile-demo.yaml | 94 --- .../istiod/files/profile-platform-gke.yaml | 10 - .../istiod/files/profile-platform-k3d.yaml | 7 - .../istiod/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/istiod/files/profile-preview.yaml | 13 - .../charts/istiod/files/profile-remote.yaml | 13 - .../charts/istiod/files/profile-stable.yaml | 8 - .../v1.26.3/charts/istiod/files/waypoint.yaml | 396 ------------- .../v1.26.3/charts/istiod/templates/NOTES.txt | 82 --- .../charts/istiod/templates/_helpers.tpl | 23 - .../charts/istiod/templates/autoscale.yaml | 43 -- .../charts/istiod/templates/clusterrole.yaml | 206 ------- .../istiod/templates/clusterrolebinding.yaml | 40 -- .../istiod/templates/configmap-jwks.yaml | 18 - .../istiod/templates/configmap-values.yaml | 19 - .../charts/istiod/templates/configmap.yaml | 106 ---- .../charts/istiod/templates/deployment.yaml | 304 ---------- .../templates/gateway-class-configmap.yaml | 20 - .../templates/istiod-injector-configmap.yaml | 81 --- .../istiod/templates/mutatingwebhook.yaml | 164 ------ .../istiod/templates/poddisruptionbudget.yaml | 29 - .../istiod/templates/reader-clusterrole.yaml | 64 -- .../templates/reader-clusterrolebinding.yaml | 17 - .../templates/remote-istiod-endpoints.yaml | 25 - .../templates/remote-istiod-service.yaml | 35 -- .../istiod/templates/revision-tags.yaml | 148 ----- .../v1.26.3/charts/istiod/templates/role.yaml | 35 -- .../charts/istiod/templates/rolebinding.yaml | 21 - .../charts/istiod/templates/service.yaml | 54 -- .../istiod/templates/serviceaccount.yaml | 24 - .../templates/validatingadmissionpolicy.yaml | 63 -- .../validatingwebhookconfiguration.yaml | 68 --- .../istiod/templates/zzy_descope_legacy.yaml | 3 - .../charts/istiod/templates/zzz_profile.yaml | 75 --- resources/v1.26.3/charts/istiod/values.yaml | 553 ------------------ .../v1.26.3/charts/revisiontags/Chart.yaml | 8 - .../revisiontags/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../revisiontags/files/profile-demo.yaml | 94 --- .../files/profile-platform-gke.yaml | 10 - .../files/profile-platform-k3d.yaml | 7 - .../files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../revisiontags/files/profile-preview.yaml | 13 - .../revisiontags/files/profile-remote.yaml | 13 - .../revisiontags/files/profile-stable.yaml | 8 - .../revisiontags/templates/revision-tags.yaml | 148 ----- .../revisiontags/templates/zzz_profile.yaml | 75 --- .../v1.26.3/charts/revisiontags/values.yaml | 553 ------------------ resources/v1.26.3/charts/ztunnel/Chart.yaml | 11 - resources/v1.26.3/charts/ztunnel/README.md | 50 -- .../charts/ztunnel/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/ztunnel/files/profile-demo.yaml | 94 --- .../ztunnel/files/profile-platform-gke.yaml | 10 - .../ztunnel/files/profile-platform-k3d.yaml | 7 - .../ztunnel/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/ztunnel/files/profile-preview.yaml | 13 - .../charts/ztunnel/files/profile-remote.yaml | 13 - .../charts/ztunnel/files/profile-stable.yaml | 8 - .../charts/ztunnel/templates/NOTES.txt | 5 - .../charts/ztunnel/templates/_helpers.tpl | 1 - .../charts/ztunnel/templates/daemonset.yaml | 205 ------- .../charts/ztunnel/templates/rbac.yaml | 72 --- .../ztunnel/templates/resourcequota.yaml | 20 - .../charts/ztunnel/templates/zzz_profile.yaml | 75 --- resources/v1.26.3/charts/ztunnel/values.yaml | 114 ---- resources/v1.26.3/cni-1.26.3.tgz.etag | 1 - resources/v1.26.3/commit | 1 - resources/v1.26.3/gateway-1.26.3.tgz.etag | 1 - resources/v1.26.3/istiod-1.26.3.tgz.etag | 1 - resources/v1.26.3/profiles/ambient.yaml | 5 - resources/v1.26.3/profiles/default.yaml | 12 - resources/v1.26.3/profiles/demo.yaml | 5 - resources/v1.26.3/profiles/empty.yaml | 5 - .../v1.26.3/profiles/openshift-ambient.yaml | 7 - resources/v1.26.3/profiles/openshift.yaml | 6 - resources/v1.26.3/profiles/preview.yaml | 8 - resources/v1.26.3/profiles/remote.yaml | 7 - resources/v1.26.3/profiles/stable.yaml | 5 - resources/v1.26.3/ztunnel-1.26.3.tgz.etag | 1 - resources/v1.26.4/base-1.26.4.tgz.etag | 1 - resources/v1.26.4/charts/base/Chart.yaml | 10 - resources/v1.26.4/charts/base/README.md | 35 -- .../charts/base/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/base/files/profile-demo.yaml | 94 --- .../base/files/profile-platform-gke.yaml | 10 - .../base/files/profile-platform-k3d.yaml | 7 - .../base/files/profile-platform-k3s.yaml | 7 - .../base/files/profile-platform-microk8s.yaml | 7 - .../base/files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/base/files/profile-preview.yaml | 13 - .../charts/base/files/profile-remote.yaml | 13 - .../charts/base/files/profile-stable.yaml | 8 - .../v1.26.4/charts/base/templates/NOTES.txt | 5 - ...ultrevision-validatingadmissionpolicy.yaml | 53 -- ...vision-validatingwebhookconfiguration.yaml | 56 -- .../base/templates/reader-serviceaccount.yaml | 20 - .../charts/base/templates/zzz_profile.yaml | 75 --- resources/v1.26.4/charts/base/values.yaml | 37 -- resources/v1.26.4/charts/cni/Chart.yaml | 11 - resources/v1.26.4/charts/cni/README.md | 65 -- .../charts/cni/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/cni/files/profile-demo.yaml | 94 --- .../cni/files/profile-platform-gke.yaml | 10 - .../cni/files/profile-platform-k3d.yaml | 7 - .../cni/files/profile-platform-k3s.yaml | 7 - .../cni/files/profile-platform-microk8s.yaml | 7 - .../cni/files/profile-platform-minikube.yaml | 6 - .../cni/files/profile-platform-openshift.yaml | 19 - .../charts/cni/files/profile-preview.yaml | 13 - .../charts/cni/files/profile-remote.yaml | 13 - .../charts/cni/files/profile-stable.yaml | 8 - .../v1.26.4/charts/cni/templates/NOTES.txt | 5 - .../v1.26.4/charts/cni/templates/_helpers.tpl | 8 - .../charts/cni/templates/clusterrole.yaml | 81 --- .../cni/templates/clusterrolebinding.yaml | 63 -- .../charts/cni/templates/configmap-cni.yaml | 35 -- .../charts/cni/templates/daemonset.yaml | 245 -------- .../network-attachment-definition.yaml | 11 - .../charts/cni/templates/resourcequota.yaml | 19 - .../charts/cni/templates/serviceaccount.yaml | 18 - .../cni/templates/zzy_descope_legacy.yaml | 3 - .../charts/cni/templates/zzz_profile.yaml | 75 --- resources/v1.26.4/charts/cni/values.yaml | 152 ----- resources/v1.26.4/charts/gateway/Chart.yaml | 12 - resources/v1.26.4/charts/gateway/README.md | 170 ------ .../charts/gateway/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/gateway/files/profile-demo.yaml | 94 --- .../gateway/files/profile-platform-gke.yaml | 10 - .../gateway/files/profile-platform-k3d.yaml | 7 - .../gateway/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/gateway/files/profile-preview.yaml | 13 - .../charts/gateway/files/profile-remote.yaml | 13 - .../charts/gateway/files/profile-stable.yaml | 8 - .../charts/gateway/templates/NOTES.txt | 9 - .../charts/gateway/templates/_helpers.tpl | 40 -- .../charts/gateway/templates/deployment.yaml | 131 ----- .../v1.26.4/charts/gateway/templates/hpa.yaml | 40 -- .../templates/poddisruptionbudget.yaml | 18 - .../charts/gateway/templates/role.yaml | 37 -- .../charts/gateway/templates/service.yaml | 69 --- .../gateway/templates/serviceaccount.yaml | 15 - .../charts/gateway/templates/zzz_profile.yaml | 75 --- .../v1.26.4/charts/gateway/values.schema.json | 368 ------------ resources/v1.26.4/charts/gateway/values.yaml | 170 ------ resources/v1.26.4/charts/istiod/Chart.yaml | 12 - resources/v1.26.4/charts/istiod/README.md | 73 --- .../files/gateway-injection-template.yaml | 261 --------- .../charts/istiod/files/grpc-agent.yaml | 318 ---------- .../charts/istiod/files/grpc-simple.yaml | 65 -- .../istiod/files/injection-template.yaml | 532 ----------------- .../charts/istiod/files/kube-gateway.yaml | 401 ------------- .../charts/istiod/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/istiod/files/profile-demo.yaml | 94 --- .../istiod/files/profile-platform-gke.yaml | 10 - .../istiod/files/profile-platform-k3d.yaml | 7 - .../istiod/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/istiod/files/profile-preview.yaml | 13 - .../charts/istiod/files/profile-remote.yaml | 13 - .../charts/istiod/files/profile-stable.yaml | 8 - .../v1.26.4/charts/istiod/files/waypoint.yaml | 396 ------------- .../v1.26.4/charts/istiod/templates/NOTES.txt | 82 --- .../charts/istiod/templates/_helpers.tpl | 23 - .../charts/istiod/templates/autoscale.yaml | 43 -- .../charts/istiod/templates/clusterrole.yaml | 206 ------- .../istiod/templates/clusterrolebinding.yaml | 40 -- .../istiod/templates/configmap-jwks.yaml | 18 - .../istiod/templates/configmap-values.yaml | 19 - .../charts/istiod/templates/configmap.yaml | 106 ---- .../charts/istiod/templates/deployment.yaml | 304 ---------- .../templates/gateway-class-configmap.yaml | 20 - .../templates/istiod-injector-configmap.yaml | 81 --- .../istiod/templates/mutatingwebhook.yaml | 164 ------ .../istiod/templates/poddisruptionbudget.yaml | 29 - .../istiod/templates/reader-clusterrole.yaml | 64 -- .../templates/reader-clusterrolebinding.yaml | 17 - .../templates/remote-istiod-endpoints.yaml | 25 - .../templates/remote-istiod-service.yaml | 35 -- .../istiod/templates/revision-tags.yaml | 148 ----- .../v1.26.4/charts/istiod/templates/role.yaml | 35 -- .../charts/istiod/templates/rolebinding.yaml | 21 - .../charts/istiod/templates/service.yaml | 54 -- .../istiod/templates/serviceaccount.yaml | 24 - .../templates/validatingadmissionpolicy.yaml | 63 -- .../validatingwebhookconfiguration.yaml | 68 --- .../istiod/templates/zzy_descope_legacy.yaml | 3 - .../charts/istiod/templates/zzz_profile.yaml | 75 --- resources/v1.26.4/charts/istiod/values.yaml | 553 ------------------ .../v1.26.4/charts/revisiontags/Chart.yaml | 8 - .../revisiontags/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../revisiontags/files/profile-demo.yaml | 94 --- .../files/profile-platform-gke.yaml | 10 - .../files/profile-platform-k3d.yaml | 7 - .../files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../revisiontags/files/profile-preview.yaml | 13 - .../revisiontags/files/profile-remote.yaml | 13 - .../revisiontags/files/profile-stable.yaml | 8 - .../revisiontags/templates/revision-tags.yaml | 148 ----- .../revisiontags/templates/zzz_profile.yaml | 75 --- .../v1.26.4/charts/revisiontags/values.yaml | 553 ------------------ resources/v1.26.4/charts/ztunnel/Chart.yaml | 11 - resources/v1.26.4/charts/ztunnel/README.md | 50 -- .../charts/ztunnel/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/ztunnel/files/profile-demo.yaml | 94 --- .../ztunnel/files/profile-platform-gke.yaml | 10 - .../ztunnel/files/profile-platform-k3d.yaml | 7 - .../ztunnel/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/ztunnel/files/profile-preview.yaml | 13 - .../charts/ztunnel/files/profile-remote.yaml | 13 - .../charts/ztunnel/files/profile-stable.yaml | 8 - .../charts/ztunnel/templates/NOTES.txt | 5 - .../charts/ztunnel/templates/_helpers.tpl | 1 - .../charts/ztunnel/templates/daemonset.yaml | 205 ------- .../charts/ztunnel/templates/rbac.yaml | 72 --- .../ztunnel/templates/resourcequota.yaml | 20 - .../charts/ztunnel/templates/zzz_profile.yaml | 75 --- resources/v1.26.4/charts/ztunnel/values.yaml | 114 ---- resources/v1.26.4/cni-1.26.4.tgz.etag | 1 - resources/v1.26.4/commit | 1 - resources/v1.26.4/gateway-1.26.4.tgz.etag | 1 - resources/v1.26.4/istiod-1.26.4.tgz.etag | 1 - resources/v1.26.4/profiles/ambient.yaml | 5 - resources/v1.26.4/profiles/default.yaml | 12 - resources/v1.26.4/profiles/demo.yaml | 5 - resources/v1.26.4/profiles/empty.yaml | 5 - .../v1.26.4/profiles/openshift-ambient.yaml | 7 - resources/v1.26.4/profiles/openshift.yaml | 6 - resources/v1.26.4/profiles/preview.yaml | 8 - resources/v1.26.4/profiles/remote.yaml | 7 - resources/v1.26.4/profiles/stable.yaml | 5 - resources/v1.26.4/ztunnel-1.26.4.tgz.etag | 1 - resources/v1.26.5/base-1.26.5.tgz.etag | 1 - resources/v1.26.5/charts/base/Chart.yaml | 10 - resources/v1.26.5/charts/base/README.md | 35 -- .../charts/base/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/base/files/profile-demo.yaml | 94 --- .../base/files/profile-platform-gke.yaml | 10 - .../base/files/profile-platform-k3d.yaml | 7 - .../base/files/profile-platform-k3s.yaml | 7 - .../base/files/profile-platform-microk8s.yaml | 7 - .../base/files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/base/files/profile-preview.yaml | 13 - .../charts/base/files/profile-remote.yaml | 13 - .../charts/base/files/profile-stable.yaml | 8 - .../v1.26.5/charts/base/templates/NOTES.txt | 5 - ...ultrevision-validatingadmissionpolicy.yaml | 53 -- ...vision-validatingwebhookconfiguration.yaml | 56 -- .../base/templates/reader-serviceaccount.yaml | 20 - .../charts/base/templates/zzz_profile.yaml | 75 --- resources/v1.26.5/charts/base/values.yaml | 37 -- resources/v1.26.5/charts/cni/Chart.yaml | 11 - resources/v1.26.5/charts/cni/README.md | 65 -- .../charts/cni/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/cni/files/profile-demo.yaml | 94 --- .../cni/files/profile-platform-gke.yaml | 10 - .../cni/files/profile-platform-k3d.yaml | 7 - .../cni/files/profile-platform-k3s.yaml | 7 - .../cni/files/profile-platform-microk8s.yaml | 7 - .../cni/files/profile-platform-minikube.yaml | 6 - .../cni/files/profile-platform-openshift.yaml | 19 - .../charts/cni/files/profile-preview.yaml | 13 - .../charts/cni/files/profile-remote.yaml | 13 - .../charts/cni/files/profile-stable.yaml | 8 - .../v1.26.5/charts/cni/templates/NOTES.txt | 5 - .../v1.26.5/charts/cni/templates/_helpers.tpl | 8 - .../charts/cni/templates/clusterrole.yaml | 81 --- .../cni/templates/clusterrolebinding.yaml | 63 -- .../charts/cni/templates/configmap-cni.yaml | 35 -- .../charts/cni/templates/daemonset.yaml | 245 -------- .../network-attachment-definition.yaml | 11 - .../charts/cni/templates/resourcequota.yaml | 19 - .../charts/cni/templates/serviceaccount.yaml | 18 - .../cni/templates/zzy_descope_legacy.yaml | 3 - .../charts/cni/templates/zzz_profile.yaml | 75 --- resources/v1.26.5/charts/cni/values.yaml | 152 ----- resources/v1.26.5/charts/gateway/Chart.yaml | 12 - resources/v1.26.5/charts/gateway/README.md | 170 ------ .../charts/gateway/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/gateway/files/profile-demo.yaml | 94 --- .../gateway/files/profile-platform-gke.yaml | 10 - .../gateway/files/profile-platform-k3d.yaml | 7 - .../gateway/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/gateway/files/profile-preview.yaml | 13 - .../charts/gateway/files/profile-remote.yaml | 13 - .../charts/gateway/files/profile-stable.yaml | 8 - .../charts/gateway/templates/NOTES.txt | 9 - .../charts/gateway/templates/_helpers.tpl | 40 -- .../charts/gateway/templates/deployment.yaml | 131 ----- .../v1.26.5/charts/gateway/templates/hpa.yaml | 40 -- .../templates/poddisruptionbudget.yaml | 18 - .../charts/gateway/templates/role.yaml | 37 -- .../charts/gateway/templates/service.yaml | 69 --- .../gateway/templates/serviceaccount.yaml | 15 - .../charts/gateway/templates/zzz_profile.yaml | 75 --- .../v1.26.5/charts/gateway/values.schema.json | 368 ------------ resources/v1.26.5/charts/gateway/values.yaml | 170 ------ resources/v1.26.5/charts/istiod/Chart.yaml | 12 - resources/v1.26.5/charts/istiod/README.md | 73 --- .../files/gateway-injection-template.yaml | 261 --------- .../charts/istiod/files/grpc-agent.yaml | 318 ---------- .../charts/istiod/files/grpc-simple.yaml | 65 -- .../istiod/files/injection-template.yaml | 531 ----------------- .../charts/istiod/files/kube-gateway.yaml | 401 ------------- .../charts/istiod/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/istiod/files/profile-demo.yaml | 94 --- .../istiod/files/profile-platform-gke.yaml | 10 - .../istiod/files/profile-platform-k3d.yaml | 7 - .../istiod/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/istiod/files/profile-preview.yaml | 13 - .../charts/istiod/files/profile-remote.yaml | 13 - .../charts/istiod/files/profile-stable.yaml | 8 - .../v1.26.5/charts/istiod/files/waypoint.yaml | 396 ------------- .../v1.26.5/charts/istiod/templates/NOTES.txt | 82 --- .../charts/istiod/templates/_helpers.tpl | 23 - .../charts/istiod/templates/autoscale.yaml | 43 -- .../charts/istiod/templates/clusterrole.yaml | 206 ------- .../istiod/templates/clusterrolebinding.yaml | 40 -- .../istiod/templates/configmap-jwks.yaml | 18 - .../istiod/templates/configmap-values.yaml | 19 - .../charts/istiod/templates/configmap.yaml | 106 ---- .../charts/istiod/templates/deployment.yaml | 304 ---------- .../templates/gateway-class-configmap.yaml | 20 - .../templates/istiod-injector-configmap.yaml | 81 --- .../istiod/templates/mutatingwebhook.yaml | 164 ------ .../istiod/templates/poddisruptionbudget.yaml | 29 - .../istiod/templates/reader-clusterrole.yaml | 64 -- .../templates/reader-clusterrolebinding.yaml | 17 - .../templates/remote-istiod-endpoints.yaml | 25 - .../templates/remote-istiod-service.yaml | 35 -- .../istiod/templates/revision-tags.yaml | 148 ----- .../v1.26.5/charts/istiod/templates/role.yaml | 35 -- .../charts/istiod/templates/rolebinding.yaml | 21 - .../charts/istiod/templates/service.yaml | 54 -- .../istiod/templates/serviceaccount.yaml | 24 - .../templates/validatingadmissionpolicy.yaml | 63 -- .../validatingwebhookconfiguration.yaml | 68 --- .../istiod/templates/zzy_descope_legacy.yaml | 3 - .../charts/istiod/templates/zzz_profile.yaml | 75 --- resources/v1.26.5/charts/istiod/values.yaml | 553 ------------------ .../v1.26.5/charts/revisiontags/Chart.yaml | 8 - .../revisiontags/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../revisiontags/files/profile-demo.yaml | 94 --- .../files/profile-platform-gke.yaml | 10 - .../files/profile-platform-k3d.yaml | 7 - .../files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../revisiontags/files/profile-preview.yaml | 13 - .../revisiontags/files/profile-remote.yaml | 13 - .../revisiontags/files/profile-stable.yaml | 8 - .../revisiontags/templates/revision-tags.yaml | 148 ----- .../revisiontags/templates/zzz_profile.yaml | 75 --- .../v1.26.5/charts/revisiontags/values.yaml | 553 ------------------ resources/v1.26.5/charts/ztunnel/Chart.yaml | 11 - resources/v1.26.5/charts/ztunnel/README.md | 50 -- .../charts/ztunnel/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/ztunnel/files/profile-demo.yaml | 94 --- .../ztunnel/files/profile-platform-gke.yaml | 10 - .../ztunnel/files/profile-platform-k3d.yaml | 7 - .../ztunnel/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/ztunnel/files/profile-preview.yaml | 13 - .../charts/ztunnel/files/profile-remote.yaml | 13 - .../charts/ztunnel/files/profile-stable.yaml | 8 - .../charts/ztunnel/templates/NOTES.txt | 5 - .../charts/ztunnel/templates/_helpers.tpl | 1 - .../charts/ztunnel/templates/daemonset.yaml | 205 ------- .../charts/ztunnel/templates/rbac.yaml | 72 --- .../ztunnel/templates/resourcequota.yaml | 20 - .../charts/ztunnel/templates/zzz_profile.yaml | 75 --- resources/v1.26.5/charts/ztunnel/values.yaml | 114 ---- resources/v1.26.5/cni-1.26.5.tgz.etag | 1 - resources/v1.26.5/commit | 1 - resources/v1.26.5/gateway-1.26.5.tgz.etag | 1 - resources/v1.26.5/istiod-1.26.5.tgz.etag | 1 - resources/v1.26.5/profiles/ambient.yaml | 5 - resources/v1.26.5/profiles/default.yaml | 12 - resources/v1.26.5/profiles/demo.yaml | 5 - resources/v1.26.5/profiles/empty.yaml | 5 - .../v1.26.5/profiles/openshift-ambient.yaml | 7 - resources/v1.26.5/profiles/openshift.yaml | 6 - resources/v1.26.5/profiles/preview.yaml | 8 - resources/v1.26.5/profiles/remote.yaml | 7 - resources/v1.26.5/profiles/stable.yaml | 5 - resources/v1.26.5/ztunnel-1.26.5.tgz.etag | 1 - resources/v1.26.6/base-1.26.6.tgz.etag | 1 - resources/v1.26.6/charts/base/Chart.yaml | 10 - resources/v1.26.6/charts/base/README.md | 35 -- .../charts/base/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/base/files/profile-demo.yaml | 94 --- .../base/files/profile-platform-gke.yaml | 10 - .../base/files/profile-platform-k3d.yaml | 7 - .../base/files/profile-platform-k3s.yaml | 7 - .../base/files/profile-platform-microk8s.yaml | 7 - .../base/files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/base/files/profile-preview.yaml | 13 - .../charts/base/files/profile-remote.yaml | 13 - .../charts/base/files/profile-stable.yaml | 8 - .../v1.26.6/charts/base/templates/NOTES.txt | 5 - ...ultrevision-validatingadmissionpolicy.yaml | 53 -- ...vision-validatingwebhookconfiguration.yaml | 56 -- .../base/templates/reader-serviceaccount.yaml | 20 - .../charts/base/templates/zzz_profile.yaml | 75 --- resources/v1.26.6/charts/base/values.yaml | 37 -- resources/v1.26.6/charts/cni/Chart.yaml | 11 - resources/v1.26.6/charts/cni/README.md | 65 -- .../charts/cni/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/cni/files/profile-demo.yaml | 94 --- .../cni/files/profile-platform-gke.yaml | 10 - .../cni/files/profile-platform-k3d.yaml | 7 - .../cni/files/profile-platform-k3s.yaml | 7 - .../cni/files/profile-platform-microk8s.yaml | 7 - .../cni/files/profile-platform-minikube.yaml | 6 - .../cni/files/profile-platform-openshift.yaml | 19 - .../charts/cni/files/profile-preview.yaml | 13 - .../charts/cni/files/profile-remote.yaml | 13 - .../charts/cni/files/profile-stable.yaml | 8 - .../v1.26.6/charts/cni/templates/NOTES.txt | 5 - .../v1.26.6/charts/cni/templates/_helpers.tpl | 8 - .../charts/cni/templates/clusterrole.yaml | 81 --- .../cni/templates/clusterrolebinding.yaml | 63 -- .../charts/cni/templates/configmap-cni.yaml | 35 -- .../charts/cni/templates/daemonset.yaml | 245 -------- .../network-attachment-definition.yaml | 11 - .../charts/cni/templates/resourcequota.yaml | 19 - .../charts/cni/templates/serviceaccount.yaml | 18 - .../cni/templates/zzy_descope_legacy.yaml | 3 - .../charts/cni/templates/zzz_profile.yaml | 75 --- resources/v1.26.6/charts/cni/values.yaml | 152 ----- resources/v1.26.6/charts/gateway/Chart.yaml | 12 - resources/v1.26.6/charts/gateway/README.md | 170 ------ .../charts/gateway/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/gateway/files/profile-demo.yaml | 94 --- .../gateway/files/profile-platform-gke.yaml | 10 - .../gateway/files/profile-platform-k3d.yaml | 7 - .../gateway/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/gateway/files/profile-preview.yaml | 13 - .../charts/gateway/files/profile-remote.yaml | 13 - .../charts/gateway/files/profile-stable.yaml | 8 - .../charts/gateway/templates/NOTES.txt | 9 - .../charts/gateway/templates/_helpers.tpl | 40 -- .../charts/gateway/templates/deployment.yaml | 131 ----- .../v1.26.6/charts/gateway/templates/hpa.yaml | 40 -- .../templates/poddisruptionbudget.yaml | 18 - .../charts/gateway/templates/role.yaml | 37 -- .../charts/gateway/templates/service.yaml | 69 --- .../gateway/templates/serviceaccount.yaml | 15 - .../charts/gateway/templates/zzz_profile.yaml | 75 --- .../v1.26.6/charts/gateway/values.schema.json | 368 ------------ resources/v1.26.6/charts/gateway/values.yaml | 170 ------ resources/v1.26.6/charts/istiod/Chart.yaml | 12 - resources/v1.26.6/charts/istiod/README.md | 73 --- .../files/gateway-injection-template.yaml | 261 --------- .../charts/istiod/files/grpc-agent.yaml | 318 ---------- .../charts/istiod/files/grpc-simple.yaml | 65 -- .../istiod/files/injection-template.yaml | 531 ----------------- .../charts/istiod/files/kube-gateway.yaml | 401 ------------- .../charts/istiod/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/istiod/files/profile-demo.yaml | 94 --- .../istiod/files/profile-platform-gke.yaml | 10 - .../istiod/files/profile-platform-k3d.yaml | 7 - .../istiod/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/istiod/files/profile-preview.yaml | 13 - .../charts/istiod/files/profile-remote.yaml | 13 - .../charts/istiod/files/profile-stable.yaml | 8 - .../v1.26.6/charts/istiod/files/waypoint.yaml | 396 ------------- .../v1.26.6/charts/istiod/templates/NOTES.txt | 82 --- .../charts/istiod/templates/_helpers.tpl | 23 - .../charts/istiod/templates/autoscale.yaml | 43 -- .../charts/istiod/templates/clusterrole.yaml | 206 ------- .../istiod/templates/clusterrolebinding.yaml | 40 -- .../istiod/templates/configmap-jwks.yaml | 18 - .../istiod/templates/configmap-values.yaml | 19 - .../charts/istiod/templates/configmap.yaml | 106 ---- .../charts/istiod/templates/deployment.yaml | 304 ---------- .../templates/gateway-class-configmap.yaml | 20 - .../templates/istiod-injector-configmap.yaml | 81 --- .../istiod/templates/mutatingwebhook.yaml | 164 ------ .../istiod/templates/poddisruptionbudget.yaml | 29 - .../istiod/templates/reader-clusterrole.yaml | 64 -- .../templates/reader-clusterrolebinding.yaml | 17 - .../templates/remote-istiod-endpoints.yaml | 25 - .../templates/remote-istiod-service.yaml | 35 -- .../istiod/templates/revision-tags.yaml | 148 ----- .../v1.26.6/charts/istiod/templates/role.yaml | 35 -- .../charts/istiod/templates/rolebinding.yaml | 21 - .../charts/istiod/templates/service.yaml | 54 -- .../istiod/templates/serviceaccount.yaml | 24 - .../templates/validatingadmissionpolicy.yaml | 63 -- .../validatingwebhookconfiguration.yaml | 68 --- .../istiod/templates/zzy_descope_legacy.yaml | 3 - .../charts/istiod/templates/zzz_profile.yaml | 75 --- resources/v1.26.6/charts/istiod/values.yaml | 553 ------------------ .../v1.26.6/charts/revisiontags/Chart.yaml | 8 - .../revisiontags/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../revisiontags/files/profile-demo.yaml | 94 --- .../files/profile-platform-gke.yaml | 10 - .../files/profile-platform-k3d.yaml | 7 - .../files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../revisiontags/files/profile-preview.yaml | 13 - .../revisiontags/files/profile-remote.yaml | 13 - .../revisiontags/files/profile-stable.yaml | 8 - .../revisiontags/templates/revision-tags.yaml | 148 ----- .../revisiontags/templates/zzz_profile.yaml | 75 --- .../v1.26.6/charts/revisiontags/values.yaml | 553 ------------------ resources/v1.26.6/charts/ztunnel/Chart.yaml | 11 - resources/v1.26.6/charts/ztunnel/README.md | 50 -- .../charts/ztunnel/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/ztunnel/files/profile-demo.yaml | 94 --- .../ztunnel/files/profile-platform-gke.yaml | 10 - .../ztunnel/files/profile-platform-k3d.yaml | 7 - .../ztunnel/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/ztunnel/files/profile-preview.yaml | 13 - .../charts/ztunnel/files/profile-remote.yaml | 13 - .../charts/ztunnel/files/profile-stable.yaml | 8 - .../charts/ztunnel/templates/NOTES.txt | 5 - .../charts/ztunnel/templates/_helpers.tpl | 1 - .../charts/ztunnel/templates/daemonset.yaml | 205 ------- .../charts/ztunnel/templates/rbac.yaml | 72 --- .../ztunnel/templates/resourcequota.yaml | 20 - .../charts/ztunnel/templates/zzz_profile.yaml | 75 --- resources/v1.26.6/charts/ztunnel/values.yaml | 114 ---- resources/v1.26.6/cni-1.26.6.tgz.etag | 1 - resources/v1.26.6/commit | 1 - resources/v1.26.6/gateway-1.26.6.tgz.etag | 1 - resources/v1.26.6/istiod-1.26.6.tgz.etag | 1 - resources/v1.26.6/profiles/ambient.yaml | 5 - resources/v1.26.6/profiles/default.yaml | 12 - resources/v1.26.6/profiles/demo.yaml | 5 - resources/v1.26.6/profiles/empty.yaml | 5 - .../v1.26.6/profiles/openshift-ambient.yaml | 7 - resources/v1.26.6/profiles/openshift.yaml | 6 - resources/v1.26.6/profiles/preview.yaml | 8 - resources/v1.26.6/profiles/remote.yaml | 7 - resources/v1.26.6/profiles/stable.yaml | 5 - resources/v1.26.6/ztunnel-1.26.6.tgz.etag | 1 - resources/v1.26.7/base-1.26.7.tgz.etag | 1 - resources/v1.26.7/charts/base/Chart.yaml | 10 - resources/v1.26.7/charts/base/README.md | 35 -- .../charts/base/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/base/files/profile-demo.yaml | 94 --- .../base/files/profile-platform-gke.yaml | 10 - .../base/files/profile-platform-k3d.yaml | 7 - .../base/files/profile-platform-k3s.yaml | 7 - .../base/files/profile-platform-microk8s.yaml | 7 - .../base/files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/base/files/profile-preview.yaml | 13 - .../charts/base/files/profile-remote.yaml | 13 - .../charts/base/files/profile-stable.yaml | 8 - .../v1.26.7/charts/base/templates/NOTES.txt | 5 - ...ultrevision-validatingadmissionpolicy.yaml | 53 -- ...vision-validatingwebhookconfiguration.yaml | 56 -- .../base/templates/reader-serviceaccount.yaml | 20 - .../charts/base/templates/zzz_profile.yaml | 75 --- resources/v1.26.7/charts/base/values.yaml | 37 -- resources/v1.26.7/charts/cni/Chart.yaml | 11 - resources/v1.26.7/charts/cni/README.md | 65 -- .../charts/cni/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/cni/files/profile-demo.yaml | 94 --- .../cni/files/profile-platform-gke.yaml | 10 - .../cni/files/profile-platform-k3d.yaml | 7 - .../cni/files/profile-platform-k3s.yaml | 7 - .../cni/files/profile-platform-microk8s.yaml | 7 - .../cni/files/profile-platform-minikube.yaml | 6 - .../cni/files/profile-platform-openshift.yaml | 19 - .../charts/cni/files/profile-preview.yaml | 13 - .../charts/cni/files/profile-remote.yaml | 13 - .../charts/cni/files/profile-stable.yaml | 8 - .../v1.26.7/charts/cni/templates/NOTES.txt | 5 - .../v1.26.7/charts/cni/templates/_helpers.tpl | 8 - .../charts/cni/templates/clusterrole.yaml | 81 --- .../cni/templates/clusterrolebinding.yaml | 63 -- .../charts/cni/templates/configmap-cni.yaml | 35 -- .../charts/cni/templates/daemonset.yaml | 245 -------- .../network-attachment-definition.yaml | 11 - .../charts/cni/templates/resourcequota.yaml | 19 - .../charts/cni/templates/serviceaccount.yaml | 18 - .../cni/templates/zzy_descope_legacy.yaml | 3 - .../charts/cni/templates/zzz_profile.yaml | 75 --- resources/v1.26.7/charts/cni/values.yaml | 152 ----- resources/v1.26.7/charts/gateway/Chart.yaml | 12 - resources/v1.26.7/charts/gateway/README.md | 170 ------ .../charts/gateway/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/gateway/files/profile-demo.yaml | 94 --- .../gateway/files/profile-platform-gke.yaml | 10 - .../gateway/files/profile-platform-k3d.yaml | 7 - .../gateway/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/gateway/files/profile-preview.yaml | 13 - .../charts/gateway/files/profile-remote.yaml | 13 - .../charts/gateway/files/profile-stable.yaml | 8 - .../charts/gateway/templates/NOTES.txt | 9 - .../charts/gateway/templates/_helpers.tpl | 40 -- .../charts/gateway/templates/deployment.yaml | 131 ----- .../v1.26.7/charts/gateway/templates/hpa.yaml | 40 -- .../templates/poddisruptionbudget.yaml | 18 - .../charts/gateway/templates/role.yaml | 37 -- .../charts/gateway/templates/service.yaml | 69 --- .../gateway/templates/serviceaccount.yaml | 15 - .../charts/gateway/templates/zzz_profile.yaml | 75 --- .../v1.26.7/charts/gateway/values.schema.json | 368 ------------ resources/v1.26.7/charts/gateway/values.yaml | 170 ------ resources/v1.26.7/charts/istiod/Chart.yaml | 12 - resources/v1.26.7/charts/istiod/README.md | 73 --- .../files/gateway-injection-template.yaml | 261 --------- .../charts/istiod/files/grpc-agent.yaml | 318 ---------- .../charts/istiod/files/grpc-simple.yaml | 65 -- .../istiod/files/injection-template.yaml | 531 ----------------- .../charts/istiod/files/kube-gateway.yaml | 401 ------------- .../charts/istiod/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/istiod/files/profile-demo.yaml | 94 --- .../istiod/files/profile-platform-gke.yaml | 10 - .../istiod/files/profile-platform-k3d.yaml | 7 - .../istiod/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/istiod/files/profile-preview.yaml | 13 - .../charts/istiod/files/profile-remote.yaml | 13 - .../charts/istiod/files/profile-stable.yaml | 8 - .../v1.26.7/charts/istiod/files/waypoint.yaml | 396 ------------- .../v1.26.7/charts/istiod/templates/NOTES.txt | 82 --- .../charts/istiod/templates/_helpers.tpl | 23 - .../charts/istiod/templates/autoscale.yaml | 43 -- .../charts/istiod/templates/clusterrole.yaml | 206 ------- .../istiod/templates/clusterrolebinding.yaml | 40 -- .../istiod/templates/configmap-jwks.yaml | 18 - .../istiod/templates/configmap-values.yaml | 19 - .../charts/istiod/templates/configmap.yaml | 106 ---- .../charts/istiod/templates/deployment.yaml | 304 ---------- .../templates/gateway-class-configmap.yaml | 20 - .../templates/istiod-injector-configmap.yaml | 81 --- .../istiod/templates/mutatingwebhook.yaml | 164 ------ .../istiod/templates/poddisruptionbudget.yaml | 29 - .../istiod/templates/reader-clusterrole.yaml | 64 -- .../templates/reader-clusterrolebinding.yaml | 17 - .../templates/remote-istiod-endpoints.yaml | 25 - .../templates/remote-istiod-service.yaml | 35 -- .../istiod/templates/revision-tags.yaml | 148 ----- .../v1.26.7/charts/istiod/templates/role.yaml | 35 -- .../charts/istiod/templates/rolebinding.yaml | 21 - .../charts/istiod/templates/service.yaml | 54 -- .../istiod/templates/serviceaccount.yaml | 24 - .../templates/validatingadmissionpolicy.yaml | 63 -- .../validatingwebhookconfiguration.yaml | 68 --- .../istiod/templates/zzy_descope_legacy.yaml | 3 - .../charts/istiod/templates/zzz_profile.yaml | 75 --- resources/v1.26.7/charts/istiod/values.yaml | 553 ------------------ .../v1.26.7/charts/revisiontags/Chart.yaml | 8 - .../revisiontags/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../revisiontags/files/profile-demo.yaml | 94 --- .../files/profile-platform-gke.yaml | 10 - .../files/profile-platform-k3d.yaml | 7 - .../files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../revisiontags/files/profile-preview.yaml | 13 - .../revisiontags/files/profile-remote.yaml | 13 - .../revisiontags/files/profile-stable.yaml | 8 - .../revisiontags/templates/revision-tags.yaml | 148 ----- .../revisiontags/templates/zzz_profile.yaml | 75 --- .../v1.26.7/charts/revisiontags/values.yaml | 553 ------------------ resources/v1.26.7/charts/ztunnel/Chart.yaml | 11 - resources/v1.26.7/charts/ztunnel/README.md | 50 -- .../charts/ztunnel/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/ztunnel/files/profile-demo.yaml | 94 --- .../ztunnel/files/profile-platform-gke.yaml | 10 - .../ztunnel/files/profile-platform-k3d.yaml | 7 - .../ztunnel/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/ztunnel/files/profile-preview.yaml | 13 - .../charts/ztunnel/files/profile-remote.yaml | 13 - .../charts/ztunnel/files/profile-stable.yaml | 8 - .../charts/ztunnel/templates/NOTES.txt | 5 - .../charts/ztunnel/templates/_helpers.tpl | 1 - .../charts/ztunnel/templates/daemonset.yaml | 205 ------- .../charts/ztunnel/templates/rbac.yaml | 72 --- .../ztunnel/templates/resourcequota.yaml | 20 - .../charts/ztunnel/templates/zzz_profile.yaml | 75 --- resources/v1.26.7/charts/ztunnel/values.yaml | 114 ---- resources/v1.26.7/cni-1.26.7.tgz.etag | 1 - resources/v1.26.7/commit | 1 - resources/v1.26.7/gateway-1.26.7.tgz.etag | 1 - resources/v1.26.7/istiod-1.26.7.tgz.etag | 1 - resources/v1.26.7/profiles/ambient.yaml | 5 - resources/v1.26.7/profiles/default.yaml | 12 - resources/v1.26.7/profiles/demo.yaml | 5 - resources/v1.26.7/profiles/empty.yaml | 5 - .../v1.26.7/profiles/openshift-ambient.yaml | 7 - resources/v1.26.7/profiles/openshift.yaml | 6 - resources/v1.26.7/profiles/preview.yaml | 8 - resources/v1.26.7/profiles/remote.yaml | 7 - resources/v1.26.7/profiles/stable.yaml | 5 - resources/v1.26.7/ztunnel-1.26.7.tgz.etag | 1 - resources/v1.26.8/base-1.26.8.tgz.etag | 1 - resources/v1.26.8/charts/base/Chart.yaml | 10 - resources/v1.26.8/charts/base/README.md | 35 -- .../charts/base/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/base/files/profile-demo.yaml | 94 --- .../base/files/profile-platform-gke.yaml | 10 - .../base/files/profile-platform-k3d.yaml | 7 - .../base/files/profile-platform-k3s.yaml | 7 - .../base/files/profile-platform-microk8s.yaml | 7 - .../base/files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/base/files/profile-preview.yaml | 13 - .../charts/base/files/profile-remote.yaml | 13 - .../charts/base/files/profile-stable.yaml | 8 - .../v1.26.8/charts/base/templates/NOTES.txt | 5 - ...ultrevision-validatingadmissionpolicy.yaml | 53 -- ...vision-validatingwebhookconfiguration.yaml | 56 -- .../base/templates/reader-serviceaccount.yaml | 20 - .../charts/base/templates/zzz_profile.yaml | 75 --- resources/v1.26.8/charts/base/values.yaml | 37 -- resources/v1.26.8/charts/cni/Chart.yaml | 11 - resources/v1.26.8/charts/cni/README.md | 65 -- .../charts/cni/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/cni/files/profile-demo.yaml | 94 --- .../cni/files/profile-platform-gke.yaml | 10 - .../cni/files/profile-platform-k3d.yaml | 7 - .../cni/files/profile-platform-k3s.yaml | 7 - .../cni/files/profile-platform-microk8s.yaml | 7 - .../cni/files/profile-platform-minikube.yaml | 6 - .../cni/files/profile-platform-openshift.yaml | 19 - .../charts/cni/files/profile-preview.yaml | 13 - .../charts/cni/files/profile-remote.yaml | 13 - .../charts/cni/files/profile-stable.yaml | 8 - .../v1.26.8/charts/cni/templates/NOTES.txt | 5 - .../v1.26.8/charts/cni/templates/_helpers.tpl | 8 - .../charts/cni/templates/clusterrole.yaml | 81 --- .../cni/templates/clusterrolebinding.yaml | 63 -- .../charts/cni/templates/configmap-cni.yaml | 35 -- .../charts/cni/templates/daemonset.yaml | 245 -------- .../network-attachment-definition.yaml | 11 - .../charts/cni/templates/resourcequota.yaml | 19 - .../charts/cni/templates/serviceaccount.yaml | 18 - .../cni/templates/zzy_descope_legacy.yaml | 3 - .../charts/cni/templates/zzz_profile.yaml | 75 --- resources/v1.26.8/charts/cni/values.yaml | 152 ----- resources/v1.26.8/charts/gateway/Chart.yaml | 12 - resources/v1.26.8/charts/gateway/README.md | 170 ------ .../charts/gateway/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/gateway/files/profile-demo.yaml | 94 --- .../gateway/files/profile-platform-gke.yaml | 10 - .../gateway/files/profile-platform-k3d.yaml | 7 - .../gateway/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/gateway/files/profile-preview.yaml | 13 - .../charts/gateway/files/profile-remote.yaml | 13 - .../charts/gateway/files/profile-stable.yaml | 8 - .../charts/gateway/templates/NOTES.txt | 9 - .../charts/gateway/templates/_helpers.tpl | 40 -- .../charts/gateway/templates/deployment.yaml | 131 ----- .../v1.26.8/charts/gateway/templates/hpa.yaml | 40 -- .../templates/poddisruptionbudget.yaml | 18 - .../charts/gateway/templates/role.yaml | 37 -- .../charts/gateway/templates/service.yaml | 69 --- .../gateway/templates/serviceaccount.yaml | 15 - .../charts/gateway/templates/zzz_profile.yaml | 75 --- .../v1.26.8/charts/gateway/values.schema.json | 368 ------------ resources/v1.26.8/charts/gateway/values.yaml | 170 ------ resources/v1.26.8/charts/istiod/Chart.yaml | 12 - resources/v1.26.8/charts/istiod/README.md | 73 --- .../files/gateway-injection-template.yaml | 261 --------- .../charts/istiod/files/grpc-agent.yaml | 318 ---------- .../charts/istiod/files/grpc-simple.yaml | 65 -- .../istiod/files/injection-template.yaml | 531 ----------------- .../charts/istiod/files/kube-gateway.yaml | 401 ------------- .../charts/istiod/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/istiod/files/profile-demo.yaml | 94 --- .../istiod/files/profile-platform-gke.yaml | 10 - .../istiod/files/profile-platform-k3d.yaml | 7 - .../istiod/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/istiod/files/profile-preview.yaml | 13 - .../charts/istiod/files/profile-remote.yaml | 13 - .../charts/istiod/files/profile-stable.yaml | 8 - .../v1.26.8/charts/istiod/files/waypoint.yaml | 396 ------------- .../v1.26.8/charts/istiod/templates/NOTES.txt | 82 --- .../charts/istiod/templates/_helpers.tpl | 23 - .../charts/istiod/templates/autoscale.yaml | 43 -- .../charts/istiod/templates/clusterrole.yaml | 206 ------- .../istiod/templates/clusterrolebinding.yaml | 40 -- .../istiod/templates/configmap-jwks.yaml | 18 - .../istiod/templates/configmap-values.yaml | 19 - .../charts/istiod/templates/configmap.yaml | 106 ---- .../charts/istiod/templates/deployment.yaml | 304 ---------- .../templates/gateway-class-configmap.yaml | 20 - .../templates/istiod-injector-configmap.yaml | 81 --- .../istiod/templates/mutatingwebhook.yaml | 164 ------ .../istiod/templates/poddisruptionbudget.yaml | 29 - .../istiod/templates/reader-clusterrole.yaml | 64 -- .../templates/reader-clusterrolebinding.yaml | 17 - .../templates/remote-istiod-endpoints.yaml | 25 - .../templates/remote-istiod-service.yaml | 35 -- .../istiod/templates/revision-tags.yaml | 148 ----- .../v1.26.8/charts/istiod/templates/role.yaml | 35 -- .../charts/istiod/templates/rolebinding.yaml | 21 - .../charts/istiod/templates/service.yaml | 54 -- .../istiod/templates/serviceaccount.yaml | 24 - .../templates/validatingadmissionpolicy.yaml | 63 -- .../validatingwebhookconfiguration.yaml | 68 --- .../istiod/templates/zzy_descope_legacy.yaml | 3 - .../charts/istiod/templates/zzz_profile.yaml | 75 --- resources/v1.26.8/charts/istiod/values.yaml | 553 ------------------ .../v1.26.8/charts/revisiontags/Chart.yaml | 8 - .../revisiontags/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../revisiontags/files/profile-demo.yaml | 94 --- .../files/profile-platform-gke.yaml | 10 - .../files/profile-platform-k3d.yaml | 7 - .../files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../revisiontags/files/profile-preview.yaml | 13 - .../revisiontags/files/profile-remote.yaml | 13 - .../revisiontags/files/profile-stable.yaml | 8 - .../revisiontags/templates/revision-tags.yaml | 148 ----- .../revisiontags/templates/zzz_profile.yaml | 75 --- .../v1.26.8/charts/revisiontags/values.yaml | 553 ------------------ resources/v1.26.8/charts/ztunnel/Chart.yaml | 11 - resources/v1.26.8/charts/ztunnel/README.md | 50 -- .../charts/ztunnel/files/profile-ambient.yaml | 17 - .../profile-compatibility-version-1.23.yaml | 25 - .../profile-compatibility-version-1.24.yaml | 13 - .../profile-compatibility-version-1.25.yaml | 7 - .../charts/ztunnel/files/profile-demo.yaml | 94 --- .../ztunnel/files/profile-platform-gke.yaml | 10 - .../ztunnel/files/profile-platform-k3d.yaml | 7 - .../ztunnel/files/profile-platform-k3s.yaml | 7 - .../files/profile-platform-microk8s.yaml | 7 - .../files/profile-platform-minikube.yaml | 6 - .../files/profile-platform-openshift.yaml | 19 - .../charts/ztunnel/files/profile-preview.yaml | 13 - .../charts/ztunnel/files/profile-remote.yaml | 13 - .../charts/ztunnel/files/profile-stable.yaml | 8 - .../charts/ztunnel/templates/NOTES.txt | 5 - .../charts/ztunnel/templates/_helpers.tpl | 1 - .../charts/ztunnel/templates/daemonset.yaml | 205 ------- .../charts/ztunnel/templates/rbac.yaml | 72 --- .../ztunnel/templates/resourcequota.yaml | 20 - .../charts/ztunnel/templates/zzz_profile.yaml | 75 --- resources/v1.26.8/charts/ztunnel/values.yaml | 114 ---- resources/v1.26.8/cni-1.26.8.tgz.etag | 1 - resources/v1.26.8/commit | 1 - resources/v1.26.8/gateway-1.26.8.tgz.etag | 1 - resources/v1.26.8/istiod-1.26.8.tgz.etag | 1 - resources/v1.26.8/profiles/ambient.yaml | 5 - resources/v1.26.8/profiles/default.yaml | 12 - resources/v1.26.8/profiles/demo.yaml | 5 - resources/v1.26.8/profiles/empty.yaml | 5 - .../v1.26.8/profiles/openshift-ambient.yaml | 7 - resources/v1.26.8/profiles/openshift.yaml | 6 - resources/v1.26.8/profiles/preview.yaml | 8 - resources/v1.26.8/profiles/remote.yaml | 7 - resources/v1.26.8/profiles/stable.yaml | 5 - resources/v1.26.8/ztunnel-1.26.8.tgz.etag | 1 - 1660 files changed, 40 insertions(+), 85524 deletions(-) delete mode 100644 resources/v1.26.0/base-1.26.0.tgz.etag delete mode 100644 resources/v1.26.0/base-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag delete mode 100644 resources/v1.26.0/charts/base/Chart.yaml delete mode 100644 resources/v1.26.0/charts/base/README.md delete mode 100644 resources/v1.26.0/charts/base/files/profile-ambient.yaml delete mode 100644 resources/v1.26.0/charts/base/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.0/charts/base/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.0/charts/base/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.0/charts/base/files/profile-demo.yaml delete mode 100644 resources/v1.26.0/charts/base/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.0/charts/base/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.0/charts/base/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.0/charts/base/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.0/charts/base/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.0/charts/base/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.0/charts/base/files/profile-preview.yaml delete mode 100644 resources/v1.26.0/charts/base/files/profile-remote.yaml delete mode 100644 resources/v1.26.0/charts/base/files/profile-stable.yaml delete mode 100644 resources/v1.26.0/charts/base/templates/NOTES.txt delete mode 100644 resources/v1.26.0/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.0/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.0/charts/base/templates/reader-serviceaccount.yaml delete mode 100644 resources/v1.26.0/charts/base/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.0/charts/base/values.yaml delete mode 100644 resources/v1.26.0/charts/cni/Chart.yaml delete mode 100644 resources/v1.26.0/charts/cni/README.md delete mode 100644 resources/v1.26.0/charts/cni/files/profile-ambient.yaml delete mode 100644 resources/v1.26.0/charts/cni/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.0/charts/cni/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.0/charts/cni/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.0/charts/cni/files/profile-demo.yaml delete mode 100644 resources/v1.26.0/charts/cni/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.0/charts/cni/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.0/charts/cni/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.0/charts/cni/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.0/charts/cni/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.0/charts/cni/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.0/charts/cni/files/profile-preview.yaml delete mode 100644 resources/v1.26.0/charts/cni/files/profile-remote.yaml delete mode 100644 resources/v1.26.0/charts/cni/files/profile-stable.yaml delete mode 100644 resources/v1.26.0/charts/cni/templates/NOTES.txt delete mode 100644 resources/v1.26.0/charts/cni/templates/_helpers.tpl delete mode 100644 resources/v1.26.0/charts/cni/templates/clusterrole.yaml delete mode 100644 resources/v1.26.0/charts/cni/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.0/charts/cni/templates/configmap-cni.yaml delete mode 100644 resources/v1.26.0/charts/cni/templates/daemonset.yaml delete mode 100644 resources/v1.26.0/charts/cni/templates/network-attachment-definition.yaml delete mode 100644 resources/v1.26.0/charts/cni/templates/resourcequota.yaml delete mode 100644 resources/v1.26.0/charts/cni/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.0/charts/cni/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.0/charts/cni/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.0/charts/cni/values.yaml delete mode 100644 resources/v1.26.0/charts/gateway/Chart.yaml delete mode 100644 resources/v1.26.0/charts/gateway/README.md delete mode 100644 resources/v1.26.0/charts/gateway/files/profile-ambient.yaml delete mode 100644 resources/v1.26.0/charts/gateway/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.0/charts/gateway/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.0/charts/gateway/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.0/charts/gateway/files/profile-demo.yaml delete mode 100644 resources/v1.26.0/charts/gateway/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.0/charts/gateway/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.0/charts/gateway/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.0/charts/gateway/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.0/charts/gateway/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.0/charts/gateway/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.0/charts/gateway/files/profile-preview.yaml delete mode 100644 resources/v1.26.0/charts/gateway/files/profile-remote.yaml delete mode 100644 resources/v1.26.0/charts/gateway/files/profile-stable.yaml delete mode 100644 resources/v1.26.0/charts/gateway/templates/NOTES.txt delete mode 100644 resources/v1.26.0/charts/gateway/templates/_helpers.tpl delete mode 100644 resources/v1.26.0/charts/gateway/templates/deployment.yaml delete mode 100644 resources/v1.26.0/charts/gateway/templates/hpa.yaml delete mode 100644 resources/v1.26.0/charts/gateway/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.0/charts/gateway/templates/role.yaml delete mode 100644 resources/v1.26.0/charts/gateway/templates/service.yaml delete mode 100644 resources/v1.26.0/charts/gateway/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.0/charts/gateway/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.0/charts/gateway/values.schema.json delete mode 100644 resources/v1.26.0/charts/gateway/values.yaml delete mode 100644 resources/v1.26.0/charts/istiod/Chart.yaml delete mode 100644 resources/v1.26.0/charts/istiod/README.md delete mode 100644 resources/v1.26.0/charts/istiod/files/gateway-injection-template.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/grpc-agent.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/grpc-simple.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/injection-template.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/kube-gateway.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/profile-ambient.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/profile-demo.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/profile-preview.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/profile-remote.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/profile-stable.yaml delete mode 100644 resources/v1.26.0/charts/istiod/files/waypoint.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/NOTES.txt delete mode 100644 resources/v1.26.0/charts/istiod/templates/_helpers.tpl delete mode 100644 resources/v1.26.0/charts/istiod/templates/autoscale.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/clusterrole.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/configmap-jwks.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/configmap-values.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/configmap.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/deployment.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/gateway-class-configmap.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/istiod-injector-configmap.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/mutatingwebhook.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/reader-clusterrole.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/reader-clusterrolebinding.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/remote-istiod-endpoints.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/remote-istiod-service.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/revision-tags.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/role.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/rolebinding.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/service.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.0/charts/istiod/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.0/charts/istiod/values.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/Chart.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/files/profile-ambient.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/files/profile-demo.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/files/profile-preview.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/files/profile-remote.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/files/profile-stable.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/templates/revision-tags.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.0/charts/revisiontags/values.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/Chart.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/README.md delete mode 100644 resources/v1.26.0/charts/ztunnel/files/profile-ambient.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/files/profile-demo.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/files/profile-preview.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/files/profile-remote.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/files/profile-stable.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/templates/NOTES.txt delete mode 100644 resources/v1.26.0/charts/ztunnel/templates/_helpers.tpl delete mode 100644 resources/v1.26.0/charts/ztunnel/templates/daemonset.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/templates/rbac.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/templates/resourcequota.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.0/charts/ztunnel/values.yaml delete mode 100644 resources/v1.26.0/cni-1.26.0.tgz.etag delete mode 100644 resources/v1.26.0/cni-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag delete mode 100644 resources/v1.26.0/commit delete mode 100644 resources/v1.26.0/gateway-1.26.0.tgz.etag delete mode 100644 resources/v1.26.0/gateway-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag delete mode 100644 resources/v1.26.0/istiod-1.26.0.tgz.etag delete mode 100644 resources/v1.26.0/istiod-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag delete mode 100644 resources/v1.26.0/profiles/ambient.yaml delete mode 100644 resources/v1.26.0/profiles/default.yaml delete mode 100644 resources/v1.26.0/profiles/demo.yaml delete mode 100644 resources/v1.26.0/profiles/empty.yaml delete mode 100644 resources/v1.26.0/profiles/openshift-ambient.yaml delete mode 100644 resources/v1.26.0/profiles/openshift.yaml delete mode 100644 resources/v1.26.0/profiles/preview.yaml delete mode 100644 resources/v1.26.0/profiles/remote.yaml delete mode 100644 resources/v1.26.0/profiles/stable.yaml delete mode 100644 resources/v1.26.0/ztunnel-1.26.0.tgz.etag delete mode 100644 resources/v1.26.0/ztunnel-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag delete mode 100644 resources/v1.26.1/base-1.26.1.tgz.etag delete mode 100644 resources/v1.26.1/charts/base/Chart.yaml delete mode 100644 resources/v1.26.1/charts/base/README.md delete mode 100644 resources/v1.26.1/charts/base/files/profile-ambient.yaml delete mode 100644 resources/v1.26.1/charts/base/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.1/charts/base/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.1/charts/base/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.1/charts/base/files/profile-demo.yaml delete mode 100644 resources/v1.26.1/charts/base/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.1/charts/base/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.1/charts/base/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.1/charts/base/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.1/charts/base/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.1/charts/base/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.1/charts/base/files/profile-preview.yaml delete mode 100644 resources/v1.26.1/charts/base/files/profile-remote.yaml delete mode 100644 resources/v1.26.1/charts/base/files/profile-stable.yaml delete mode 100644 resources/v1.26.1/charts/base/templates/NOTES.txt delete mode 100644 resources/v1.26.1/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.1/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.1/charts/base/templates/reader-serviceaccount.yaml delete mode 100644 resources/v1.26.1/charts/base/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.1/charts/base/values.yaml delete mode 100644 resources/v1.26.1/charts/cni/Chart.yaml delete mode 100644 resources/v1.26.1/charts/cni/README.md delete mode 100644 resources/v1.26.1/charts/cni/files/profile-ambient.yaml delete mode 100644 resources/v1.26.1/charts/cni/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.1/charts/cni/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.1/charts/cni/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.1/charts/cni/files/profile-demo.yaml delete mode 100644 resources/v1.26.1/charts/cni/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.1/charts/cni/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.1/charts/cni/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.1/charts/cni/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.1/charts/cni/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.1/charts/cni/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.1/charts/cni/files/profile-preview.yaml delete mode 100644 resources/v1.26.1/charts/cni/files/profile-remote.yaml delete mode 100644 resources/v1.26.1/charts/cni/files/profile-stable.yaml delete mode 100644 resources/v1.26.1/charts/cni/templates/NOTES.txt delete mode 100644 resources/v1.26.1/charts/cni/templates/_helpers.tpl delete mode 100644 resources/v1.26.1/charts/cni/templates/clusterrole.yaml delete mode 100644 resources/v1.26.1/charts/cni/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.1/charts/cni/templates/configmap-cni.yaml delete mode 100644 resources/v1.26.1/charts/cni/templates/daemonset.yaml delete mode 100644 resources/v1.26.1/charts/cni/templates/network-attachment-definition.yaml delete mode 100644 resources/v1.26.1/charts/cni/templates/resourcequota.yaml delete mode 100644 resources/v1.26.1/charts/cni/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.1/charts/cni/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.1/charts/cni/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.1/charts/cni/values.yaml delete mode 100644 resources/v1.26.1/charts/gateway/Chart.yaml delete mode 100644 resources/v1.26.1/charts/gateway/README.md delete mode 100644 resources/v1.26.1/charts/gateway/files/profile-ambient.yaml delete mode 100644 resources/v1.26.1/charts/gateway/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.1/charts/gateway/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.1/charts/gateway/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.1/charts/gateway/files/profile-demo.yaml delete mode 100644 resources/v1.26.1/charts/gateway/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.1/charts/gateway/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.1/charts/gateway/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.1/charts/gateway/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.1/charts/gateway/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.1/charts/gateway/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.1/charts/gateway/files/profile-preview.yaml delete mode 100644 resources/v1.26.1/charts/gateway/files/profile-remote.yaml delete mode 100644 resources/v1.26.1/charts/gateway/files/profile-stable.yaml delete mode 100644 resources/v1.26.1/charts/gateway/templates/NOTES.txt delete mode 100644 resources/v1.26.1/charts/gateway/templates/_helpers.tpl delete mode 100644 resources/v1.26.1/charts/gateway/templates/deployment.yaml delete mode 100644 resources/v1.26.1/charts/gateway/templates/hpa.yaml delete mode 100644 resources/v1.26.1/charts/gateway/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.1/charts/gateway/templates/role.yaml delete mode 100644 resources/v1.26.1/charts/gateway/templates/service.yaml delete mode 100644 resources/v1.26.1/charts/gateway/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.1/charts/gateway/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.1/charts/gateway/values.schema.json delete mode 100644 resources/v1.26.1/charts/gateway/values.yaml delete mode 100644 resources/v1.26.1/charts/istiod/Chart.yaml delete mode 100644 resources/v1.26.1/charts/istiod/README.md delete mode 100644 resources/v1.26.1/charts/istiod/files/gateway-injection-template.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/grpc-agent.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/grpc-simple.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/injection-template.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/kube-gateway.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/profile-ambient.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/profile-demo.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/profile-preview.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/profile-remote.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/profile-stable.yaml delete mode 100644 resources/v1.26.1/charts/istiod/files/waypoint.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/NOTES.txt delete mode 100644 resources/v1.26.1/charts/istiod/templates/_helpers.tpl delete mode 100644 resources/v1.26.1/charts/istiod/templates/autoscale.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/clusterrole.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/configmap-jwks.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/configmap-values.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/configmap.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/deployment.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/gateway-class-configmap.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/istiod-injector-configmap.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/mutatingwebhook.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/reader-clusterrole.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/reader-clusterrolebinding.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/remote-istiod-endpoints.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/remote-istiod-service.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/revision-tags.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/role.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/rolebinding.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/service.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.1/charts/istiod/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.1/charts/istiod/values.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/Chart.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/files/profile-ambient.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/files/profile-demo.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/files/profile-preview.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/files/profile-remote.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/files/profile-stable.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/templates/revision-tags.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.1/charts/revisiontags/values.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/Chart.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/README.md delete mode 100644 resources/v1.26.1/charts/ztunnel/files/profile-ambient.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/files/profile-demo.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/files/profile-preview.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/files/profile-remote.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/files/profile-stable.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/templates/NOTES.txt delete mode 100644 resources/v1.26.1/charts/ztunnel/templates/_helpers.tpl delete mode 100644 resources/v1.26.1/charts/ztunnel/templates/daemonset.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/templates/rbac.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/templates/resourcequota.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.1/charts/ztunnel/values.yaml delete mode 100644 resources/v1.26.1/cni-1.26.1.tgz.etag delete mode 100644 resources/v1.26.1/commit delete mode 100644 resources/v1.26.1/gateway-1.26.1.tgz.etag delete mode 100644 resources/v1.26.1/istiod-1.26.1.tgz.etag delete mode 100644 resources/v1.26.1/profiles/ambient.yaml delete mode 100644 resources/v1.26.1/profiles/default.yaml delete mode 100644 resources/v1.26.1/profiles/demo.yaml delete mode 100644 resources/v1.26.1/profiles/empty.yaml delete mode 100644 resources/v1.26.1/profiles/openshift-ambient.yaml delete mode 100644 resources/v1.26.1/profiles/openshift.yaml delete mode 100644 resources/v1.26.1/profiles/preview.yaml delete mode 100644 resources/v1.26.1/profiles/remote.yaml delete mode 100644 resources/v1.26.1/profiles/stable.yaml delete mode 100644 resources/v1.26.1/ztunnel-1.26.1.tgz.etag delete mode 100644 resources/v1.26.2/base-1.26.2.tgz.etag delete mode 100644 resources/v1.26.2/charts/base/Chart.yaml delete mode 100644 resources/v1.26.2/charts/base/README.md delete mode 100644 resources/v1.26.2/charts/base/files/profile-ambient.yaml delete mode 100644 resources/v1.26.2/charts/base/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.2/charts/base/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.2/charts/base/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.2/charts/base/files/profile-demo.yaml delete mode 100644 resources/v1.26.2/charts/base/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.2/charts/base/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.2/charts/base/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.2/charts/base/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.2/charts/base/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.2/charts/base/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.2/charts/base/files/profile-preview.yaml delete mode 100644 resources/v1.26.2/charts/base/files/profile-remote.yaml delete mode 100644 resources/v1.26.2/charts/base/files/profile-stable.yaml delete mode 100644 resources/v1.26.2/charts/base/templates/NOTES.txt delete mode 100644 resources/v1.26.2/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.2/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.2/charts/base/templates/reader-serviceaccount.yaml delete mode 100644 resources/v1.26.2/charts/base/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.2/charts/base/values.yaml delete mode 100644 resources/v1.26.2/charts/cni/Chart.yaml delete mode 100644 resources/v1.26.2/charts/cni/README.md delete mode 100644 resources/v1.26.2/charts/cni/files/profile-ambient.yaml delete mode 100644 resources/v1.26.2/charts/cni/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.2/charts/cni/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.2/charts/cni/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.2/charts/cni/files/profile-demo.yaml delete mode 100644 resources/v1.26.2/charts/cni/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.2/charts/cni/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.2/charts/cni/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.2/charts/cni/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.2/charts/cni/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.2/charts/cni/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.2/charts/cni/files/profile-preview.yaml delete mode 100644 resources/v1.26.2/charts/cni/files/profile-remote.yaml delete mode 100644 resources/v1.26.2/charts/cni/files/profile-stable.yaml delete mode 100644 resources/v1.26.2/charts/cni/templates/NOTES.txt delete mode 100644 resources/v1.26.2/charts/cni/templates/_helpers.tpl delete mode 100644 resources/v1.26.2/charts/cni/templates/clusterrole.yaml delete mode 100644 resources/v1.26.2/charts/cni/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.2/charts/cni/templates/configmap-cni.yaml delete mode 100644 resources/v1.26.2/charts/cni/templates/daemonset.yaml delete mode 100644 resources/v1.26.2/charts/cni/templates/network-attachment-definition.yaml delete mode 100644 resources/v1.26.2/charts/cni/templates/resourcequota.yaml delete mode 100644 resources/v1.26.2/charts/cni/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.2/charts/cni/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.2/charts/cni/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.2/charts/cni/values.yaml delete mode 100644 resources/v1.26.2/charts/gateway/Chart.yaml delete mode 100644 resources/v1.26.2/charts/gateway/README.md delete mode 100644 resources/v1.26.2/charts/gateway/files/profile-ambient.yaml delete mode 100644 resources/v1.26.2/charts/gateway/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.2/charts/gateway/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.2/charts/gateway/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.2/charts/gateway/files/profile-demo.yaml delete mode 100644 resources/v1.26.2/charts/gateway/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.2/charts/gateway/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.2/charts/gateway/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.2/charts/gateway/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.2/charts/gateway/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.2/charts/gateway/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.2/charts/gateway/files/profile-preview.yaml delete mode 100644 resources/v1.26.2/charts/gateway/files/profile-remote.yaml delete mode 100644 resources/v1.26.2/charts/gateway/files/profile-stable.yaml delete mode 100644 resources/v1.26.2/charts/gateway/templates/NOTES.txt delete mode 100644 resources/v1.26.2/charts/gateway/templates/_helpers.tpl delete mode 100644 resources/v1.26.2/charts/gateway/templates/deployment.yaml delete mode 100644 resources/v1.26.2/charts/gateway/templates/hpa.yaml delete mode 100644 resources/v1.26.2/charts/gateway/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.2/charts/gateway/templates/role.yaml delete mode 100644 resources/v1.26.2/charts/gateway/templates/service.yaml delete mode 100644 resources/v1.26.2/charts/gateway/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.2/charts/gateway/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.2/charts/gateway/values.schema.json delete mode 100644 resources/v1.26.2/charts/gateway/values.yaml delete mode 100644 resources/v1.26.2/charts/istiod/Chart.yaml delete mode 100644 resources/v1.26.2/charts/istiod/README.md delete mode 100644 resources/v1.26.2/charts/istiod/files/gateway-injection-template.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/grpc-agent.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/grpc-simple.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/injection-template.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/kube-gateway.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/profile-ambient.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/profile-demo.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/profile-preview.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/profile-remote.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/profile-stable.yaml delete mode 100644 resources/v1.26.2/charts/istiod/files/waypoint.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/NOTES.txt delete mode 100644 resources/v1.26.2/charts/istiod/templates/_helpers.tpl delete mode 100644 resources/v1.26.2/charts/istiod/templates/autoscale.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/clusterrole.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/configmap-jwks.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/configmap-values.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/configmap.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/deployment.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/gateway-class-configmap.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/istiod-injector-configmap.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/mutatingwebhook.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/reader-clusterrole.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/reader-clusterrolebinding.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/remote-istiod-endpoints.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/remote-istiod-service.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/revision-tags.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/role.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/rolebinding.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/service.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.2/charts/istiod/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.2/charts/istiod/values.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/Chart.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/files/profile-ambient.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/files/profile-demo.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/files/profile-preview.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/files/profile-remote.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/files/profile-stable.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/templates/revision-tags.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.2/charts/revisiontags/values.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/Chart.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/README.md delete mode 100644 resources/v1.26.2/charts/ztunnel/files/profile-ambient.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/files/profile-demo.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/files/profile-preview.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/files/profile-remote.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/files/profile-stable.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/templates/NOTES.txt delete mode 100644 resources/v1.26.2/charts/ztunnel/templates/_helpers.tpl delete mode 100644 resources/v1.26.2/charts/ztunnel/templates/daemonset.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/templates/rbac.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/templates/resourcequota.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.2/charts/ztunnel/values.yaml delete mode 100644 resources/v1.26.2/cni-1.26.2.tgz.etag delete mode 100644 resources/v1.26.2/commit delete mode 100644 resources/v1.26.2/gateway-1.26.2.tgz.etag delete mode 100644 resources/v1.26.2/istiod-1.26.2.tgz.etag delete mode 100644 resources/v1.26.2/profiles/ambient.yaml delete mode 100644 resources/v1.26.2/profiles/default.yaml delete mode 100644 resources/v1.26.2/profiles/demo.yaml delete mode 100644 resources/v1.26.2/profiles/empty.yaml delete mode 100644 resources/v1.26.2/profiles/openshift-ambient.yaml delete mode 100644 resources/v1.26.2/profiles/openshift.yaml delete mode 100644 resources/v1.26.2/profiles/preview.yaml delete mode 100644 resources/v1.26.2/profiles/remote.yaml delete mode 100644 resources/v1.26.2/profiles/stable.yaml delete mode 100644 resources/v1.26.2/ztunnel-1.26.2.tgz.etag delete mode 100644 resources/v1.26.3/base-1.26.3.tgz.etag delete mode 100644 resources/v1.26.3/charts/base/Chart.yaml delete mode 100644 resources/v1.26.3/charts/base/README.md delete mode 100644 resources/v1.26.3/charts/base/files/profile-ambient.yaml delete mode 100644 resources/v1.26.3/charts/base/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.3/charts/base/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.3/charts/base/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.3/charts/base/files/profile-demo.yaml delete mode 100644 resources/v1.26.3/charts/base/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.3/charts/base/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.3/charts/base/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.3/charts/base/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.3/charts/base/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.3/charts/base/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.3/charts/base/files/profile-preview.yaml delete mode 100644 resources/v1.26.3/charts/base/files/profile-remote.yaml delete mode 100644 resources/v1.26.3/charts/base/files/profile-stable.yaml delete mode 100644 resources/v1.26.3/charts/base/templates/NOTES.txt delete mode 100644 resources/v1.26.3/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.3/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.3/charts/base/templates/reader-serviceaccount.yaml delete mode 100644 resources/v1.26.3/charts/base/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.3/charts/base/values.yaml delete mode 100644 resources/v1.26.3/charts/cni/Chart.yaml delete mode 100644 resources/v1.26.3/charts/cni/README.md delete mode 100644 resources/v1.26.3/charts/cni/files/profile-ambient.yaml delete mode 100644 resources/v1.26.3/charts/cni/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.3/charts/cni/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.3/charts/cni/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.3/charts/cni/files/profile-demo.yaml delete mode 100644 resources/v1.26.3/charts/cni/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.3/charts/cni/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.3/charts/cni/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.3/charts/cni/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.3/charts/cni/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.3/charts/cni/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.3/charts/cni/files/profile-preview.yaml delete mode 100644 resources/v1.26.3/charts/cni/files/profile-remote.yaml delete mode 100644 resources/v1.26.3/charts/cni/files/profile-stable.yaml delete mode 100644 resources/v1.26.3/charts/cni/templates/NOTES.txt delete mode 100644 resources/v1.26.3/charts/cni/templates/_helpers.tpl delete mode 100644 resources/v1.26.3/charts/cni/templates/clusterrole.yaml delete mode 100644 resources/v1.26.3/charts/cni/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.3/charts/cni/templates/configmap-cni.yaml delete mode 100644 resources/v1.26.3/charts/cni/templates/daemonset.yaml delete mode 100644 resources/v1.26.3/charts/cni/templates/network-attachment-definition.yaml delete mode 100644 resources/v1.26.3/charts/cni/templates/resourcequota.yaml delete mode 100644 resources/v1.26.3/charts/cni/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.3/charts/cni/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.3/charts/cni/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.3/charts/cni/values.yaml delete mode 100644 resources/v1.26.3/charts/gateway/Chart.yaml delete mode 100644 resources/v1.26.3/charts/gateway/README.md delete mode 100644 resources/v1.26.3/charts/gateway/files/profile-ambient.yaml delete mode 100644 resources/v1.26.3/charts/gateway/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.3/charts/gateway/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.3/charts/gateway/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.3/charts/gateway/files/profile-demo.yaml delete mode 100644 resources/v1.26.3/charts/gateway/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.3/charts/gateway/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.3/charts/gateway/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.3/charts/gateway/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.3/charts/gateway/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.3/charts/gateway/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.3/charts/gateway/files/profile-preview.yaml delete mode 100644 resources/v1.26.3/charts/gateway/files/profile-remote.yaml delete mode 100644 resources/v1.26.3/charts/gateway/files/profile-stable.yaml delete mode 100644 resources/v1.26.3/charts/gateway/templates/NOTES.txt delete mode 100644 resources/v1.26.3/charts/gateway/templates/_helpers.tpl delete mode 100644 resources/v1.26.3/charts/gateway/templates/deployment.yaml delete mode 100644 resources/v1.26.3/charts/gateway/templates/hpa.yaml delete mode 100644 resources/v1.26.3/charts/gateway/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.3/charts/gateway/templates/role.yaml delete mode 100644 resources/v1.26.3/charts/gateway/templates/service.yaml delete mode 100644 resources/v1.26.3/charts/gateway/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.3/charts/gateway/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.3/charts/gateway/values.schema.json delete mode 100644 resources/v1.26.3/charts/gateway/values.yaml delete mode 100644 resources/v1.26.3/charts/istiod/Chart.yaml delete mode 100644 resources/v1.26.3/charts/istiod/README.md delete mode 100644 resources/v1.26.3/charts/istiod/files/gateway-injection-template.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/grpc-agent.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/grpc-simple.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/injection-template.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/kube-gateway.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/profile-ambient.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/profile-demo.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/profile-preview.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/profile-remote.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/profile-stable.yaml delete mode 100644 resources/v1.26.3/charts/istiod/files/waypoint.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/NOTES.txt delete mode 100644 resources/v1.26.3/charts/istiod/templates/_helpers.tpl delete mode 100644 resources/v1.26.3/charts/istiod/templates/autoscale.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/clusterrole.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/configmap-jwks.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/configmap-values.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/configmap.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/deployment.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/gateway-class-configmap.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/istiod-injector-configmap.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/mutatingwebhook.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/reader-clusterrole.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/reader-clusterrolebinding.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/remote-istiod-endpoints.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/remote-istiod-service.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/revision-tags.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/role.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/rolebinding.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/service.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.3/charts/istiod/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.3/charts/istiod/values.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/Chart.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/files/profile-ambient.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/files/profile-demo.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/files/profile-preview.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/files/profile-remote.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/files/profile-stable.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/templates/revision-tags.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.3/charts/revisiontags/values.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/Chart.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/README.md delete mode 100644 resources/v1.26.3/charts/ztunnel/files/profile-ambient.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/files/profile-demo.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/files/profile-preview.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/files/profile-remote.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/files/profile-stable.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/templates/NOTES.txt delete mode 100644 resources/v1.26.3/charts/ztunnel/templates/_helpers.tpl delete mode 100644 resources/v1.26.3/charts/ztunnel/templates/daemonset.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/templates/rbac.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/templates/resourcequota.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.3/charts/ztunnel/values.yaml delete mode 100644 resources/v1.26.3/cni-1.26.3.tgz.etag delete mode 100644 resources/v1.26.3/commit delete mode 100644 resources/v1.26.3/gateway-1.26.3.tgz.etag delete mode 100644 resources/v1.26.3/istiod-1.26.3.tgz.etag delete mode 100644 resources/v1.26.3/profiles/ambient.yaml delete mode 100644 resources/v1.26.3/profiles/default.yaml delete mode 100644 resources/v1.26.3/profiles/demo.yaml delete mode 100644 resources/v1.26.3/profiles/empty.yaml delete mode 100644 resources/v1.26.3/profiles/openshift-ambient.yaml delete mode 100644 resources/v1.26.3/profiles/openshift.yaml delete mode 100644 resources/v1.26.3/profiles/preview.yaml delete mode 100644 resources/v1.26.3/profiles/remote.yaml delete mode 100644 resources/v1.26.3/profiles/stable.yaml delete mode 100644 resources/v1.26.3/ztunnel-1.26.3.tgz.etag delete mode 100644 resources/v1.26.4/base-1.26.4.tgz.etag delete mode 100644 resources/v1.26.4/charts/base/Chart.yaml delete mode 100644 resources/v1.26.4/charts/base/README.md delete mode 100644 resources/v1.26.4/charts/base/files/profile-ambient.yaml delete mode 100644 resources/v1.26.4/charts/base/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.4/charts/base/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.4/charts/base/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.4/charts/base/files/profile-demo.yaml delete mode 100644 resources/v1.26.4/charts/base/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.4/charts/base/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.4/charts/base/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.4/charts/base/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.4/charts/base/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.4/charts/base/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.4/charts/base/files/profile-preview.yaml delete mode 100644 resources/v1.26.4/charts/base/files/profile-remote.yaml delete mode 100644 resources/v1.26.4/charts/base/files/profile-stable.yaml delete mode 100644 resources/v1.26.4/charts/base/templates/NOTES.txt delete mode 100644 resources/v1.26.4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.4/charts/base/templates/reader-serviceaccount.yaml delete mode 100644 resources/v1.26.4/charts/base/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.4/charts/base/values.yaml delete mode 100644 resources/v1.26.4/charts/cni/Chart.yaml delete mode 100644 resources/v1.26.4/charts/cni/README.md delete mode 100644 resources/v1.26.4/charts/cni/files/profile-ambient.yaml delete mode 100644 resources/v1.26.4/charts/cni/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.4/charts/cni/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.4/charts/cni/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.4/charts/cni/files/profile-demo.yaml delete mode 100644 resources/v1.26.4/charts/cni/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.4/charts/cni/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.4/charts/cni/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.4/charts/cni/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.4/charts/cni/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.4/charts/cni/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.4/charts/cni/files/profile-preview.yaml delete mode 100644 resources/v1.26.4/charts/cni/files/profile-remote.yaml delete mode 100644 resources/v1.26.4/charts/cni/files/profile-stable.yaml delete mode 100644 resources/v1.26.4/charts/cni/templates/NOTES.txt delete mode 100644 resources/v1.26.4/charts/cni/templates/_helpers.tpl delete mode 100644 resources/v1.26.4/charts/cni/templates/clusterrole.yaml delete mode 100644 resources/v1.26.4/charts/cni/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.4/charts/cni/templates/configmap-cni.yaml delete mode 100644 resources/v1.26.4/charts/cni/templates/daemonset.yaml delete mode 100644 resources/v1.26.4/charts/cni/templates/network-attachment-definition.yaml delete mode 100644 resources/v1.26.4/charts/cni/templates/resourcequota.yaml delete mode 100644 resources/v1.26.4/charts/cni/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.4/charts/cni/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.4/charts/cni/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.4/charts/cni/values.yaml delete mode 100644 resources/v1.26.4/charts/gateway/Chart.yaml delete mode 100644 resources/v1.26.4/charts/gateway/README.md delete mode 100644 resources/v1.26.4/charts/gateway/files/profile-ambient.yaml delete mode 100644 resources/v1.26.4/charts/gateway/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.4/charts/gateway/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.4/charts/gateway/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.4/charts/gateway/files/profile-demo.yaml delete mode 100644 resources/v1.26.4/charts/gateway/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.4/charts/gateway/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.4/charts/gateway/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.4/charts/gateway/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.4/charts/gateway/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.4/charts/gateway/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.4/charts/gateway/files/profile-preview.yaml delete mode 100644 resources/v1.26.4/charts/gateway/files/profile-remote.yaml delete mode 100644 resources/v1.26.4/charts/gateway/files/profile-stable.yaml delete mode 100644 resources/v1.26.4/charts/gateway/templates/NOTES.txt delete mode 100644 resources/v1.26.4/charts/gateway/templates/_helpers.tpl delete mode 100644 resources/v1.26.4/charts/gateway/templates/deployment.yaml delete mode 100644 resources/v1.26.4/charts/gateway/templates/hpa.yaml delete mode 100644 resources/v1.26.4/charts/gateway/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.4/charts/gateway/templates/role.yaml delete mode 100644 resources/v1.26.4/charts/gateway/templates/service.yaml delete mode 100644 resources/v1.26.4/charts/gateway/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.4/charts/gateway/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.4/charts/gateway/values.schema.json delete mode 100644 resources/v1.26.4/charts/gateway/values.yaml delete mode 100644 resources/v1.26.4/charts/istiod/Chart.yaml delete mode 100644 resources/v1.26.4/charts/istiod/README.md delete mode 100644 resources/v1.26.4/charts/istiod/files/gateway-injection-template.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/grpc-agent.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/grpc-simple.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/injection-template.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/kube-gateway.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/profile-ambient.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/profile-demo.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/profile-preview.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/profile-remote.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/profile-stable.yaml delete mode 100644 resources/v1.26.4/charts/istiod/files/waypoint.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/NOTES.txt delete mode 100644 resources/v1.26.4/charts/istiod/templates/_helpers.tpl delete mode 100644 resources/v1.26.4/charts/istiod/templates/autoscale.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/clusterrole.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/configmap-jwks.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/configmap-values.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/configmap.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/deployment.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/gateway-class-configmap.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/istiod-injector-configmap.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/mutatingwebhook.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/reader-clusterrole.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/reader-clusterrolebinding.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/remote-istiod-endpoints.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/remote-istiod-service.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/revision-tags.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/role.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/rolebinding.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/service.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.4/charts/istiod/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.4/charts/istiod/values.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/Chart.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/files/profile-ambient.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/files/profile-demo.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/files/profile-preview.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/files/profile-remote.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/files/profile-stable.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/templates/revision-tags.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.4/charts/revisiontags/values.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/Chart.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/README.md delete mode 100644 resources/v1.26.4/charts/ztunnel/files/profile-ambient.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/files/profile-demo.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/files/profile-preview.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/files/profile-remote.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/files/profile-stable.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/templates/NOTES.txt delete mode 100644 resources/v1.26.4/charts/ztunnel/templates/_helpers.tpl delete mode 100644 resources/v1.26.4/charts/ztunnel/templates/daemonset.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/templates/rbac.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/templates/resourcequota.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.4/charts/ztunnel/values.yaml delete mode 100644 resources/v1.26.4/cni-1.26.4.tgz.etag delete mode 100644 resources/v1.26.4/commit delete mode 100644 resources/v1.26.4/gateway-1.26.4.tgz.etag delete mode 100644 resources/v1.26.4/istiod-1.26.4.tgz.etag delete mode 100644 resources/v1.26.4/profiles/ambient.yaml delete mode 100644 resources/v1.26.4/profiles/default.yaml delete mode 100644 resources/v1.26.4/profiles/demo.yaml delete mode 100644 resources/v1.26.4/profiles/empty.yaml delete mode 100644 resources/v1.26.4/profiles/openshift-ambient.yaml delete mode 100644 resources/v1.26.4/profiles/openshift.yaml delete mode 100644 resources/v1.26.4/profiles/preview.yaml delete mode 100644 resources/v1.26.4/profiles/remote.yaml delete mode 100644 resources/v1.26.4/profiles/stable.yaml delete mode 100644 resources/v1.26.4/ztunnel-1.26.4.tgz.etag delete mode 100644 resources/v1.26.5/base-1.26.5.tgz.etag delete mode 100644 resources/v1.26.5/charts/base/Chart.yaml delete mode 100644 resources/v1.26.5/charts/base/README.md delete mode 100644 resources/v1.26.5/charts/base/files/profile-ambient.yaml delete mode 100644 resources/v1.26.5/charts/base/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.5/charts/base/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.5/charts/base/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.5/charts/base/files/profile-demo.yaml delete mode 100644 resources/v1.26.5/charts/base/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.5/charts/base/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.5/charts/base/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.5/charts/base/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.5/charts/base/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.5/charts/base/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.5/charts/base/files/profile-preview.yaml delete mode 100644 resources/v1.26.5/charts/base/files/profile-remote.yaml delete mode 100644 resources/v1.26.5/charts/base/files/profile-stable.yaml delete mode 100644 resources/v1.26.5/charts/base/templates/NOTES.txt delete mode 100644 resources/v1.26.5/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.5/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.5/charts/base/templates/reader-serviceaccount.yaml delete mode 100644 resources/v1.26.5/charts/base/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.5/charts/base/values.yaml delete mode 100644 resources/v1.26.5/charts/cni/Chart.yaml delete mode 100644 resources/v1.26.5/charts/cni/README.md delete mode 100644 resources/v1.26.5/charts/cni/files/profile-ambient.yaml delete mode 100644 resources/v1.26.5/charts/cni/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.5/charts/cni/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.5/charts/cni/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.5/charts/cni/files/profile-demo.yaml delete mode 100644 resources/v1.26.5/charts/cni/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.5/charts/cni/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.5/charts/cni/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.5/charts/cni/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.5/charts/cni/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.5/charts/cni/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.5/charts/cni/files/profile-preview.yaml delete mode 100644 resources/v1.26.5/charts/cni/files/profile-remote.yaml delete mode 100644 resources/v1.26.5/charts/cni/files/profile-stable.yaml delete mode 100644 resources/v1.26.5/charts/cni/templates/NOTES.txt delete mode 100644 resources/v1.26.5/charts/cni/templates/_helpers.tpl delete mode 100644 resources/v1.26.5/charts/cni/templates/clusterrole.yaml delete mode 100644 resources/v1.26.5/charts/cni/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.5/charts/cni/templates/configmap-cni.yaml delete mode 100644 resources/v1.26.5/charts/cni/templates/daemonset.yaml delete mode 100644 resources/v1.26.5/charts/cni/templates/network-attachment-definition.yaml delete mode 100644 resources/v1.26.5/charts/cni/templates/resourcequota.yaml delete mode 100644 resources/v1.26.5/charts/cni/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.5/charts/cni/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.5/charts/cni/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.5/charts/cni/values.yaml delete mode 100644 resources/v1.26.5/charts/gateway/Chart.yaml delete mode 100644 resources/v1.26.5/charts/gateway/README.md delete mode 100644 resources/v1.26.5/charts/gateway/files/profile-ambient.yaml delete mode 100644 resources/v1.26.5/charts/gateway/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.5/charts/gateway/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.5/charts/gateway/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.5/charts/gateway/files/profile-demo.yaml delete mode 100644 resources/v1.26.5/charts/gateway/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.5/charts/gateway/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.5/charts/gateway/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.5/charts/gateway/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.5/charts/gateway/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.5/charts/gateway/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.5/charts/gateway/files/profile-preview.yaml delete mode 100644 resources/v1.26.5/charts/gateway/files/profile-remote.yaml delete mode 100644 resources/v1.26.5/charts/gateway/files/profile-stable.yaml delete mode 100644 resources/v1.26.5/charts/gateway/templates/NOTES.txt delete mode 100644 resources/v1.26.5/charts/gateway/templates/_helpers.tpl delete mode 100644 resources/v1.26.5/charts/gateway/templates/deployment.yaml delete mode 100644 resources/v1.26.5/charts/gateway/templates/hpa.yaml delete mode 100644 resources/v1.26.5/charts/gateway/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.5/charts/gateway/templates/role.yaml delete mode 100644 resources/v1.26.5/charts/gateway/templates/service.yaml delete mode 100644 resources/v1.26.5/charts/gateway/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.5/charts/gateway/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.5/charts/gateway/values.schema.json delete mode 100644 resources/v1.26.5/charts/gateway/values.yaml delete mode 100644 resources/v1.26.5/charts/istiod/Chart.yaml delete mode 100644 resources/v1.26.5/charts/istiod/README.md delete mode 100644 resources/v1.26.5/charts/istiod/files/gateway-injection-template.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/grpc-agent.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/grpc-simple.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/injection-template.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/kube-gateway.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/profile-ambient.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/profile-demo.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/profile-preview.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/profile-remote.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/profile-stable.yaml delete mode 100644 resources/v1.26.5/charts/istiod/files/waypoint.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/NOTES.txt delete mode 100644 resources/v1.26.5/charts/istiod/templates/_helpers.tpl delete mode 100644 resources/v1.26.5/charts/istiod/templates/autoscale.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/clusterrole.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/configmap-jwks.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/configmap-values.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/configmap.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/deployment.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/gateway-class-configmap.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/istiod-injector-configmap.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/mutatingwebhook.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/reader-clusterrole.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/reader-clusterrolebinding.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/remote-istiod-endpoints.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/remote-istiod-service.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/revision-tags.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/role.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/rolebinding.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/service.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.5/charts/istiod/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.5/charts/istiod/values.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/Chart.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/files/profile-ambient.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/files/profile-demo.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/files/profile-preview.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/files/profile-remote.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/files/profile-stable.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/templates/revision-tags.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.5/charts/revisiontags/values.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/Chart.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/README.md delete mode 100644 resources/v1.26.5/charts/ztunnel/files/profile-ambient.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/files/profile-demo.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/files/profile-preview.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/files/profile-remote.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/files/profile-stable.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/templates/NOTES.txt delete mode 100644 resources/v1.26.5/charts/ztunnel/templates/_helpers.tpl delete mode 100644 resources/v1.26.5/charts/ztunnel/templates/daemonset.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/templates/rbac.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/templates/resourcequota.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.5/charts/ztunnel/values.yaml delete mode 100644 resources/v1.26.5/cni-1.26.5.tgz.etag delete mode 100644 resources/v1.26.5/commit delete mode 100644 resources/v1.26.5/gateway-1.26.5.tgz.etag delete mode 100644 resources/v1.26.5/istiod-1.26.5.tgz.etag delete mode 100644 resources/v1.26.5/profiles/ambient.yaml delete mode 100644 resources/v1.26.5/profiles/default.yaml delete mode 100644 resources/v1.26.5/profiles/demo.yaml delete mode 100644 resources/v1.26.5/profiles/empty.yaml delete mode 100644 resources/v1.26.5/profiles/openshift-ambient.yaml delete mode 100644 resources/v1.26.5/profiles/openshift.yaml delete mode 100644 resources/v1.26.5/profiles/preview.yaml delete mode 100644 resources/v1.26.5/profiles/remote.yaml delete mode 100644 resources/v1.26.5/profiles/stable.yaml delete mode 100644 resources/v1.26.5/ztunnel-1.26.5.tgz.etag delete mode 100644 resources/v1.26.6/base-1.26.6.tgz.etag delete mode 100644 resources/v1.26.6/charts/base/Chart.yaml delete mode 100644 resources/v1.26.6/charts/base/README.md delete mode 100644 resources/v1.26.6/charts/base/files/profile-ambient.yaml delete mode 100644 resources/v1.26.6/charts/base/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.6/charts/base/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.6/charts/base/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.6/charts/base/files/profile-demo.yaml delete mode 100644 resources/v1.26.6/charts/base/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.6/charts/base/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.6/charts/base/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.6/charts/base/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.6/charts/base/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.6/charts/base/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.6/charts/base/files/profile-preview.yaml delete mode 100644 resources/v1.26.6/charts/base/files/profile-remote.yaml delete mode 100644 resources/v1.26.6/charts/base/files/profile-stable.yaml delete mode 100644 resources/v1.26.6/charts/base/templates/NOTES.txt delete mode 100644 resources/v1.26.6/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.6/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.6/charts/base/templates/reader-serviceaccount.yaml delete mode 100644 resources/v1.26.6/charts/base/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.6/charts/base/values.yaml delete mode 100644 resources/v1.26.6/charts/cni/Chart.yaml delete mode 100644 resources/v1.26.6/charts/cni/README.md delete mode 100644 resources/v1.26.6/charts/cni/files/profile-ambient.yaml delete mode 100644 resources/v1.26.6/charts/cni/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.6/charts/cni/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.6/charts/cni/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.6/charts/cni/files/profile-demo.yaml delete mode 100644 resources/v1.26.6/charts/cni/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.6/charts/cni/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.6/charts/cni/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.6/charts/cni/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.6/charts/cni/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.6/charts/cni/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.6/charts/cni/files/profile-preview.yaml delete mode 100644 resources/v1.26.6/charts/cni/files/profile-remote.yaml delete mode 100644 resources/v1.26.6/charts/cni/files/profile-stable.yaml delete mode 100644 resources/v1.26.6/charts/cni/templates/NOTES.txt delete mode 100644 resources/v1.26.6/charts/cni/templates/_helpers.tpl delete mode 100644 resources/v1.26.6/charts/cni/templates/clusterrole.yaml delete mode 100644 resources/v1.26.6/charts/cni/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.6/charts/cni/templates/configmap-cni.yaml delete mode 100644 resources/v1.26.6/charts/cni/templates/daemonset.yaml delete mode 100644 resources/v1.26.6/charts/cni/templates/network-attachment-definition.yaml delete mode 100644 resources/v1.26.6/charts/cni/templates/resourcequota.yaml delete mode 100644 resources/v1.26.6/charts/cni/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.6/charts/cni/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.6/charts/cni/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.6/charts/cni/values.yaml delete mode 100644 resources/v1.26.6/charts/gateway/Chart.yaml delete mode 100644 resources/v1.26.6/charts/gateway/README.md delete mode 100644 resources/v1.26.6/charts/gateway/files/profile-ambient.yaml delete mode 100644 resources/v1.26.6/charts/gateway/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.6/charts/gateway/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.6/charts/gateway/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.6/charts/gateway/files/profile-demo.yaml delete mode 100644 resources/v1.26.6/charts/gateway/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.6/charts/gateway/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.6/charts/gateway/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.6/charts/gateway/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.6/charts/gateway/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.6/charts/gateway/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.6/charts/gateway/files/profile-preview.yaml delete mode 100644 resources/v1.26.6/charts/gateway/files/profile-remote.yaml delete mode 100644 resources/v1.26.6/charts/gateway/files/profile-stable.yaml delete mode 100644 resources/v1.26.6/charts/gateway/templates/NOTES.txt delete mode 100644 resources/v1.26.6/charts/gateway/templates/_helpers.tpl delete mode 100644 resources/v1.26.6/charts/gateway/templates/deployment.yaml delete mode 100644 resources/v1.26.6/charts/gateway/templates/hpa.yaml delete mode 100644 resources/v1.26.6/charts/gateway/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.6/charts/gateway/templates/role.yaml delete mode 100644 resources/v1.26.6/charts/gateway/templates/service.yaml delete mode 100644 resources/v1.26.6/charts/gateway/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.6/charts/gateway/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.6/charts/gateway/values.schema.json delete mode 100644 resources/v1.26.6/charts/gateway/values.yaml delete mode 100644 resources/v1.26.6/charts/istiod/Chart.yaml delete mode 100644 resources/v1.26.6/charts/istiod/README.md delete mode 100644 resources/v1.26.6/charts/istiod/files/gateway-injection-template.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/grpc-agent.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/grpc-simple.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/injection-template.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/kube-gateway.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/profile-ambient.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/profile-demo.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/profile-preview.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/profile-remote.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/profile-stable.yaml delete mode 100644 resources/v1.26.6/charts/istiod/files/waypoint.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/NOTES.txt delete mode 100644 resources/v1.26.6/charts/istiod/templates/_helpers.tpl delete mode 100644 resources/v1.26.6/charts/istiod/templates/autoscale.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/clusterrole.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/configmap-jwks.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/configmap-values.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/configmap.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/deployment.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/gateway-class-configmap.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/istiod-injector-configmap.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/mutatingwebhook.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/reader-clusterrole.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/reader-clusterrolebinding.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/remote-istiod-endpoints.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/remote-istiod-service.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/revision-tags.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/role.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/rolebinding.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/service.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.6/charts/istiod/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.6/charts/istiod/values.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/Chart.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/files/profile-ambient.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/files/profile-demo.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/files/profile-preview.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/files/profile-remote.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/files/profile-stable.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/templates/revision-tags.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.6/charts/revisiontags/values.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/Chart.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/README.md delete mode 100644 resources/v1.26.6/charts/ztunnel/files/profile-ambient.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/files/profile-demo.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/files/profile-preview.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/files/profile-remote.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/files/profile-stable.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/templates/NOTES.txt delete mode 100644 resources/v1.26.6/charts/ztunnel/templates/_helpers.tpl delete mode 100644 resources/v1.26.6/charts/ztunnel/templates/daemonset.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/templates/rbac.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/templates/resourcequota.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.6/charts/ztunnel/values.yaml delete mode 100644 resources/v1.26.6/cni-1.26.6.tgz.etag delete mode 100644 resources/v1.26.6/commit delete mode 100644 resources/v1.26.6/gateway-1.26.6.tgz.etag delete mode 100644 resources/v1.26.6/istiod-1.26.6.tgz.etag delete mode 100644 resources/v1.26.6/profiles/ambient.yaml delete mode 100644 resources/v1.26.6/profiles/default.yaml delete mode 100644 resources/v1.26.6/profiles/demo.yaml delete mode 100644 resources/v1.26.6/profiles/empty.yaml delete mode 100644 resources/v1.26.6/profiles/openshift-ambient.yaml delete mode 100644 resources/v1.26.6/profiles/openshift.yaml delete mode 100644 resources/v1.26.6/profiles/preview.yaml delete mode 100644 resources/v1.26.6/profiles/remote.yaml delete mode 100644 resources/v1.26.6/profiles/stable.yaml delete mode 100644 resources/v1.26.6/ztunnel-1.26.6.tgz.etag delete mode 100644 resources/v1.26.7/base-1.26.7.tgz.etag delete mode 100644 resources/v1.26.7/charts/base/Chart.yaml delete mode 100644 resources/v1.26.7/charts/base/README.md delete mode 100644 resources/v1.26.7/charts/base/files/profile-ambient.yaml delete mode 100644 resources/v1.26.7/charts/base/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.7/charts/base/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.7/charts/base/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.7/charts/base/files/profile-demo.yaml delete mode 100644 resources/v1.26.7/charts/base/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.7/charts/base/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.7/charts/base/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.7/charts/base/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.7/charts/base/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.7/charts/base/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.7/charts/base/files/profile-preview.yaml delete mode 100644 resources/v1.26.7/charts/base/files/profile-remote.yaml delete mode 100644 resources/v1.26.7/charts/base/files/profile-stable.yaml delete mode 100644 resources/v1.26.7/charts/base/templates/NOTES.txt delete mode 100644 resources/v1.26.7/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.7/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.7/charts/base/templates/reader-serviceaccount.yaml delete mode 100644 resources/v1.26.7/charts/base/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.7/charts/base/values.yaml delete mode 100644 resources/v1.26.7/charts/cni/Chart.yaml delete mode 100644 resources/v1.26.7/charts/cni/README.md delete mode 100644 resources/v1.26.7/charts/cni/files/profile-ambient.yaml delete mode 100644 resources/v1.26.7/charts/cni/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.7/charts/cni/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.7/charts/cni/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.7/charts/cni/files/profile-demo.yaml delete mode 100644 resources/v1.26.7/charts/cni/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.7/charts/cni/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.7/charts/cni/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.7/charts/cni/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.7/charts/cni/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.7/charts/cni/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.7/charts/cni/files/profile-preview.yaml delete mode 100644 resources/v1.26.7/charts/cni/files/profile-remote.yaml delete mode 100644 resources/v1.26.7/charts/cni/files/profile-stable.yaml delete mode 100644 resources/v1.26.7/charts/cni/templates/NOTES.txt delete mode 100644 resources/v1.26.7/charts/cni/templates/_helpers.tpl delete mode 100644 resources/v1.26.7/charts/cni/templates/clusterrole.yaml delete mode 100644 resources/v1.26.7/charts/cni/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.7/charts/cni/templates/configmap-cni.yaml delete mode 100644 resources/v1.26.7/charts/cni/templates/daemonset.yaml delete mode 100644 resources/v1.26.7/charts/cni/templates/network-attachment-definition.yaml delete mode 100644 resources/v1.26.7/charts/cni/templates/resourcequota.yaml delete mode 100644 resources/v1.26.7/charts/cni/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.7/charts/cni/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.7/charts/cni/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.7/charts/cni/values.yaml delete mode 100644 resources/v1.26.7/charts/gateway/Chart.yaml delete mode 100644 resources/v1.26.7/charts/gateway/README.md delete mode 100644 resources/v1.26.7/charts/gateway/files/profile-ambient.yaml delete mode 100644 resources/v1.26.7/charts/gateway/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.7/charts/gateway/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.7/charts/gateway/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.7/charts/gateway/files/profile-demo.yaml delete mode 100644 resources/v1.26.7/charts/gateway/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.7/charts/gateway/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.7/charts/gateway/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.7/charts/gateway/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.7/charts/gateway/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.7/charts/gateway/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.7/charts/gateway/files/profile-preview.yaml delete mode 100644 resources/v1.26.7/charts/gateway/files/profile-remote.yaml delete mode 100644 resources/v1.26.7/charts/gateway/files/profile-stable.yaml delete mode 100644 resources/v1.26.7/charts/gateway/templates/NOTES.txt delete mode 100644 resources/v1.26.7/charts/gateway/templates/_helpers.tpl delete mode 100644 resources/v1.26.7/charts/gateway/templates/deployment.yaml delete mode 100644 resources/v1.26.7/charts/gateway/templates/hpa.yaml delete mode 100644 resources/v1.26.7/charts/gateway/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.7/charts/gateway/templates/role.yaml delete mode 100644 resources/v1.26.7/charts/gateway/templates/service.yaml delete mode 100644 resources/v1.26.7/charts/gateway/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.7/charts/gateway/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.7/charts/gateway/values.schema.json delete mode 100644 resources/v1.26.7/charts/gateway/values.yaml delete mode 100644 resources/v1.26.7/charts/istiod/Chart.yaml delete mode 100644 resources/v1.26.7/charts/istiod/README.md delete mode 100644 resources/v1.26.7/charts/istiod/files/gateway-injection-template.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/grpc-agent.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/grpc-simple.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/injection-template.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/kube-gateway.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/profile-ambient.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/profile-demo.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/profile-preview.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/profile-remote.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/profile-stable.yaml delete mode 100644 resources/v1.26.7/charts/istiod/files/waypoint.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/NOTES.txt delete mode 100644 resources/v1.26.7/charts/istiod/templates/_helpers.tpl delete mode 100644 resources/v1.26.7/charts/istiod/templates/autoscale.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/clusterrole.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/configmap-jwks.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/configmap-values.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/configmap.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/deployment.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/gateway-class-configmap.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/istiod-injector-configmap.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/mutatingwebhook.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/reader-clusterrole.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/reader-clusterrolebinding.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/remote-istiod-endpoints.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/remote-istiod-service.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/revision-tags.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/role.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/rolebinding.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/service.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.7/charts/istiod/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.7/charts/istiod/values.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/Chart.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/files/profile-ambient.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/files/profile-demo.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/files/profile-preview.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/files/profile-remote.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/files/profile-stable.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/templates/revision-tags.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.7/charts/revisiontags/values.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/Chart.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/README.md delete mode 100644 resources/v1.26.7/charts/ztunnel/files/profile-ambient.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/files/profile-demo.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/files/profile-preview.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/files/profile-remote.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/files/profile-stable.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/templates/NOTES.txt delete mode 100644 resources/v1.26.7/charts/ztunnel/templates/_helpers.tpl delete mode 100644 resources/v1.26.7/charts/ztunnel/templates/daemonset.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/templates/rbac.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/templates/resourcequota.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.7/charts/ztunnel/values.yaml delete mode 100644 resources/v1.26.7/cni-1.26.7.tgz.etag delete mode 100644 resources/v1.26.7/commit delete mode 100644 resources/v1.26.7/gateway-1.26.7.tgz.etag delete mode 100644 resources/v1.26.7/istiod-1.26.7.tgz.etag delete mode 100644 resources/v1.26.7/profiles/ambient.yaml delete mode 100644 resources/v1.26.7/profiles/default.yaml delete mode 100644 resources/v1.26.7/profiles/demo.yaml delete mode 100644 resources/v1.26.7/profiles/empty.yaml delete mode 100644 resources/v1.26.7/profiles/openshift-ambient.yaml delete mode 100644 resources/v1.26.7/profiles/openshift.yaml delete mode 100644 resources/v1.26.7/profiles/preview.yaml delete mode 100644 resources/v1.26.7/profiles/remote.yaml delete mode 100644 resources/v1.26.7/profiles/stable.yaml delete mode 100644 resources/v1.26.7/ztunnel-1.26.7.tgz.etag delete mode 100644 resources/v1.26.8/base-1.26.8.tgz.etag delete mode 100644 resources/v1.26.8/charts/base/Chart.yaml delete mode 100644 resources/v1.26.8/charts/base/README.md delete mode 100644 resources/v1.26.8/charts/base/files/profile-ambient.yaml delete mode 100644 resources/v1.26.8/charts/base/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.8/charts/base/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.8/charts/base/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.8/charts/base/files/profile-demo.yaml delete mode 100644 resources/v1.26.8/charts/base/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.8/charts/base/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.8/charts/base/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.8/charts/base/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.8/charts/base/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.8/charts/base/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.8/charts/base/files/profile-preview.yaml delete mode 100644 resources/v1.26.8/charts/base/files/profile-remote.yaml delete mode 100644 resources/v1.26.8/charts/base/files/profile-stable.yaml delete mode 100644 resources/v1.26.8/charts/base/templates/NOTES.txt delete mode 100644 resources/v1.26.8/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.8/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.8/charts/base/templates/reader-serviceaccount.yaml delete mode 100644 resources/v1.26.8/charts/base/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.8/charts/base/values.yaml delete mode 100644 resources/v1.26.8/charts/cni/Chart.yaml delete mode 100644 resources/v1.26.8/charts/cni/README.md delete mode 100644 resources/v1.26.8/charts/cni/files/profile-ambient.yaml delete mode 100644 resources/v1.26.8/charts/cni/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.8/charts/cni/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.8/charts/cni/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.8/charts/cni/files/profile-demo.yaml delete mode 100644 resources/v1.26.8/charts/cni/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.8/charts/cni/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.8/charts/cni/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.8/charts/cni/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.8/charts/cni/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.8/charts/cni/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.8/charts/cni/files/profile-preview.yaml delete mode 100644 resources/v1.26.8/charts/cni/files/profile-remote.yaml delete mode 100644 resources/v1.26.8/charts/cni/files/profile-stable.yaml delete mode 100644 resources/v1.26.8/charts/cni/templates/NOTES.txt delete mode 100644 resources/v1.26.8/charts/cni/templates/_helpers.tpl delete mode 100644 resources/v1.26.8/charts/cni/templates/clusterrole.yaml delete mode 100644 resources/v1.26.8/charts/cni/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.8/charts/cni/templates/configmap-cni.yaml delete mode 100644 resources/v1.26.8/charts/cni/templates/daemonset.yaml delete mode 100644 resources/v1.26.8/charts/cni/templates/network-attachment-definition.yaml delete mode 100644 resources/v1.26.8/charts/cni/templates/resourcequota.yaml delete mode 100644 resources/v1.26.8/charts/cni/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.8/charts/cni/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.8/charts/cni/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.8/charts/cni/values.yaml delete mode 100644 resources/v1.26.8/charts/gateway/Chart.yaml delete mode 100644 resources/v1.26.8/charts/gateway/README.md delete mode 100644 resources/v1.26.8/charts/gateway/files/profile-ambient.yaml delete mode 100644 resources/v1.26.8/charts/gateway/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.8/charts/gateway/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.8/charts/gateway/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.8/charts/gateway/files/profile-demo.yaml delete mode 100644 resources/v1.26.8/charts/gateway/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.8/charts/gateway/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.8/charts/gateway/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.8/charts/gateway/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.8/charts/gateway/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.8/charts/gateway/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.8/charts/gateway/files/profile-preview.yaml delete mode 100644 resources/v1.26.8/charts/gateway/files/profile-remote.yaml delete mode 100644 resources/v1.26.8/charts/gateway/files/profile-stable.yaml delete mode 100644 resources/v1.26.8/charts/gateway/templates/NOTES.txt delete mode 100644 resources/v1.26.8/charts/gateway/templates/_helpers.tpl delete mode 100644 resources/v1.26.8/charts/gateway/templates/deployment.yaml delete mode 100644 resources/v1.26.8/charts/gateway/templates/hpa.yaml delete mode 100644 resources/v1.26.8/charts/gateway/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.8/charts/gateway/templates/role.yaml delete mode 100644 resources/v1.26.8/charts/gateway/templates/service.yaml delete mode 100644 resources/v1.26.8/charts/gateway/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.8/charts/gateway/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.8/charts/gateway/values.schema.json delete mode 100644 resources/v1.26.8/charts/gateway/values.yaml delete mode 100644 resources/v1.26.8/charts/istiod/Chart.yaml delete mode 100644 resources/v1.26.8/charts/istiod/README.md delete mode 100644 resources/v1.26.8/charts/istiod/files/gateway-injection-template.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/grpc-agent.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/grpc-simple.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/injection-template.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/kube-gateway.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/profile-ambient.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/profile-demo.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/profile-preview.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/profile-remote.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/profile-stable.yaml delete mode 100644 resources/v1.26.8/charts/istiod/files/waypoint.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/NOTES.txt delete mode 100644 resources/v1.26.8/charts/istiod/templates/_helpers.tpl delete mode 100644 resources/v1.26.8/charts/istiod/templates/autoscale.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/clusterrole.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/clusterrolebinding.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/configmap-jwks.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/configmap-values.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/configmap.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/deployment.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/gateway-class-configmap.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/istiod-injector-configmap.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/mutatingwebhook.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/poddisruptionbudget.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/reader-clusterrole.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/reader-clusterrolebinding.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/remote-istiod-endpoints.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/remote-istiod-service.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/revision-tags.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/role.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/rolebinding.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/service.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/serviceaccount.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/validatingadmissionpolicy.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/validatingwebhookconfiguration.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/zzy_descope_legacy.yaml delete mode 100644 resources/v1.26.8/charts/istiod/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.8/charts/istiod/values.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/Chart.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/files/profile-ambient.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/files/profile-demo.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/files/profile-preview.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/files/profile-remote.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/files/profile-stable.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/templates/revision-tags.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.8/charts/revisiontags/values.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/Chart.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/README.md delete mode 100644 resources/v1.26.8/charts/ztunnel/files/profile-ambient.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/files/profile-compatibility-version-1.23.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/files/profile-compatibility-version-1.24.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/files/profile-compatibility-version-1.25.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/files/profile-demo.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/files/profile-platform-gke.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/files/profile-platform-k3d.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/files/profile-platform-k3s.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/files/profile-platform-microk8s.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/files/profile-platform-minikube.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/files/profile-platform-openshift.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/files/profile-preview.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/files/profile-remote.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/files/profile-stable.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/templates/NOTES.txt delete mode 100644 resources/v1.26.8/charts/ztunnel/templates/_helpers.tpl delete mode 100644 resources/v1.26.8/charts/ztunnel/templates/daemonset.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/templates/rbac.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/templates/resourcequota.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/templates/zzz_profile.yaml delete mode 100644 resources/v1.26.8/charts/ztunnel/values.yaml delete mode 100644 resources/v1.26.8/cni-1.26.8.tgz.etag delete mode 100644 resources/v1.26.8/commit delete mode 100644 resources/v1.26.8/gateway-1.26.8.tgz.etag delete mode 100644 resources/v1.26.8/istiod-1.26.8.tgz.etag delete mode 100644 resources/v1.26.8/profiles/ambient.yaml delete mode 100644 resources/v1.26.8/profiles/default.yaml delete mode 100644 resources/v1.26.8/profiles/demo.yaml delete mode 100644 resources/v1.26.8/profiles/empty.yaml delete mode 100644 resources/v1.26.8/profiles/openshift-ambient.yaml delete mode 100644 resources/v1.26.8/profiles/openshift.yaml delete mode 100644 resources/v1.26.8/profiles/preview.yaml delete mode 100644 resources/v1.26.8/profiles/remote.yaml delete mode 100644 resources/v1.26.8/profiles/stable.yaml delete mode 100644 resources/v1.26.8/ztunnel-1.26.8.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index fb47b4e62..d7addb3ac 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,8 +37,8 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.941c7435 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index a0ae4084a..545621811 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,8 +28,8 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.941c7435 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 1668abe87..0a763d52d 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,8 +30,8 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.941c7435. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.941c7435. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.941c7435 Version string `json:"version"` diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 8a32f8e07..7956144a9 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,8 +28,8 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.941c7435 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 73dbf7cf0..8a405f0bf 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,8 +29,8 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.8", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.7", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.26.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.941c7435 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index acd2d4757..82a83fae5 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-01-21T05:11:06Z" + createdAt: "2026-01-21T15:28:58Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. displayName: Istio Version path: version x-descriptors: @@ -196,16 +196,6 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.8 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.7 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.6 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.5 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.4 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.3 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.2 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:master - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. @@ -245,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.941c7435. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.941c7435. displayName: Istio Version path: version x-descriptors: @@ -260,15 +250,6 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.8 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.7 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.6 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.5 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.4 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.3 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.2 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435 - description: Namespace to which the Istio components should be installed. displayName: Namespace @@ -304,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. displayName: Istio Version path: version x-descriptors: @@ -321,16 +302,6 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.8 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.7 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.6 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.5 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.4 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.3 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.2 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:master - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435 - description: |- @@ -388,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. displayName: Istio Version path: version x-descriptors: @@ -405,16 +376,6 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26-latest - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.8 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.7 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.6 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.5 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.4 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.3 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.2 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.1 - - urn:alm:descriptor:com.tectonic.ui:select:v1.26.0 - urn:alm:descriptor:com.tectonic.ui:select:master - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435 - description: Namespace to which the Istio ztunnel component should be installed. @@ -443,16 +404,6 @@ spec: - v1.27.2 - v1.27.1 - v1.27.0 - - v1.26-latest - - v1.26.8 - - v1.26.7 - - v1.26.6 - - v1.26.5 - - v1.26.4 - - v1.26.3 - - v1.26.2 - - v1.26.1 - - v1.26.0 - master - v1.30-alpha.941c7435 @@ -812,42 +763,6 @@ spec: template: metadata: annotations: - images.v1_26_0.cni: gcr.io/istio-release/install-cni:1.26.0 - images.v1_26_0.istiod: gcr.io/istio-release/pilot:1.26.0 - images.v1_26_0.proxy: gcr.io/istio-release/proxyv2:1.26.0 - images.v1_26_0.ztunnel: gcr.io/istio-release/ztunnel:1.26.0 - images.v1_26_1.cni: gcr.io/istio-release/install-cni:1.26.1 - images.v1_26_1.istiod: gcr.io/istio-release/pilot:1.26.1 - images.v1_26_1.proxy: gcr.io/istio-release/proxyv2:1.26.1 - images.v1_26_1.ztunnel: gcr.io/istio-release/ztunnel:1.26.1 - images.v1_26_2.cni: gcr.io/istio-release/install-cni:1.26.2 - images.v1_26_2.istiod: gcr.io/istio-release/pilot:1.26.2 - images.v1_26_2.proxy: gcr.io/istio-release/proxyv2:1.26.2 - images.v1_26_2.ztunnel: gcr.io/istio-release/ztunnel:1.26.2 - images.v1_26_3.cni: gcr.io/istio-release/install-cni:1.26.3 - images.v1_26_3.istiod: gcr.io/istio-release/pilot:1.26.3 - images.v1_26_3.proxy: gcr.io/istio-release/proxyv2:1.26.3 - images.v1_26_3.ztunnel: gcr.io/istio-release/ztunnel:1.26.3 - images.v1_26_4.cni: gcr.io/istio-release/install-cni:1.26.4 - images.v1_26_4.istiod: gcr.io/istio-release/pilot:1.26.4 - images.v1_26_4.proxy: gcr.io/istio-release/proxyv2:1.26.4 - images.v1_26_4.ztunnel: gcr.io/istio-release/ztunnel:1.26.4 - images.v1_26_5.cni: gcr.io/istio-release/install-cni:1.26.5 - images.v1_26_5.istiod: gcr.io/istio-release/pilot:1.26.5 - images.v1_26_5.proxy: gcr.io/istio-release/proxyv2:1.26.5 - images.v1_26_5.ztunnel: gcr.io/istio-release/ztunnel:1.26.5 - images.v1_26_6.cni: gcr.io/istio-release/install-cni:1.26.6 - images.v1_26_6.istiod: gcr.io/istio-release/pilot:1.26.6 - images.v1_26_6.proxy: gcr.io/istio-release/proxyv2:1.26.6 - images.v1_26_6.ztunnel: gcr.io/istio-release/ztunnel:1.26.6 - images.v1_26_7.cni: gcr.io/istio-release/install-cni:1.26.7 - images.v1_26_7.istiod: gcr.io/istio-release/pilot:1.26.7 - images.v1_26_7.proxy: gcr.io/istio-release/proxyv2:1.26.7 - images.v1_26_7.ztunnel: gcr.io/istio-release/ztunnel:1.26.7 - images.v1_26_8.cni: gcr.io/istio-release/install-cni:1.26.8 - images.v1_26_8.istiod: gcr.io/istio-release/pilot:1.26.8 - images.v1_26_8.proxy: gcr.io/istio-release/proxyv2:1.26.8 - images.v1_26_8.ztunnel: gcr.io/istio-release/ztunnel:1.26.8 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 297b97f7b..b891e1dad 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest - v1.28.3 diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 6f99cdf0d..bf3014b80 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10116,7 +10116,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.941c7435. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.941c7435. enum: - v1.28.3 - v1.28.2 diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index ab9e258a6..0c2657e30 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10190,7 +10190,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest - v1.28.3 diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index a317c7a23..fcd40791e 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest - v1.28.3 @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest - v1.28.3 diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 3a96f2772..272167aaf 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest - v1.28.3 diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index a2c0a92b4..7235069a5 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10116,7 +10116,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.941c7435. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.941c7435. enum: - v1.28.3 - v1.28.2 diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 01ac13220..96a23b982 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10190,7 +10190,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest - v1.28.3 diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index b91b42588..c34a355c7 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest - v1.28.3 @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. enum: - v1.28-latest - v1.28.3 diff --git a/chart/values.yaml b/chart/values.yaml index 05ee206ee..e5908e4dd 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,42 +42,6 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_26_8.ztunnel: gcr.io/istio-release/ztunnel:1.26.8 - images.v1_26_8.istiod: gcr.io/istio-release/pilot:1.26.8 - images.v1_26_8.proxy: gcr.io/istio-release/proxyv2:1.26.8 - images.v1_26_8.cni: gcr.io/istio-release/install-cni:1.26.8 - images.v1_26_7.ztunnel: gcr.io/istio-release/ztunnel:1.26.7 - images.v1_26_7.istiod: gcr.io/istio-release/pilot:1.26.7 - images.v1_26_7.proxy: gcr.io/istio-release/proxyv2:1.26.7 - images.v1_26_7.cni: gcr.io/istio-release/install-cni:1.26.7 - images.v1_26_6.ztunnel: gcr.io/istio-release/ztunnel:1.26.6 - images.v1_26_6.istiod: gcr.io/istio-release/pilot:1.26.6 - images.v1_26_6.proxy: gcr.io/istio-release/proxyv2:1.26.6 - images.v1_26_6.cni: gcr.io/istio-release/install-cni:1.26.6 - images.v1_26_5.ztunnel: gcr.io/istio-release/ztunnel:1.26.5 - images.v1_26_5.istiod: gcr.io/istio-release/pilot:1.26.5 - images.v1_26_5.proxy: gcr.io/istio-release/proxyv2:1.26.5 - images.v1_26_5.cni: gcr.io/istio-release/install-cni:1.26.5 - images.v1_26_4.ztunnel: gcr.io/istio-release/ztunnel:1.26.4 - images.v1_26_4.istiod: gcr.io/istio-release/pilot:1.26.4 - images.v1_26_4.proxy: gcr.io/istio-release/proxyv2:1.26.4 - images.v1_26_4.cni: gcr.io/istio-release/install-cni:1.26.4 - images.v1_26_3.ztunnel: gcr.io/istio-release/ztunnel:1.26.3 - images.v1_26_3.istiod: gcr.io/istio-release/pilot:1.26.3 - images.v1_26_3.proxy: gcr.io/istio-release/proxyv2:1.26.3 - images.v1_26_3.cni: gcr.io/istio-release/install-cni:1.26.3 - images.v1_26_2.ztunnel: gcr.io/istio-release/ztunnel:1.26.2 - images.v1_26_2.istiod: gcr.io/istio-release/pilot:1.26.2 - images.v1_26_2.proxy: gcr.io/istio-release/proxyv2:1.26.2 - images.v1_26_2.cni: gcr.io/istio-release/install-cni:1.26.2 - images.v1_26_1.ztunnel: gcr.io/istio-release/ztunnel:1.26.1 - images.v1_26_1.istiod: gcr.io/istio-release/pilot:1.26.1 - images.v1_26_1.proxy: gcr.io/istio-release/proxyv2:1.26.1 - images.v1_26_1.cni: gcr.io/istio-release/install-cni:1.26.1 - images.v1_26_0.ztunnel: gcr.io/istio-release/ztunnel:1.26.0 - images.v1_26_0.istiod: gcr.io/istio-release/pilot:1.26.0 - images.v1_26_0.proxy: gcr.io/istio-release/proxyv2:1.26.0 - images.v1_26_0.cni: gcr.io/istio-release/install-cni:1.26.0 images.v1_30-alpha_941c7435.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 images.v1_30-alpha_941c7435.istiod: gcr.io/istio-testing/pilot:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 images.v1_30-alpha_941c7435.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 @@ -109,16 +73,6 @@ csv: - v1.27.2 - v1.27.1 - v1.27.0 - - v1.26-latest - - v1.26.8 - - v1.26.7 - - v1.26.6 - - v1.26.5 - - v1.26.4 - - v1.26.3 - - v1.26.2 - - v1.26.1 - - v1.26.0 - master - v1.30-alpha.941c7435 diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 1d3b6ddec..a6f5d8879 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.941c7435] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.941c7435] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, v1.30-alpha.941c7435. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.941c7435] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.941c7435. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.941c7435] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.941c7435] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.941c7435] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3523,7 +3523,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.941c7435] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.941c7435] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3689,7 +3689,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.26-latest, v1.26.8, v1.26.7, v1.26.6, v1.26.5, v1.26.4, v1.26.3, v1.26.2, v1.26.1, v1.26.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.941c7435] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.941c7435] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 4161a8eac..bd768859a 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -121,96 +121,25 @@ versions: - https://istio-release.storage.googleapis.com/charts/ztunnel-1.27.0.tgz - name: v1.26-latest ref: v1.26.8 + eol: true - name: v1.26.8 - version: 1.26.8 - repo: https://github.com/istio/istio - commit: 1.26.8 - charts: - - https://istio-release.storage.googleapis.com/charts/base-1.26.8.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-1.26.8.tgz - - https://istio-release.storage.googleapis.com/charts/gateway-1.26.8.tgz - - https://istio-release.storage.googleapis.com/charts/cni-1.26.8.tgz - - https://istio-release.storage.googleapis.com/charts/ztunnel-1.26.8.tgz + eol: true - name: v1.26.7 - version: 1.26.7 - repo: https://github.com/istio/istio - commit: 1.26.7 - charts: - - https://istio-release.storage.googleapis.com/charts/base-1.26.7.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-1.26.7.tgz - - https://istio-release.storage.googleapis.com/charts/gateway-1.26.7.tgz - - https://istio-release.storage.googleapis.com/charts/cni-1.26.7.tgz - - https://istio-release.storage.googleapis.com/charts/ztunnel-1.26.7.tgz + eol: true - name: v1.26.6 - version: 1.26.6 - repo: https://github.com/istio/istio - commit: 1.26.6 - charts: - - https://istio-release.storage.googleapis.com/charts/base-1.26.6.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-1.26.6.tgz - - https://istio-release.storage.googleapis.com/charts/gateway-1.26.6.tgz - - https://istio-release.storage.googleapis.com/charts/cni-1.26.6.tgz - - https://istio-release.storage.googleapis.com/charts/ztunnel-1.26.6.tgz + eol: true - name: v1.26.5 - version: 1.26.5 - repo: https://github.com/istio/istio - commit: 1.26.5 - charts: - - https://istio-release.storage.googleapis.com/charts/base-1.26.5.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-1.26.5.tgz - - https://istio-release.storage.googleapis.com/charts/gateway-1.26.5.tgz - - https://istio-release.storage.googleapis.com/charts/cni-1.26.5.tgz - - https://istio-release.storage.googleapis.com/charts/ztunnel-1.26.5.tgz + eol: true - name: v1.26.4 - version: 1.26.4 - repo: https://github.com/istio/istio - commit: 1.26.4 - charts: - - https://istio-release.storage.googleapis.com/charts/base-1.26.4.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-1.26.4.tgz - - https://istio-release.storage.googleapis.com/charts/gateway-1.26.4.tgz - - https://istio-release.storage.googleapis.com/charts/cni-1.26.4.tgz - - https://istio-release.storage.googleapis.com/charts/ztunnel-1.26.4.tgz + eol: true - name: v1.26.3 - version: 1.26.3 - repo: https://github.com/istio/istio - commit: 1.26.3 - charts: - - https://istio-release.storage.googleapis.com/charts/base-1.26.3.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-1.26.3.tgz - - https://istio-release.storage.googleapis.com/charts/gateway-1.26.3.tgz - - https://istio-release.storage.googleapis.com/charts/cni-1.26.3.tgz - - https://istio-release.storage.googleapis.com/charts/ztunnel-1.26.3.tgz + eol: true - name: v1.26.2 - version: 1.26.2 - repo: https://github.com/istio/istio - commit: 1.26.2 - charts: - - https://istio-release.storage.googleapis.com/charts/base-1.26.2.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-1.26.2.tgz - - https://istio-release.storage.googleapis.com/charts/gateway-1.26.2.tgz - - https://istio-release.storage.googleapis.com/charts/cni-1.26.2.tgz - - https://istio-release.storage.googleapis.com/charts/ztunnel-1.26.2.tgz + eol: true - name: v1.26.1 - version: 1.26.1 - repo: https://github.com/istio/istio - commit: 1.26.1 - charts: - - https://istio-release.storage.googleapis.com/charts/base-1.26.1.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-1.26.1.tgz - - https://istio-release.storage.googleapis.com/charts/gateway-1.26.1.tgz - - https://istio-release.storage.googleapis.com/charts/cni-1.26.1.tgz - - https://istio-release.storage.googleapis.com/charts/ztunnel-1.26.1.tgz + eol: true - name: v1.26.0 - version: 1.26.0 - repo: https://github.com/istio/istio - commit: 1.26.0 - charts: - - https://istio-release.storage.googleapis.com/charts/base-1.26.0.tgz - - https://istio-release.storage.googleapis.com/charts/istiod-1.26.0.tgz - - https://istio-release.storage.googleapis.com/charts/gateway-1.26.0.tgz - - https://istio-release.storage.googleapis.com/charts/cni-1.26.0.tgz - - https://istio-release.storage.googleapis.com/charts/ztunnel-1.26.0.tgz + eol: true - name: v1.25-latest ref: v1.25.5 eol: true diff --git a/resources/v1.26.0/base-1.26.0.tgz.etag b/resources/v1.26.0/base-1.26.0.tgz.etag deleted file mode 100644 index 412b34df1..000000000 --- a/resources/v1.26.0/base-1.26.0.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -5fb8fa4e0f0767141af4f44a806ad52e diff --git a/resources/v1.26.0/base-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag b/resources/v1.26.0/base-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag deleted file mode 100644 index a5e189f93..000000000 --- a/resources/v1.26.0/base-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -91cc53ece3058706e84f6b2c4a58e1a4 diff --git a/resources/v1.26.0/charts/base/Chart.yaml b/resources/v1.26.0/charts/base/Chart.yaml deleted file mode 100644 index b5f1602f4..000000000 --- a/resources/v1.26.0/charts/base/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.0 -description: Helm chart for deploying Istio cluster resources and CRDs -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -name: base -sources: -- https://github.com/istio/istio -version: 1.26.0 diff --git a/resources/v1.26.0/charts/base/README.md b/resources/v1.26.0/charts/base/README.md deleted file mode 100644 index ae8f6d5b0..000000000 --- a/resources/v1.26.0/charts/base/README.md +++ /dev/null @@ -1,35 +0,0 @@ -# Istio base Helm Chart - -This chart installs resources shared by all Istio revisions. This includes Istio CRDs. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-base`: - -```console -kubectl create namespace istio-system -helm install istio-base istio/base -n istio-system -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.0/charts/base/files/profile-ambient.yaml b/resources/v1.26.0/charts/base/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.0/charts/base/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.0/charts/base/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.0/charts/base/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.0/charts/base/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/base/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.0/charts/base/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.0/charts/base/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.0/charts/base/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.0/charts/base/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/base/files/profile-demo.yaml b/resources/v1.26.0/charts/base/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.0/charts/base/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.0/charts/base/files/profile-platform-gke.yaml b/resources/v1.26.0/charts/base/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.0/charts/base/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.0/charts/base/files/profile-platform-k3d.yaml b/resources/v1.26.0/charts/base/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.0/charts/base/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.0/charts/base/files/profile-platform-k3s.yaml b/resources/v1.26.0/charts/base/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.0/charts/base/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.0/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.26.0/charts/base/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.0/charts/base/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.0/charts/base/files/profile-platform-minikube.yaml b/resources/v1.26.0/charts/base/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.0/charts/base/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.0/charts/base/files/profile-platform-openshift.yaml b/resources/v1.26.0/charts/base/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.0/charts/base/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.0/charts/base/files/profile-preview.yaml b/resources/v1.26.0/charts/base/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.0/charts/base/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.0/charts/base/files/profile-remote.yaml b/resources/v1.26.0/charts/base/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.0/charts/base/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.0/charts/base/files/profile-stable.yaml b/resources/v1.26.0/charts/base/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.0/charts/base/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.0/charts/base/templates/NOTES.txt b/resources/v1.26.0/charts/base/templates/NOTES.txt deleted file mode 100644 index f12616f57..000000000 --- a/resources/v1.26.0/charts/base/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -Istio base successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.0/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.26.0/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml deleted file mode 100644 index 2616b09c9..000000000 --- a/resources/v1.26.0/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if and .Values.experimental.stableValidationPolicy (not (eq .Values.defaultRevision "")) }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-default-policy.istio.io" - labels: - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision }} - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-default-policy-binding.istio.io" -spec: - policyName: "stable-channel-default-policy.istio.io" - validationActions: [Deny] -{{- end }} diff --git a/resources/v1.26.0/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.26.0/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml deleted file mode 100644 index 8cb76fd77..000000000 --- a/resources/v1.26.0/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if not (eq .Values.defaultRevision "") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istiod-default-validator - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - - name: validation.istio.io - clientConfig: - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - {{- if (eq .Values.defaultRevision "default") }} - name: istiod - {{- else }} - name: istiod-{{ .Values.defaultRevision }} - {{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] -{{- end }} diff --git a/resources/v1.26.0/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.26.0/charts/base/templates/reader-serviceaccount.yaml deleted file mode 100644 index ba829a6bf..000000000 --- a/resources/v1.26.0/charts/base/templates/reader-serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# This singleton service account aggregates reader permissions for the revisions in a given cluster -# ATM this is a singleton per cluster with Istio installed, and is not revisioned. It maybe should be, -# as otherwise compromising the token for this SA would give you access to *every* installed revision. -# Should be used for remote secret creation. -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.0/charts/base/templates/zzz_profile.yaml b/resources/v1.26.0/charts/base/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.0/charts/base/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.0/charts/base/values.yaml b/resources/v1.26.0/charts/base/values.yaml deleted file mode 100644 index d18296f00..000000000 --- a/resources/v1.26.0/charts/base/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - global: - - # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - - # Used to locate istiod. - istioNamespace: istio-system - base: - # A list of CRDs to exclude. Requires `enableCRDTemplates` to be true. - # Example: `excludedCRDs: ["envoyfilters.networking.istio.io"]`. - # Note: when installing with `istioctl`, `enableIstioConfigCRDs=false` must also be set. - excludedCRDs: [] - # Helm (as of V3) does not support upgrading CRDs, because it is not universally - # safe for them to support this. - # Istio as a project enforces certain backwards-compat guarantees that allow us - # to safely upgrade CRDs in spite of this, so we default to self-managing CRDs - # as standard K8S resources in Helm, and disable Helm's CRD management. See also: - # https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts - enableCRDTemplates: true - - # Validation webhook configuration url - # For example: https://$remotePilotAddress:15017/validate - validationURL: "" - # Validation webhook caBundle value. Useful when running pilot with a well known cert - validationCABundle: "" - - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - defaultRevision: "default" - experimental: - stableValidationPolicy: false diff --git a/resources/v1.26.0/charts/cni/Chart.yaml b/resources/v1.26.0/charts/cni/Chart.yaml deleted file mode 100644 index 2b2411237..000000000 --- a/resources/v1.26.0/charts/cni/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.0 -description: Helm chart for istio-cni components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-cni -- istio -name: cni -sources: -- https://github.com/istio/istio -version: 1.26.0 diff --git a/resources/v1.26.0/charts/cni/README.md b/resources/v1.26.0/charts/cni/README.md deleted file mode 100644 index a8b78d5bd..000000000 --- a/resources/v1.26.0/charts/cni/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# Istio CNI Helm Chart - -This chart installs the Istio CNI Plugin. See the [CNI installation guide](https://istio.io/latest/docs/setup/additional-setup/cni/) -for more information. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-cni`: - -```console -helm install istio-cni istio/cni -n kube-system -``` - -Installation in `kube-system` is recommended to ensure the [`system-node-critical`](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) -`priorityClassName` can be used. You can install in other namespace only on K8S clusters that allow -'system-node-critical' outside of kube-system. - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istio-cni -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Ambient - -To enable ambient, you can use the ambient profile: `--set profile=ambient`. - -#### Calico - -For Calico, you must also modify the settings to allow source spoofing: - -- if deployed by operator, `kubectl patch felixconfigurations default --type='json' -p='[{"op": "add", "path": "/spec/workloadSourceSpoofing", "value": "Any"}]'` -- if deployed by manifest, add env `FELIX_WORKLOADSOURCESPOOFING` with value `Any` in `spec.template.spec.containers.env` for daemonset `calico-node`. (This will allow PODs with specified annotation to skip the rpf check. ) - -### GKE notes - -On GKE, 'kube-system' is required. - -If using `helm template`, `--set cni.cniBinDir=/home/kubernetes/bin` is required - with `helm install` -it is auto-detected. diff --git a/resources/v1.26.0/charts/cni/files/profile-ambient.yaml b/resources/v1.26.0/charts/cni/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.0/charts/cni/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.0/charts/cni/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.0/charts/cni/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.0/charts/cni/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/cni/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.0/charts/cni/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.0/charts/cni/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.0/charts/cni/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.0/charts/cni/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/cni/files/profile-demo.yaml b/resources/v1.26.0/charts/cni/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.0/charts/cni/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.0/charts/cni/files/profile-platform-gke.yaml b/resources/v1.26.0/charts/cni/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.0/charts/cni/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.0/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.26.0/charts/cni/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.0/charts/cni/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.0/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.26.0/charts/cni/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.0/charts/cni/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.0/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.26.0/charts/cni/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.0/charts/cni/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.0/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.26.0/charts/cni/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.0/charts/cni/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.0/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.26.0/charts/cni/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.0/charts/cni/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.0/charts/cni/files/profile-preview.yaml b/resources/v1.26.0/charts/cni/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.0/charts/cni/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.0/charts/cni/files/profile-remote.yaml b/resources/v1.26.0/charts/cni/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.0/charts/cni/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.0/charts/cni/files/profile-stable.yaml b/resources/v1.26.0/charts/cni/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.0/charts/cni/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.0/charts/cni/templates/NOTES.txt b/resources/v1.26.0/charts/cni/templates/NOTES.txt deleted file mode 100644 index fb35525b9..000000000 --- a/resources/v1.26.0/charts/cni/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -"{{ .Release.Name }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.0/charts/cni/templates/_helpers.tpl b/resources/v1.26.0/charts/cni/templates/_helpers.tpl deleted file mode 100644 index 73cc17b2f..000000000 --- a/resources/v1.26.0/charts/cni/templates/_helpers.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{- define "name" -}} - istio-cni -{{- end }} - - -{{- define "istio-tag" -}} - {{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}} -{{- end }} diff --git a/resources/v1.26.0/charts/cni/templates/clusterrole.yaml b/resources/v1.26.0/charts/cni/templates/clusterrole.yaml deleted file mode 100644 index 1779e0bb1..000000000 --- a/resources/v1.26.0/charts/cni/templates/clusterrole.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -- apiGroups: [""] - resources: ["pods","nodes","namespaces"] - verbs: ["get", "list", "watch"] -{{- if (eq ((coalesce .Values.platform .Values.global.platform) | default "") "openshift") }} -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -{{- end }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-repair-role - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["watch", "get", "list"] -{{- if .Values.repair.repairPods }} -{{- /* No privileges needed*/}} -{{- else if .Values.repair.deletePods }} - - apiGroups: [""] - resources: ["pods"] - verbs: ["delete"] -{{- else if .Values.repair.labelPods }} - - apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -{{- end }} -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-ambient - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -- apiGroups: ["apps"] - resources: ["daemonsets"] - resourceNames: ["{{ template "name" . }}-node"] - verbs: ["get"] -{{- end }} diff --git a/resources/v1.26.0/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.26.0/charts/cni/templates/clusterrolebinding.yaml deleted file mode 100644 index 42fedab1f..000000000 --- a/resources/v1.26.0/charts/cni/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-repair-rolebinding - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-repair-role -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-ambient - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-ambient -{{- end }} diff --git a/resources/v1.26.0/charts/cni/templates/configmap-cni.yaml b/resources/v1.26.0/charts/cni/templates/configmap-cni.yaml deleted file mode 100644 index 3deb2cb5a..000000000 --- a/resources/v1.26.0/charts/cni/templates/configmap-cni.yaml +++ /dev/null @@ -1,35 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "name" . }}-config - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -data: - CURRENT_AGENT_VERSION: {{ .Values.tag | default .Values.global.tag | quote }} - AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} - AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | quote }} - AMBIENT_IPV6: {{ .Values.ambient.ipv6 | quote }} - AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | quote }} - {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values - CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. - {{- end }} - CHAINED_CNI_PLUGIN: {{ .Values.chained | quote }} - EXCLUDE_NAMESPACES: "{{ range $idx, $ns := .Values.excludeNamespaces }}{{ if $idx }},{{ end }}{{ $ns }}{{ end }}" - REPAIR_ENABLED: {{ .Values.repair.enabled | quote }} - REPAIR_LABEL_PODS: {{ .Values.repair.labelPods | quote }} - REPAIR_DELETE_PODS: {{ .Values.repair.deletePods | quote }} - REPAIR_REPAIR_PODS: {{ .Values.repair.repairPods | quote }} - REPAIR_INIT_CONTAINER_NAME: {{ .Values.repair.initContainerName | quote }} - REPAIR_BROKEN_POD_LABEL_KEY: {{ .Values.repair.brokenPodLabelKey | quote }} - REPAIR_BROKEN_POD_LABEL_VALUE: {{ .Values.repair.brokenPodLabelValue | quote }} - {{- with .Values.env }} - {{- range $key, $val := . }} - {{ $key }}: "{{ $val }}" - {{- end }} - {{- end }} diff --git a/resources/v1.26.0/charts/cni/templates/daemonset.yaml b/resources/v1.26.0/charts/cni/templates/daemonset.yaml deleted file mode 100644 index cdccd3654..000000000 --- a/resources/v1.26.0/charts/cni/templates/daemonset.yaml +++ /dev/null @@ -1,245 +0,0 @@ -# This manifest installs the Istio install-cni container, as well -# as the Istio CNI plugin and config on -# each master and worker node in a Kubernetes cluster. -# -# $detectedBinDir exists to support a GKE-specific platform override, -# and is deprecated in favor of using the explicit `gke` platform profile. -{{- $detectedBinDir := (.Capabilities.KubeVersion.GitVersion | contains "-gke") | ternary - "/home/kubernetes/bin" - "/opt/cni/bin" -}} -{{- if .Values.cniBinDir }} -{{ $detectedBinDir = .Values.cniBinDir }} -{{- end }} -kind: DaemonSet -apiVersion: apps/v1 -metadata: - # Note that this is templated but evaluates to a fixed name - # which the CNI plugin may fall back onto in some failsafe scenarios. - # if this name is changed, CNI plugin logic that checks for this name - # format should also be updated. - name: {{ template "name" . }}-node - namespace: {{ .Release.Namespace }} - labels: - k8s-app: {{ template "name" . }}-node - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - k8s-app: {{ template "name" . }}-node - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - k8s-app: {{ template "name" . }}-node - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 8 }} - annotations: - sidecar.istio.io/inject: "false" - # Add Prometheus Scrape annotations - prometheus.io/scrape: 'true' - prometheus.io/port: "15014" - prometheus.io/path: '/metrics' - # Add AppArmor annotation - # This is required to avoid conflicts with AppArmor profiles which block certain - # privileged pod capabilities. - # Required for Kubernetes 1.29 which does not support setting appArmorProfile in the - # securityContext which is otherwise preferred. - container.apparmor.security.beta.kubernetes.io/install-cni: unconfined - # Custom annotations - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet -{{- end }} - nodeSelector: - kubernetes.io/os: linux - # Can be configured to allow for excluding istio-cni from being scheduled on specified nodes - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - tolerations: - # Make sure istio-cni-node gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: {{ template "name" . }} - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 5 - containers: - # This container installs the Istio CNI binaries - # and CNI network config file on each node. - - name: install-cni -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "install-cni" }}:{{ template "istio-tag" . }}" -{{- end }} -{{- if or .Values.pullPolicy .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.imagePullPolicy }} -{{- end }} - ports: - - containerPort: 15014 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8000 - securityContext: - privileged: false - runAsGroup: 0 - runAsUser: 0 - runAsNonRoot: false - # Both ambient and sidecar repair mode require elevated node privileges to function. - # But we don't need _everything_ in `privileged`, so explicitly set it to false and - # add capabilities based on feature. - capabilities: - drop: - - ALL - add: - # CAP_NET_ADMIN is required to allow ipset and route table access - - NET_ADMIN - # CAP_NET_RAW is required to allow iptables mutation of the `nat` table - - NET_RAW - # CAP_SYS_PTRACE is required for repair and ambient mode to describe - # the pod's network namespace. - - SYS_PTRACE - # CAP_SYS_ADMIN is required for both ambient and repair, in order to open - # network namespaces in `/proc` to obtain descriptors for entering pod network - # namespaces. There does not appear to be a more granular capability for this. - - SYS_ADMIN - # While we run as a 'root' (UID/GID 0), since we drop all capabilities we lose - # the typical ability to read/write to folders owned by others. - # This can cause problems if the hostPath mounts we use, which we require write access into, - # are owned by non-root. DAC_OVERRIDE bypasses these and gives us write access into any folder. - - DAC_OVERRIDE -{{- if .Values.seLinuxOptions }} -{{ with (merge .Values.seLinuxOptions (dict "type" "spc_t")) }} - seLinuxOptions: -{{ toYaml . | trim | indent 14 }} -{{- end }} -{{- end }} -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - command: ["install-cni"] - args: - {{- if or .Values.logging.level .Values.global.logging.level }} - - --log_output_level={{ coalesce .Values.logging.level .Values.global.logging.level }} - {{- end}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end}} - envFrom: - - configMapRef: - name: {{ template "name" . }}-config - env: - - name: REPAIR_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: REPAIR_RUN_AS_DAEMON - value: "true" - - name: REPAIR_SIDECAR_ANNOTATION - value: "sidecar.istio.io/status" - {{- if not (and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace) }} - - name: ALLOW_SWITCH_TO_HOST_NS - value: "true" - {{- end }} - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - mountPath: /host/proc - name: cni-host-procfs - readOnly: true - {{- end }} - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - - mountPath: /var/run/istio-cni - name: cni-socket-dir - {{- if .Values.ambient.enabled }} - - mountPath: /host/var/run/netns - mountPropagation: HostToContainer - name: cni-netns-dir - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - {{ end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - volumes: - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: {{ $detectedBinDir }} - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - name: cni-host-procfs - hostPath: - path: /proc - type: Directory - {{- end }} - {{- if .Values.ambient.enabled }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate - {{- end }} - - name: cni-net-dir - hostPath: - path: {{ .Values.cniConfDir }} - # Used for UDS sockets for logging, ambient eventing - - name: cni-socket-dir - hostPath: - path: /var/run/istio-cni - - name: cni-netns-dir - hostPath: - path: {{ .Values.cniNetnsDir }} - type: DirectoryOrCreate # DirectoryOrCreate instead of Directory for the following reason - CNI may not bind mount this until a non-hostnetwork pod is scheduled on the node, - # and we don't want to block CNI agent pod creation on waiting for the first non-hostnetwork pod. - # Once the CNI does mount this, it will get populated and we're good. diff --git a/resources/v1.26.0/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.26.0/charts/cni/templates/network-attachment-definition.yaml deleted file mode 100644 index 86a2eb7c0..000000000 --- a/resources/v1.26.0/charts/cni/templates/network-attachment-definition.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if eq .Values.provider "multus" }} -apiVersion: k8s.cni.cncf.io/v1 -kind: NetworkAttachmentDefinition -metadata: - name: {{ template "name" . }} - namespace: default - labels: - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.0/charts/cni/templates/resourcequota.yaml b/resources/v1.26.0/charts/cni/templates/resourcequota.yaml deleted file mode 100644 index 9a6d61ff9..000000000 --- a/resources/v1.26.0/charts/cni/templates/resourcequota.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ template "name" . }}-resource-quota - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.0/charts/cni/templates/serviceaccount.yaml b/resources/v1.26.0/charts/cni/templates/serviceaccount.yaml deleted file mode 100644 index 3193d7b74..000000000 --- a/resources/v1.26.0/charts/cni/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.0/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.26.0/charts/cni/templates/zzy_descope_legacy.yaml deleted file mode 100644 index a9584ac29..000000000 --- a/resources/v1.26.0/charts/cni/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.cni` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "cni") }} \ No newline at end of file diff --git a/resources/v1.26.0/charts/cni/templates/zzz_profile.yaml b/resources/v1.26.0/charts/cni/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.0/charts/cni/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.0/charts/cni/values.yaml b/resources/v1.26.0/charts/cni/values.yaml deleted file mode 100644 index 4a0d1c262..000000000 --- a/resources/v1.26.0/charts/cni/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - hub: "" - tag: "" - variant: "" - image: install-cni - pullPolicy: "" - - # Same as `global.logging.level`, but will override it if set - logging: - level: "" - - # Configuration file to insert istio-cni plugin configuration - # by default this will be the first file found in the cni-conf-dir - # Example - # cniConfFileName: 10-calico.conflist - - # CNI-and-platform specific path defaults. - # These may need to be set to platform-specific values, consult - # overrides for your platform in `manifests/helm-profiles/platform-*.yaml` - cniBinDir: /opt/cni/bin - cniConfDir: /etc/cni/net.d - cniConfFileName: "" - cniNetnsDir: "/var/run/netns" - - excludeNamespaces: - - kube-system - - # Allows user to set custom affinity for the DaemonSet - affinity: {} - - # Custom annotations on pod level, if you need them - podAnnotations: {} - - # Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")? - # Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case - chained: true - - # Custom configuration happens based on the CNI provider. - # Possible values: "default", "multus" - provider: "default" - - # Configure ambient settings - ambient: - # If enabled, ambient redirection will be enabled - enabled: false - # Set ambient config dir path: defaults to /etc/ambient-config - configDir: "" - # If enabled, and ambient is enabled, DNS redirection will be enabled - dnsCapture: true - # If enabled, and ambient is enabled, enables ipv6 support - ipv6: true - # If enabled, and ambient is enabled, the CNI agent will reconcile incompatible iptables rules and chains at startup. - # This will eventually be enabled by default - reconcileIptablesOnStartup: false - # If enabled, and ambient is enabled, the CNI agent will always share the network namespace of the host node it is running on - shareHostNetworkNamespace: false - - - repair: - enabled: true - hub: "" - tag: "" - - # Repair controller has 3 modes. Pick which one meets your use cases. Note only one may be used. - # This defines the action the controller will take when a pod is detected as broken. - - # labelPods will label all pods with =. - # This is only capable of identifying broken pods; the user is responsible for fixing them (generally, by deleting them). - # Note this gives the DaemonSet a relatively high privilege, as modifying pod metadata/status can have wider impacts. - labelPods: false - # deletePods will delete any broken pod. These will then be rescheduled, hopefully onto a node that is fully ready. - # Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod. - deletePods: false - # repairPods will dynamically repair any broken pod by setting up the pod networking configuration even after it has started. - # Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. - # This requires no RBAC privilege, but does require `securityContext.privileged/CAP_SYS_ADMIN`. - repairPods: true - - initContainerName: "istio-validation" - - brokenPodLabelKey: "cni.istio.io/uninitialized" - brokenPodLabelValue: "true" - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # SELinux options to set in the istio-cni-node pods. You may need to set this to `type: spc_t` for some platforms. - seLinuxOptions: {} - - resources: - requests: - cpu: 100m - memory: 100Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # For Helm compatibility. - ownerName: "" - - global: - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - - # Default tag for Istio images. - tag: 1.26.0 - - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # change cni scope level to control logging out of istio-cni-node DaemonSet - logging: - level: info - - logAsJson: false - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Default resources allocated - defaultResources: - requests: - cpu: 100m - memory: 100Mi - - # A `key: value` mapping of environment variables to add to the pod - env: {} diff --git a/resources/v1.26.0/charts/gateway/Chart.yaml b/resources/v1.26.0/charts/gateway/Chart.yaml deleted file mode 100644 index 9f56dcf73..000000000 --- a/resources/v1.26.0/charts/gateway/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.0 -description: Helm chart for deploying Istio gateways -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- gateways -name: gateway -sources: -- https://github.com/istio/istio -type: application -version: 1.26.0 diff --git a/resources/v1.26.0/charts/gateway/README.md b/resources/v1.26.0/charts/gateway/README.md deleted file mode 100644 index 5c064d165..000000000 --- a/resources/v1.26.0/charts/gateway/README.md +++ /dev/null @@ -1,170 +0,0 @@ -# Istio Gateway Helm Chart - -This chart installs an Istio gateway deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-ingressgateway`: - -```console -helm install istio-ingressgateway istio/gateway -``` - -## Uninstalling the Chart - -To uninstall/delete the `istio-ingressgateway` deployment: - -```console -helm delete istio-ingressgateway -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/gateway -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### OpenShift - -When deploying the gateway in an OpenShift cluster, use the `openshift` profile to override the default values, for example: - -```console -helm install istio-ingressgateway istio/gateway --set profile=openshift -``` - -### `image: auto` Information - -The image used by the chart, `auto`, may be unintuitive. -This exists because the pod spec will be automatically populated at runtime, using the same mechanism as [Sidecar Injection](istio.io/latest/docs/setup/additional-setup/sidecar-injection). -This allows the same configurations and lifecycle to apply to gateways as sidecars. - -Note: this does mean that the namespace the gateway is deployed in must not have the `istio-injection=disabled` label. -See [Controlling the injection policy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) for more info. - -### Examples - -#### Egress Gateway - -Deploying a Gateway to be used as an [Egress Gateway](https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/): - -```yaml -service: - # Egress gateways do not need an external LoadBalancer IP - type: ClusterIP -``` - -#### Multi-network/VM Gateway - -Deploying a Gateway to be used as a [Multi-network Gateway](https://istio.io/latest/docs/setup/install/multicluster/) for network `network-1`: - -```yaml -networkGateway: network-1 -``` - -### Migrating from other installation methods - -Installations from other installation methods (such as istioctl, Istio Operator, other helm charts, etc) can be migrated to use the new Helm charts -following the guidance below. -If you are able to, a clean installation is simpler. However, this often requires an external IP migration which can be challenging. - -WARNING: when installing over an existing deployment, the two deployments will be merged together by Helm, which may lead to unexpected results. - -#### Legacy Gateway Helm charts - -Istio historically offered two different charts - `manifests/charts/gateways/istio-ingress` and `manifests/charts/gateways/istio-egress`. -These are replaced by this chart. -While not required, it is recommended all new users use this chart, and existing users migrate when possible. - -This chart has the following benefits and differences: -* Designed with Helm best practices in mind (standardized values options, values schema, values are not all nested under `gateways.istio-ingressgateway.*`, release name and namespace taken into account, etc). -* Utilizes Gateway injection, simplifying upgrades, allowing gateways to run in any namespace, and avoiding repeating config for sidecars and gateways. -* Published to official Istio Helm repository. -* Single chart for all gateways (Ingress, Egress, East West). - -#### General concerns - -For a smooth migration, the resource names and `Deployment.spec.selector` labels must match. - -If you install with `helm install istio-gateway istio/gateway`, resources will be named `istio-gateway` and the `selector` labels set to: - -```yaml -app: istio-gateway -istio: gateway # the release name with leading istio- prefix stripped -``` - -If your existing installation doesn't follow these names, you can override them. For example, if you have resources named `my-custom-gateway` with `selector` labels -`foo=bar,istio=ingressgateway`: - -```yaml -name: my-custom-gateway # Override the name to match existing resources -labels: - app: "" # Unset default app selector label - istio: ingressgateway # override default istio selector label - foo: bar # Add the existing custom selector label -``` - -#### Migrating an existing Helm release - -An existing helm release can be `helm upgrade`d to this chart by using the same release name. For example, if a previous -installation was done like: - -```console -helm install istio-ingress manifests/charts/gateways/istio-ingress -n istio-system -``` - -It could be upgraded with - -```console -helm upgrade istio-ingress manifests/charts/gateway -n istio-system --set name=istio-ingressgateway --set labels.app=istio-ingressgateway --set labels.istio=ingressgateway -``` - -Note the name and labels are overridden to match the names of the existing installation. - -Warning: the helm charts here default to using port 80 and 443, while the old charts used 8080 and 8443. -If you have AuthorizationPolicies that reference port these ports, you should update them during this process, -or customize the ports to match the old defaults. -See the [security advisory](https://istio.io/latest/news/security/istio-security-2021-002/) for more information. - -#### Other migrations - -If you see errors like `rendered manifests contain a resource that already exists` during installation, you may need to forcibly take ownership. - -The script below can handle this for you. Replace `RELEASE` and `NAMESPACE` with the name and namespace of the release: - -```console -KINDS=(service deployment) -RELEASE=istio-ingressgateway -NAMESPACE=istio-system -for KIND in "${KINDS[@]}"; do - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-name=$RELEASE - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-namespace=$NAMESPACE - kubectl --namespace $NAMESPACE --overwrite=true label $KIND $RELEASE app.kubernetes.io/managed-by=Helm -done -``` - -You may ignore errors about resources not being found. diff --git a/resources/v1.26.0/charts/gateway/files/profile-ambient.yaml b/resources/v1.26.0/charts/gateway/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.0/charts/gateway/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.0/charts/gateway/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.0/charts/gateway/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.0/charts/gateway/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/gateway/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.0/charts/gateway/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.0/charts/gateway/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.0/charts/gateway/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.0/charts/gateway/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/gateway/files/profile-demo.yaml b/resources/v1.26.0/charts/gateway/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.0/charts/gateway/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.0/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.26.0/charts/gateway/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.0/charts/gateway/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.0/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.26.0/charts/gateway/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.0/charts/gateway/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.0/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.26.0/charts/gateway/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.0/charts/gateway/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.0/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.26.0/charts/gateway/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.0/charts/gateway/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.0/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.26.0/charts/gateway/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.0/charts/gateway/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.0/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.26.0/charts/gateway/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.0/charts/gateway/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.0/charts/gateway/files/profile-preview.yaml b/resources/v1.26.0/charts/gateway/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.0/charts/gateway/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.0/charts/gateway/files/profile-remote.yaml b/resources/v1.26.0/charts/gateway/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.0/charts/gateway/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.0/charts/gateway/files/profile-stable.yaml b/resources/v1.26.0/charts/gateway/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.0/charts/gateway/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.0/charts/gateway/templates/NOTES.txt b/resources/v1.26.0/charts/gateway/templates/NOTES.txt deleted file mode 100644 index fd0142911..000000000 --- a/resources/v1.26.0/charts/gateway/templates/NOTES.txt +++ /dev/null @@ -1,9 +0,0 @@ -"{{ include "gateway.name" . }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: - * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ - * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ diff --git a/resources/v1.26.0/charts/gateway/templates/_helpers.tpl b/resources/v1.26.0/charts/gateway/templates/_helpers.tpl deleted file mode 100644 index e5a0a9b3c..000000000 --- a/resources/v1.26.0/charts/gateway/templates/_helpers.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{- define "gateway.name" -}} -{{- if eq .Release.Name "RELEASE-NAME" -}} - {{- .Values.name | default "istio-ingressgateway" -}} -{{- else -}} - {{- .Values.name | default .Release.Name | default "istio-ingressgateway" -}} -{{- end -}} -{{- end }} - -{{- define "gateway.labels" -}} -{{ include "gateway.selectorLabels" . }} -{{- range $key, $val := .Values.labels }} -{{- if and (ne $key "app") (ne $key "istio") }} -{{ $key | quote }}: {{ $val | quote }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "gateway.selectorLabels" -}} -app: {{ (.Values.labels.app | quote) | default (include "gateway.name" .) }} -istio: {{ (.Values.labels.istio | quote) | default (include "gateway.name" . | trimPrefix "istio-") }} -{{- end }} - -{{/* -Keep sidecar injection labels together -https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy -*/}} -{{- define "gateway.sidecarInjectionLabels" -}} -sidecar.istio.io/inject: "true" -{{- with .Values.revision }} -istio.io/rev: {{ . | quote }} -{{- end }} -{{- end }} - -{{- define "gateway.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- .Values.serviceAccount.name | default (include "gateway.name" .) }} -{{- else }} -{{- .Values.serviceAccount.name | default "default" }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.0/charts/gateway/templates/deployment.yaml b/resources/v1.26.0/charts/gateway/templates/deployment.yaml deleted file mode 100644 index d83ff3b49..000000000 --- a/resources/v1.26.0/charts/gateway/templates/deployment.yaml +++ /dev/null @@ -1,131 +0,0 @@ -apiVersion: apps/v1 -kind: {{ .Values.kind | default "Deployment" }} -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - {{- if and (hasKey .Values "replicaCount") (ne .Values.replicaCount nil) }} - replicas: {{ .Values.replicaCount }} - {{- end }} - {{- end }} - {{- with .Values.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.minReadySeconds }} - minReadySeconds: {{ . }} - {{- end }} - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "gateway.sidecarInjectionLabels" . | nindent 8 }} - {{- include "gateway.selectorLabels" . | nindent 8 }} - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 8}} - {{- range $key, $val := .Values.labels }} - {{- if and (ne $key "app") (ne $key "istio") }} - {{ $key | quote }}: {{ $val | quote }} - {{- end }} - {{- end }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "gateway.serviceAccountName" . }} - securityContext: - {{- if .Values.securityContext }} - {{- toYaml .Values.securityContext | nindent 8 }} - {{- else }} - # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326 - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - {{- with .Values.volumes }} - volumes: - {{ toYaml . | nindent 8 }} - {{- end }} - containers: - - name: istio-proxy - # "auto" will be populated at runtime by the mutating webhook. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#customizing-injection - image: auto - {{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} - {{- end }} - securityContext: - {{- if .Values.containerSecurityContext }} - {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- else }} - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - {{- if not (eq (.Values.platform | default "") "openshift") }} - runAsUser: 1337 - runAsGroup: 1337 - {{- end }} - runAsNonRoot: true - {{- end }} - env: - {{- with .Values.networkGateway }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: "{{.}}" - {{- end }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} - {{- with .Values.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} diff --git a/resources/v1.26.0/charts/gateway/templates/hpa.yaml b/resources/v1.26.0/charts/gateway/templates/hpa.yaml deleted file mode 100644 index 64ecb6a4c..000000000 --- a/resources/v1.26.0/charts/gateway/templates/hpa.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if and (.Values.autoscaling.enabled) (eq .Values.kind "Deployment") }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: {{ .Values.kind | default "Deployment" }} - name: {{ include "gateway.name" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaling.autoscaleBehavior | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.0/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.26.0/charts/gateway/templates/poddisruptionbudget.yaml deleted file mode 100644 index b0155cdf0..000000000 --- a/resources/v1.26.0/charts/gateway/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} -spec: - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - {{- with .Values.podDisruptionBudget }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.0/charts/gateway/templates/role.yaml b/resources/v1.26.0/charts/gateway/templates/role.yaml deleted file mode 100644 index 3d1607963..000000000 --- a/resources/v1.26.0/charts/gateway/templates/role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/*Set up roles for Istio Gateway. Not required for gateway-api*/}} -{{- if .Values.rbac.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "gateway.serviceAccountName" . }} -subjects: -- kind: ServiceAccount - name: {{ include "gateway.serviceAccountName" . }} -{{- end }} diff --git a/resources/v1.26.0/charts/gateway/templates/service.yaml b/resources/v1.26.0/charts/gateway/templates/service.yaml deleted file mode 100644 index 3e28418f7..000000000 --- a/resources/v1.26.0/charts/gateway/templates/service.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if not (eq .Values.service.type "None") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - annotations: - {{- merge (deepCopy .Values.service.annotations) .Values.annotations | toYaml | nindent 4 }} -spec: -{{- with .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ . }}" -{{- end }} -{{- if eq .Values.service.type "LoadBalancer" }} - {{- if hasKey .Values.service "allocateLoadBalancerNodePorts" }} - allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }} - {{- end }} - {{- if hasKey .Values.service "loadBalancerClass" }} - loadBalancerClass: {{ .Values.service.loadBalancerClass }} - {{- end }} -{{- end }} -{{- if .Values.service.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} -{{- end }} -{{- if .Values.service.ipFamilies }} - ipFamilies: -{{- range .Values.service.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} -{{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: "{{ . }}" -{{- end }} - type: {{ .Values.service.type }} - ports: -{{- if .Values.networkGateway }} - - name: status-port - port: 15021 - targetPort: 15021 - - name: tls - port: 15443 - targetPort: 15443 - - name: tls-istiod - port: 15012 - targetPort: 15012 - - name: tls-webhook - port: 15017 - targetPort: 15017 -{{- else }} -{{ .Values.service.ports | toYaml | indent 4 }} -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: {{- range .Values.service.externalIPs }} - - {{.}} - {{- end }} -{{- end }} - selector: - {{- include "gateway.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.0/charts/gateway/templates/serviceaccount.yaml b/resources/v1.26.0/charts/gateway/templates/serviceaccount.yaml deleted file mode 100644 index c88afeadd..000000000 --- a/resources/v1.26.0/charts/gateway/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.0/charts/gateway/templates/zzz_profile.yaml b/resources/v1.26.0/charts/gateway/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.0/charts/gateway/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.0/charts/gateway/values.schema.json b/resources/v1.26.0/charts/gateway/values.schema.json deleted file mode 100644 index 3fdaa2730..000000000 --- a/resources/v1.26.0/charts/gateway/values.schema.json +++ /dev/null @@ -1,330 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "$defs": { - "values": { - "type": "object", - "properties": { - "global": { - "type": "object" - }, - "affinity": { - "type": "object" - }, - "securityContext": { - "type": [ - "object", - "null" - ] - }, - "containerSecurityContext": { - "type": [ - "object", - "null" - ] - }, - "kind": { - "type": "string", - "enum": [ - "Deployment", - "DaemonSet" - ] - }, - "annotations": { - "additionalProperties": { - "type": [ - "string", - "integer" - ] - }, - "type": "object" - }, - "autoscaling": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxReplicas": { - "type": "integer" - }, - "minReplicas": { - "type": "integer" - }, - "targetCPUUtilizationPercentage": { - "type": "integer" - } - } - }, - "env": { - "type": "object" - }, - "strategy": { - "type": "object" - }, - "minReadySeconds": { - "type": [ - "null", - "integer" - ] - }, - "readinessProbe": { - "type": [ - "null", - "object" - ] - }, - "labels": { - "type": "object" - }, - "name": { - "type": "string" - }, - "nodeSelector": { - "type": "object" - }, - "podAnnotations": { - "type": "object", - "properties": { - "inject.istio.io/templates": { - "type": "string" - }, - "prometheus.io/path": { - "type": "string" - }, - "prometheus.io/port": { - "type": "string" - }, - "prometheus.io/scrape": { - "type": "string" - } - } - }, - "replicaCount": { - "type": [ - "integer", - "null" - ] - }, - "resources": { - "type": "object", - "properties": { - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - }, - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - } - } - }, - "revision": { - "type": "string" - }, - "compatibilityVersion": { - "type": "string" - }, - "runAsRoot": { - "type": "boolean" - }, - "unprivilegedPort": { - "type": [ - "string", - "boolean" - ], - "enum": [ - true, - false, - "auto" - ] - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "loadBalancerIP": { - "type": "string" - }, - "loadBalancerSourceRanges": { - "type": "array" - }, - "ipFamilies": { - "items": { - "type": "string", - "enum": [ - "IPv4", - "IPv6" - ] - } - }, - "ipFamilyPolicy": { - "type": "string", - "enum": [ - "", - "SingleStack", - "PreferDualStack", - "RequireDualStack" - ] - }, - "ports": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "protocol": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - }, - "type": { - "type": "string" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "name": { - "type": "string" - }, - "create": { - "type": "boolean" - } - } - }, - "rbac": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "tolerations": { - "type": "array" - }, - "topologySpreadConstraints": { - "type": "array" - }, - "networkGateway": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string", - "enum": [ - "", - "Always", - "IfNotPresent", - "Never" - ] - }, - "imagePullSecrets": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - } - } - }, - "podDisruptionBudget": { - "type": "object", - "properties": { - "minAvailable": { - "type": [ - "integer", - "string" - ] - }, - "maxUnavailable": { - "type": [ - "integer", - "string" - ] - }, - "unhealthyPodEvictionPolicy": { - "type": "string", - "enum": [ - "", - "IfHealthyBudget", - "AlwaysAllow" - ] - } - } - }, - "terminationGracePeriodSeconds": { - "type": "number" - }, - "volumes": { - "type": "array", - "items": { - "type": "object" - } - }, - "volumeMounts": { - "type": "array", - "items": { - "type": "object" - } - }, - "priorityClassName": { - "type": "string" - }, - "_internal_defaults_do_not_set": { - "type": "object" - } - }, - "additionalProperties": false - } - }, - "defaults": { - "$ref": "#/$defs/values" - }, - "$ref": "#/$defs/values" -} diff --git a/resources/v1.26.0/charts/gateway/values.yaml b/resources/v1.26.0/charts/gateway/values.yaml deleted file mode 100644 index 4e65676ba..000000000 --- a/resources/v1.26.0/charts/gateway/values.yaml +++ /dev/null @@ -1,170 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Name allows overriding the release name. Generally this should not be set - name: "" - # revision declares which revision this gateway is a part of - revision: "" - - # Controls the spec.replicas setting for the Gateway deployment if set. - # Otherwise defaults to Kubernetes Deployment default (1). - replicaCount: - - kind: Deployment - - rbac: - # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed - # when using http://gateway-api.org/. - enabled: true - - serviceAccount: - # If set, a service account will be created. Otherwise, the default is used - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set, the release name is used - name: "" - - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - prometheus.io/path: "/stats/prometheus" - inject.istio.io/templates: "gateway" - sidecar.istio.io/inject: "true" - - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - containerSecurityContext: {} - - service: - # Type of service. Set to "None" to disable the service entirely - type: LoadBalancer - ports: - - name: status-port - port: 15021 - protocol: TCP - targetPort: 15021 - - name: http2 - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - annotations: {} - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalTrafficPolicy: "" - externalIPs: [] - ipFamilyPolicy: "" - ipFamilies: [] - ## Whether to automatically allocate NodePorts (only for LoadBalancers). - # allocateLoadBalancerNodePorts: false - ## Set LoadBalancer class (only for LoadBalancers). - # loadBalancerClass: "" - - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: {} - autoscaleBehavior: {} - - # Pod environment variables - env: {} - - # Deployment Update strategy - strategy: {} - - # Sets the Deployment minReadySeconds value - minReadySeconds: - - # Optionally configure a custom readinessProbe. By default the control plane - # automatically injects the readinessProbe. If you wish to override that - # behavior, you may define your own readinessProbe here. - readinessProbe: {} - - # Labels to apply to all resources - labels: - # By default, don't enroll gateways into the ambient dataplane - "istio.io/dataplane-mode": none - - # Annotations to apply to all resources - annotations: {} - - nodeSelector: {} - - tolerations: [] - - topologySpreadConstraints: [] - - affinity: {} - - # If specified, the gateway will act as a network gateway for the given network. - networkGateway: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent - imagePullPolicy: "" - - imagePullSecrets: [] - - # This value is used to configure a Kubernetes PodDisruptionBudget for the gateway. - # - # By default, the `podDisruptionBudget` is disabled (set to `{}`), - # which means that no PodDisruptionBudget resource will be created. - # - # To enable the PodDisruptionBudget, configure it by specifying the - # `minAvailable` or `maxUnavailable`. For example, to set the - # minimum number of available replicas to 1, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # - # Or, to allow a maximum of 1 unavailable replica, you can set: - # - # podDisruptionBudget: - # maxUnavailable: 1 - # - # You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`. - # For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # unhealthyPodEvictionPolicy: AlwaysAllow - # - # To disable the PodDisruptionBudget, you can leave it as an empty object `{}`: - # - # podDisruptionBudget: {} - # - podDisruptionBudget: {} - - # Sets the per-pod terminationGracePeriodSeconds setting. - terminationGracePeriodSeconds: 30 - - # A list of `Volumes` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumes: [] - - # A list of `VolumeMounts` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumeMounts: [] - - # Configure this to a higher priority class in order to make sure your Istio gateway pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" diff --git a/resources/v1.26.0/charts/istiod/Chart.yaml b/resources/v1.26.0/charts/istiod/Chart.yaml deleted file mode 100644 index b3ebd081a..000000000 --- a/resources/v1.26.0/charts/istiod/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.0 -description: Helm chart for istio control plane -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- istiod -- istio-discovery -name: istiod -sources: -- https://github.com/istio/istio -version: 1.26.0 diff --git a/resources/v1.26.0/charts/istiod/README.md b/resources/v1.26.0/charts/istiod/README.md deleted file mode 100644 index ddbfbc8fe..000000000 --- a/resources/v1.26.0/charts/istiod/README.md +++ /dev/null @@ -1,73 +0,0 @@ -# Istiod Helm Chart - -This chart installs an Istiod deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -Before installing, ensure CRDs are installed in the cluster (from the `istio/base` chart). - -To install the chart with the release name `istiod`: - -```console -kubectl create namespace istio-system -helm install istiod istio/istiod --namespace istio-system -``` - -## Uninstalling the Chart - -To uninstall/delete the `istiod` deployment: - -```console -helm delete istiod --namespace istio-system -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istiod -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Examples - -#### Configuring mesh configuration settings - -Any [Mesh Config](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/) options can be configured like below: - -```yaml -meshConfig: - accessLogFile: /dev/stdout -``` - -#### Revisions - -Control plane revisions allow deploying multiple versions of the control plane in the same cluster. -This allows safe [canary upgrades](https://istio.io/latest/docs/setup/upgrade/canary/) - -```yaml -revision: my-revision-name -``` diff --git a/resources/v1.26.0/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.26.0/charts/istiod/files/gateway-injection-template.yaml deleted file mode 100644 index fdeab1adb..000000000 --- a/resources/v1.26.0/charts/istiod/files/gateway-injection-template.yaml +++ /dev/null @@ -1,261 +0,0 @@ -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: - istio.io/rev: {{ .Revision | default "default" | quote }} - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}" - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}" - {{- end }} - {{- end }} -spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 4 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- end }} - securityContext: - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.0/charts/istiod/files/grpc-agent.yaml b/resources/v1.26.0/charts/istiod/files/grpc-agent.yaml deleted file mode 100644 index 6f3315b35..000000000 --- a/resources/v1.26.0/charts/istiod/files/grpc-agent.yaml +++ /dev/null @@ -1,318 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - {{/* security.istio.io/tlsMode: istio must be set by user, if gRPC is using mTLS initialization code. We can't set it automatically. */}} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} - sidecar.istio.io/rewriteAppHTTPProbers: "false", - } -spec: - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15020 - protocol: TCP - name: mesh-metrics - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - - --url=http://localhost:15020/healthz/ready - env: - - name: ISTIO_META_GENERATOR - value: grpc - - name: OUTPUT_CERTS - value: /var/lib/istio/data - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - # grpc uses xds:/// to resolve – no need to resolve VIP - - name: ISTIO_META_DNS_CAPTURE - value: "false" - - name: DISABLE_ENVOY - value: "true" - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15020 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} -{{- range $index, $container := .Spec.Containers }} -{{ if not (eq $container.Name "istio-proxy") }} - - name: {{ $container.Name }} - env: - - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" - value: "true" - - name: "GRPC_XDS_BOOTSTRAP" - value: "/etc/istio/proxy/grpc-bootstrap.json" - volumeMounts: - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - {{- if eq $.Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} -{{- end }} -{{- end }} - volumes: - - emptyDir: - name: workload-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-xds - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.0/charts/istiod/files/grpc-simple.yaml b/resources/v1.26.0/charts/istiod/files/grpc-simple.yaml deleted file mode 100644 index 9ba0c7a46..000000000 --- a/resources/v1.26.0/charts/istiod/files/grpc-simple.yaml +++ /dev/null @@ -1,65 +0,0 @@ -metadata: - annotations: - sidecar.istio.io/rewriteAppHTTPProbers: "false" -spec: - initContainers: - - name: grpc-bootstrap-init - image: busybox:1.28 - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - env: - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_NAMESPACE - value: | - {{ .Values.global.istioNamespace }} - command: - - sh - - "-c" - - |- - NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local" - SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010" - echo ' - { - "xds_servers": [ - { - "server_uri": "'${SERVER_URI}'", - "channel_creds": [{"type": "insecure"}], - "server_features" : ["xds_v3"] - } - ], - "node": { - "id": "'${NODE_ID}'", - "metadata": { - "GENERATOR": "grpc" - } - } - }' > /var/lib/grpc/data/bootstrap.json - containers: - {{- range $index, $container := .Spec.Containers }} - - name: {{ $container.Name }} - env: - - name: GRPC_XDS_BOOTSTRAP - value: /var/lib/grpc/data/bootstrap.json - - name: GRPC_GO_LOG_VERBOSITY_LEVEL - value: "99" - - name: GRPC_GO_LOG_SEVERITY_LEVEL - value: info - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - {{- end }} - volumes: - - name: grpc-io-proxyless-bootstrap - emptyDir: {} diff --git a/resources/v1.26.0/charts/istiod/files/injection-template.yaml b/resources/v1.26.0/charts/istiod/files/injection-template.yaml deleted file mode 100644 index d8b96ffdc..000000000 --- a/resources/v1.26.0/charts/istiod/files/injection-template.yaml +++ /dev/null @@ -1,530 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{ $nativeSidecar := (or (and (not (isset .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`)) (eq (env "ENABLE_NATIVE_SIDECARS" "false") "true")) (eq (index .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`) "true")) }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio" | quote }} - {{- if eq (index .ProxyConfig.ProxyMetadata "ISTIO_META_ENABLE_HBONE") "true" }} - networking.istio.io/tunnel: {{ index .ObjectMeta.Labels `networking.istio.io/tunnel` | default "http" | quote }} - {{- end }} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | trunc 63 | trimSuffix "-" | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} -{{- if .Values.pilot.cni.enabled }} - {{- if eq .Values.pilot.cni.provider "multus" }} - k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `default/istio-cni` }}', - {{- end }} - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}", - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} - traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}", - {{- end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}istio.io/reroute-virtual-interfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}traffic.sidecar.istio.io/excludeInterfaces: "{{.}}",{{ end }} -{{- end }} - } -spec: - {{- $holdProxy := and - (or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts) - (not $nativeSidecar) }} - {{- $noInitContainer := and - (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE`) - (not $nativeSidecar) }} - {{ if $noInitContainer }} - initContainers: [] - {{ else -}} - initContainers: - {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} - {{ if .Values.pilot.cni.enabled -}} - - name: istio-validation - {{ else -}} - - name: istio-init - {{ end -}} - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - args: - - istio-iptables - - "-p" - - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }} - - "-z" - - {{ .MeshConfig.ProxyInboundListenPort | default "15006" | quote }} - - "-u" - - {{ .ProxyUID | default "1337" | quote }} - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}" - - "-d" - {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} - - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{- else }} - - "15090,15021" - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} - - "-q" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" - {{ end -}} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`) -}} - - "-c" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}" - {{ end -}} - - "--log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}" - {{ if .Values.global.logAsJson -}} - - "--log_as_json" - {{ end -}} - {{ if .Values.pilot.cni.enabled -}} - - "--run-validation" - - "--skip-rule-apply" - {{ else if .Values.global.proxy_init.forceApplyIptables -}} - - "--force-apply" - {{ end -}} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{- if .ProxyConfig.ProxyMetadata }} - env: - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: - {{- if not .Values.pilot.cni.enabled }} - add: - - NET_ADMIN - - NET_RAW - {{- end }} - drop: - - ALL - {{- if not .Values.pilot.cni.enabled }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - readOnlyRootFilesystem: true - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsUser: {{ .ProxyUID | default "1337" }} - runAsNonRoot: true - {{- end }} - {{ end -}} - {{ end -}} - {{ if not $nativeSidecar }} - containers: - {{ end }} - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{ if $nativeSidecar }}restartPolicy: Always{{end}} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- else if $holdProxy }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - {{- else if $nativeSidecar }} - {{- /* preStop is called when the pod starts shutdown. Initialize drain. We will get SIGTERM once applications are torn down. */}} - lifecycle: - preStop: - exec: - command: - - pilot-agent - - request - - --debug-port={{(annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort)}} - - POST - - drain - {{- end }} - env: - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- with (index .ObjectMeta.Labels `service.istio.io/workload-name` | default .DeploymentMeta.Name) }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ . }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - {{ if .Values.global.proxy.startupProbe.enabled }} - startupProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: 0 - periodSeconds: 1 - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.startupProbe.failureThreshold }} - {{ end }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }} - allowPrivilegeEscalation: true - capabilities: - add: - - NET_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: true - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: false - runAsUser: 0 - {{- else }} - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - add: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - - NET_ADMIN - {{- end }} - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} - - NET_BIND_SERVICE - {{- end }} - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: true - runAsGroup: {{ .ProxyGID | default "1337" }} - {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - runAsNonRoot: false - runAsUser: 0 - {{- else -}} - runAsNonRoot: true - runAsUser: {{ .ProxyUID | default "1337" }} - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} - volumes: - - emptyDir: - name: workload-socket - - emptyDir: - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.0/charts/istiod/files/kube-gateway.yaml b/resources/v1.26.0/charts/istiod/files/kube-gateway.yaml deleted file mode 100644 index 447ecae83..000000000 --- a/resources/v1.26.0/charts/istiod/files/kube-gateway.yaml +++ /dev/null @@ -1,401 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": {{.Name}} - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 8 }} - spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 8 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- if .Values.gateways.seccompProfile }} - seccompProfile: - {{- toYaml .Values.gateways.seccompProfile | nindent 10 }} - {{- end }} - {{- end }} - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{- if .Values.global.proxy.resources }} - resources: - {{- toYaml .Values.global.proxy.resources | nindent 10 }} - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - securityContext: - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: true - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }} - {{- end }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: "[]" - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName .ClusterID }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- with (valueOrDefault (index .InfrastructureLabels "topology.istio.io/network") .Values.global.network) }} - - name: ISTIO_META_NETWORK - value: {{.|quote}} - {{- end }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName|quote}} - - name: ISTIO_META_OWNER - value: "kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}}" - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- with (index .InfrastructureLabels "topology.istio.io/network") }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: {{.|quote}} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq ((.Values.pilot).env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: {{.UID}} -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": {{.Name}} - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.0/charts/istiod/files/profile-ambient.yaml b/resources/v1.26.0/charts/istiod/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.0/charts/istiod/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.0/charts/istiod/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.0/charts/istiod/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.0/charts/istiod/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/istiod/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.0/charts/istiod/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.0/charts/istiod/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.0/charts/istiod/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.0/charts/istiod/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/istiod/files/profile-demo.yaml b/resources/v1.26.0/charts/istiod/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.0/charts/istiod/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.0/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.26.0/charts/istiod/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.0/charts/istiod/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.0/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.26.0/charts/istiod/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.0/charts/istiod/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.0/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.26.0/charts/istiod/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.0/charts/istiod/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.0/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.26.0/charts/istiod/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.0/charts/istiod/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.0/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.26.0/charts/istiod/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.0/charts/istiod/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.0/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.26.0/charts/istiod/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.0/charts/istiod/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.0/charts/istiod/files/profile-preview.yaml b/resources/v1.26.0/charts/istiod/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.0/charts/istiod/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.0/charts/istiod/files/profile-remote.yaml b/resources/v1.26.0/charts/istiod/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.0/charts/istiod/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.0/charts/istiod/files/profile-stable.yaml b/resources/v1.26.0/charts/istiod/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.0/charts/istiod/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.0/charts/istiod/files/waypoint.yaml b/resources/v1.26.0/charts/istiod/files/waypoint.yaml deleted file mode 100644 index 421cabeae..000000000 --- a/resources/v1.26.0/charts/istiod/files/waypoint.yaml +++ /dev/null @@ -1,396 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": "{{.Name}}" - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "istio.io/dataplane-mode" "none" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 8}} - spec: - {{- if .Values.global.waypoint.affinity }} - affinity: - {{- toYaml .Values.global.waypoint.affinity | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml .Values.global.waypoint.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.nodeSelector }} - nodeSelector: - {{- toYaml .Values.global.waypoint.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.tolerations }} - tolerations: - {{- toYaml .Values.global.waypoint.tolerations | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 2 - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - args: - - proxy - - waypoint - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - {{.ServiceAccount}}.$(POD_NAMESPACE) - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - env: - - name: ISTIO_META_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - {{- if .ProxyConfig.ProxyMetadata }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - {{- $network := valueOrDefault (index .InfrastructureLabels `topology.istio.io/network`) .Values.global.network }} - {{- if $network }} - - name: ISTIO_META_NETWORK - value: "{{ $network }}" - {{- end }} - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName}} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if .Values.global.waypoint.resources }} - resources: - {{- toYaml .Values.global.waypoint.resources | nindent 10 }} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - privileged: false - {{- if not (eq .Values.global.platform "openshift") }} - runAsGroup: 1337 - runAsUser: 1337 - {{- end }} - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.gateways.seccompProfile }} - seccompProfile: -{{- toYaml .Values.gateways.seccompProfile | nindent 12 }} -{{- end }} - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: - medium: Memory - name: go-proxy-envoy - - emptyDir: {} - name: istio-data - - emptyDir: {} - name: go-proxy-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap - (strdict "networking.istio.io/traffic-distribution" "PreferClose") - (omit .InfrastructureAnnotations - "kubectl.kubernetes.io/last-applied-configuration" - "gateway.istio.io/name-override" - "gateway.istio.io/service-account" - "gateway.istio.io/controller-version" - ) | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": "{{.Name}}" - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.0/charts/istiod/templates/NOTES.txt b/resources/v1.26.0/charts/istiod/templates/NOTES.txt deleted file mode 100644 index 0d07ea7f4..000000000 --- a/resources/v1.26.0/charts/istiod/templates/NOTES.txt +++ /dev/null @@ -1,82 +0,0 @@ -"istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: -{{- $profile := default "" .Values.profile }} -{{- if (eq $profile "ambient") }} - * Get started with ambient: https://istio.io/latest/docs/ops/ambient/getting-started/ - * Review ambient's architecture: https://istio.io/latest/docs/ops/ambient/architecture/ -{{- else }} - * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/ - * Try out our tasks to get started on common configurations: - * https://istio.io/latest/docs/tasks/traffic-management - * https://istio.io/latest/docs/tasks/security/ - * https://istio.io/latest/docs/tasks/policy-enforcement/ -{{- end }} - * Review the list of actively supported releases, CVE publications and our hardening guide: - * https://istio.io/latest/docs/releases/supported-releases/ - * https://istio.io/latest/news/security/ - * https://istio.io/latest/docs/ops/best-practices/security/ - -For further documentation see https://istio.io website - -{{- - $deps := dict - "global.outboundTrafficPolicy" "meshConfig.outboundTrafficPolicy" - "global.certificates" "meshConfig.certificates" - "global.localityLbSetting" "meshConfig.localityLbSetting" - "global.policyCheckFailOpen" "meshConfig.policyCheckFailOpen" - "global.enableTracing" "meshConfig.enableTracing" - "global.proxy.accessLogFormat" "meshConfig.accessLogFormat" - "global.proxy.accessLogFile" "meshConfig.accessLogFile" - "global.proxy.concurrency" "meshConfig.defaultConfig.concurrency" - "global.proxy.envoyAccessLogService" "meshConfig.defaultConfig.envoyAccessLogService" - "global.proxy.envoyAccessLogService.enabled" "meshConfig.enableEnvoyAccessLogService" - "global.proxy.envoyMetricsService" "meshConfig.defaultConfig.envoyMetricsService" - "global.proxy.protocolDetectionTimeout" "meshConfig.protocolDetectionTimeout" - "global.proxy.holdApplicationUntilProxyStarts" "meshConfig.defaultConfig.holdApplicationUntilProxyStarts" - "pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" - "global.mtls.enabled" "the PeerAuthentication resource" - "global.mtls.auto" "meshConfig.enableAutoMtls" - "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address" - "global.tracer.lightstep.accessToken" "meshConfig.defaultConfig.tracing.lightstep.accessToken" - "global.tracer.zipkin.address" "meshConfig.defaultConfig.tracing.zipkin.address" - "global.tracer.datadog.address" "meshConfig.defaultConfig.tracing.datadog.address" - "global.meshExpansion.enabled" "Gateway and other Istio networking resources, such as in samples/multicluster/" - "istiocoredns.enabled" "the in-proxy DNS capturing (ISTIO_META_DNS_CAPTURE)" -}} -{{- range $dep, $replace := $deps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -WARNING: {{$dep|quote}} is deprecated; use {{$replace|quote}} instead. -{{- end }} -{{- end }} -{{- - $failDeps := dict - "telemetry.v2.prometheus.configOverride" - "telemetry.v2.stackdriver.configOverride" - "telemetry.v2.stackdriver.disableOutbound" - "telemetry.v2.stackdriver.outboundAccessLogging" - "global.tracer.stackdriver.debug" "meshConfig.defaultConfig.tracing.stackdriver.debug" - "global.tracer.stackdriver.maxNumberOfAttributes" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" - "global.tracer.stackdriver.maxNumberOfAnnotations" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" - "global.tracer.stackdriver.maxNumberOfMessageEvents" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" - "meshConfig.defaultConfig.tracing.stackdriver.debug" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" "Istio supported tracers" -}} -{{- range $dep, $replace := $failDeps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -{{fail (print $dep " is removed")}} -{{- end }} -{{- end }} -{{- if eq $.Values.global.pilotCertProvider "kubernetes" }} -{{- fail "pilotCertProvider=kubernetes is not supported" }} -{{- end }} \ No newline at end of file diff --git a/resources/v1.26.0/charts/istiod/templates/_helpers.tpl b/resources/v1.26.0/charts/istiod/templates/_helpers.tpl deleted file mode 100644 index 042c92538..000000000 --- a/resources/v1.26.0/charts/istiod/templates/_helpers.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* Default Prometheus is enabled if its enabled and there are no config overrides set */}} -{{ define "default-prometheus" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.prometheus.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. Default metrics are enabled if SD is enabled */}} -{{ define "default-sd-metrics" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. */}} -{{ define "default-sd-logs" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/autoscale.yaml b/resources/v1.26.0/charts/istiod/templates/autoscale.yaml deleted file mode 100644 index 09cd6258c..000000000 --- a/resources/v1.26.0/charts/istiod/templates/autoscale.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.cpu.targetAverageUtilization }} - {{- if .Values.memory.targetAverageUtilization }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.memory.targetAverageUtilization }} - {{- end }} - {{- if .Values.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaleBehavior | nindent 4 }} - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/clusterrole.yaml b/resources/v1.26.0/charts/istiod/templates/clusterrole.yaml deleted file mode 100644 index f5157600e..000000000 --- a/resources/v1.26.0/charts/istiod/templates/clusterrole.yaml +++ /dev/null @@ -1,206 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - # sidecar injection controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - # configuration validation webhook controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] - - # istio configuration - # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) - # please proceed with caution - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["get", "watch", "list"] - resources: ["*"] -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["update", "patch"] - resources: - - authorizationpolicies/status - - destinationrules/status - - envoyfilters/status - - gateways/status - - peerauthentications/status - - proxyconfigs/status - - requestauthentications/status - - serviceentries/status - - sidecars/status - - telemetries/status - - virtualservices/status - - wasmplugins/status - - workloadentries/status - - workloadgroups/status -{{- end }} - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries/status", "serviceentries/status" ] - - apiGroups: ["security.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "authorizationpolicies/status" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services/status" ] - - # auto-detect installed CRD definitions - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - # discovery and routing - - apiGroups: [""] - resources: ["pods", "nodes", "services", "namespaces", "endpoints"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - -{{- if .Values.taint.enabled }} - - apiGroups: [""] - resources: ["nodes"] - verbs: ["patch"] -{{- end }} - - # ingress controller -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] -{{- end}} - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses", "ingressclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] - - # required for CA's namespace controller - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - # Istiod and bootstrap. -{{- $omitCertProvidersForClusterRole := list "istiod" "custom" "none"}} -{{- if or .Values.env.EXTERNAL_CA (not (has .Values.global.pilotCertProvider $omitCertProvidersForClusterRole)) }} - - apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete", "watch"] - - apiGroups: ["certificates.k8s.io"] - resources: - - "signers" - resourceNames: -{{- range .Values.global.certSigners }} - - {{ . | quote }} -{{- end }} - verbs: ["approve"] -{{- end}} -{{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - - apiGroups: ["certificates.k8s.io"] - resources: ["clustertrustbundles"] - verbs: ["update", "create", "delete"] - - apiGroups: ["certificates.k8s.io"] - resources: ["signers"] - resourceNames: ["istio.io/istiod-ca"] - verbs: ["attest"] -{{- end }} - - # Used by Istiod to verify the JWT tokens - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - # Used by Istiod to verify gateway SDS - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] - - # Use for Kubernetes Service APIs - - apiGroups: ["gateway.networking.k8s.io", "gateway.networking.x-k8s.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] - - apiGroups: ["gateway.networking.x-k8s.io"] - resources: - - xbackendtrafficpolicies/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: - - backendtlspolicies/status - - gatewayclasses/status - - gateways/status - - grpcroutes/status - - httproutes/status - - referencegrants/status - - tcproutes/status - - tlsroutes/status - - udproutes/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: ["gatewayclasses"] - verbs: ["create", "update", "patch", "delete"] - - # Needed for multicluster secret reading, possibly ingress certs in the future - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] - - # Used for MCS serviceexport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: [ "get", "watch", "list", "create", "delete"] - - # Used for MCS serviceimport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "watch", "list"] ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: ["apps"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "deployments" ] - - apiGroups: ["autoscaling"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "horizontalpodautoscalers" ] - - apiGroups: ["policy"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "poddisruptionbudgets" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "serviceaccounts"] -{{- end }} -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.26.0/charts/istiod/templates/clusterrolebinding.yaml deleted file mode 100644 index 10781b407..000000000 --- a/resources/v1.26.0/charts/istiod/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.26.0/charts/istiod/templates/configmap-jwks.yaml deleted file mode 100644 index 3505d2822..000000000 --- a/resources/v1.26.0/charts/istiod/templates/configmap-jwks.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/configmap-values.yaml b/resources/v1.26.0/charts/istiod/templates/configmap-values.yaml deleted file mode 100644 index 75e6e0bcc..000000000 --- a/resources/v1.26.0/charts/istiod/templates/configmap-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: values{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - annotations: - kubernetes.io/description: This ConfigMap contains the Helm values used during chart rendering. This ConfigMap is rendered for debugging purposes and external tooling; modifying these values has no effect. - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - original-values: |- -{{ .Values._original | toPrettyJson | indent 4 }} -{{- $_ := unset $.Values "_original" }} - merged-values: |- -{{ .Values | toPrettyJson | indent 4 }} diff --git a/resources/v1.26.0/charts/istiod/templates/configmap.yaml b/resources/v1.26.0/charts/istiod/templates/configmap.yaml deleted file mode 100644 index 3098d300f..000000000 --- a/resources/v1.26.0/charts/istiod/templates/configmap.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- define "mesh" }} - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: "cluster.local" - - # The namespace to treat as the administrative root namespace for Istio configuration. - # When processing a leaf namespace Istio will search for declarations in that namespace first - # and if none are found it will search in the root namespace. Any matching declaration found in the root namespace - # is processed as if it were declared in the leaf namespace. - rootNamespace: {{ .Values.meshConfig.rootNamespace | default .Values.global.istioNamespace }} - - {{ $prom := include "default-prometheus" . | eq "true" }} - {{ $sdMetrics := include "default-sd-metrics" . | eq "true" }} - {{ $sdLogs := include "default-sd-logs" . | eq "true" }} - {{- if or $prom $sdMetrics $sdLogs }} - defaultProviders: - {{- if or $prom $sdMetrics }} - metrics: - {{ if $prom }}- prometheus{{ end }} - {{ if and $sdMetrics $sdLogs }}- stackdriver{{ end }} - {{- end }} - {{- if and $sdMetrics $sdLogs }} - accessLogging: - - stackdriver - {{- end }} - {{- end }} - - defaultConfig: - {{- if .Values.global.meshID }} - meshId: "{{ .Values.global.meshID }}" - {{- end }} - {{- with (.Values.global.proxy.variant | default .Values.global.variant) }} - image: - imageType: {{. | quote}} - {{- end }} - {{- if not (eq .Values.global.proxy.tracer "none") }} - tracing: - {{- if eq .Values.global.proxy.tracer "lightstep" }} - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - zipkin: - # Address of the Zipkin collector - address: {{ ((.Values.global.tracer).zipkin).address | default (print "zipkin." .Values.global.istioNamespace ":9411") }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - datadog: - # Address of the Datadog Agent - address: {{ ((.Values.global.tracer).datadog).address | default "$(HOST_IP):8126" }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - stackdriver: - # enables trace output to stdout. - debug: {{ (($.Values.global.tracer).stackdriver).debug | default "false" }} - # The global default max number of attributes per span. - maxNumberOfAttributes: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAttributes | default "200" }} - # The global default max number of annotation events per span. - maxNumberOfAnnotations: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAnnotations | default "200" }} - # The global default max number of message events per span. - maxNumberOfMessageEvents: {{ (($.Values.global.tracer).stackdriver).maxNumberOfMessageEvents | default "200" }} - {{- end }} - {{- end }} - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ printf "istiod.%s.svc" .Release.Namespace }}:15012 - {{- else }} - discoveryAddress: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{.Release.Namespace}}.svc:15012 - {{- end }} -{{- end }} - -{{/* We take the mesh config above, defined with individual values.yaml, and merge with .Values.meshConfig */}} -{{/* The intent here is that meshConfig.foo becomes the API, rather than re-inventing the API in values.yaml */}} -{{- $originalMesh := include "mesh" . | fromYaml }} -{{- $mesh := mergeOverwrite $originalMesh .Values.meshConfig }} - -{{- if .Values.configMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} - - mesh: |- -{{- if .Values.meshConfig }} -{{ $mesh | toYaml | indent 4 }} -{{- else }} -{{- include "mesh" . }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/deployment.yaml b/resources/v1.26.0/charts/istiod/templates/deployment.yaml deleted file mode 100644 index 73917d860..000000000 --- a/resources/v1.26.0/charts/istiod/templates/deployment.yaml +++ /dev/null @@ -1,304 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- range $key, $val := .Values.deploymentLabels }} - {{ $key }}: "{{ $val }}" -{{- end }} -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - {{- if ne .Values.revision "" }} - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - {{- else }} - istio: pilot - {{- end }} - template: - metadata: - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - sidecar.istio.io/inject: "false" - operator.istio.io/component: "Pilot" - {{- if ne .Values.revision "" }} - istio: istiod - {{- else }} - istio: pilot - {{- end }} - {{- range $key, $val := .Values.podLabels }} - {{ $key }}: "{{ $val }}" - {{- end }} - istio.io/dataplane-mode: none - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 8 }} - annotations: - prometheus.io/port: "15014" - prometheus.io/scrape: "true" - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- with .Values.affinity }} - affinity: -{{- toYaml . | nindent 8 }} -{{- end }} - tolerations: - - key: cni.istio.io/not-ready - operator: "Exists" -{{- with .Values.tolerations }} -{{- toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{- toYaml . | nindent 8 }} -{{- end }} - serviceAccountName: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- with .Values.initContainers }} - initContainers: - {{- tpl (toYaml .) $ | nindent 8 }} -{{- end }} - containers: - - name: discovery -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "pilot" }}:{{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}}" -{{- end }} -{{- if .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} -{{- end }} - args: - - "discovery" - - --monitoringAddr=:15014 -{{- if .Values.global.logging.level }} - - --log_output_level={{ .Values.global.logging.level }} -{{- end}} -{{- if .Values.global.logAsJson }} - - --log_as_json -{{- end }} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.taint.namespace }} - - --cniNamespace={{ .Values.taint.namespace }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" -{{- if .Values.extraContainerArgs }} - {{- with .Values.extraContainerArgs }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- end }} - ports: - - containerPort: 8080 - protocol: TCP - name: http-debug - - containerPort: 15010 - protocol: TCP - name: grpc-xds - - containerPort: 15012 - protocol: TCP - name: tls-xds - - containerPort: 15017 - protocol: TCP - name: https-webhooks - - containerPort: 15014 - protocol: TCP - name: http-monitoring - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 1 - periodSeconds: 3 - timeoutSeconds: 5 - env: - - name: REVISION - value: "{{ .Values.revision | default `default` }}" - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.serviceAccountName - - name: KUBECONFIG - value: /var/run/secrets/remote/config - # If you explicitly told us where ztunnel lives, use that. - # Otherwise, assume it lives in our namespace - # Also, check for an explicit ENV override (legacy approach) and prefer that - # if present - {{ $ztTrustedNS := or .Values.trustedZtunnelNamespace .Release.Namespace }} - {{ $ztTrustedName := or .Values.trustedZtunnelName "ztunnel" }} - {{- if not .Values.env.CA_TRUSTED_NODE_ACCOUNTS }} - - name: CA_TRUSTED_NODE_ACCOUNTS - value: "{{ $ztTrustedNS }}/{{ $ztTrustedName }}" - {{- end }} - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - {{- with .Values.envVarFrom }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} -# If externalIstiod is set via Values.Global, then enable the pilot env variable. However, if it's set via Values.pilot.env, then -# don't set it here to avoid duplication. -# TODO (nshankar13): Move from Helm chart to code: https://github.com/istio/istio/issues/52449 -{{- if and .Values.global.externalIstiod (not (and .Values.env .Values.env.EXTERNAL_ISTIOD)) }} - - name: EXTERNAL_ISTIOD - value: "{{ .Values.global.externalIstiod }}" -{{- end }} - - name: PILOT_ENABLE_ANALYSIS - value: "{{ .Values.global.istiod.enableAnalysis }}" - - name: CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - divisor: "1" - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - divisor: "1" - - name: PLATFORM - value: "{{ coalesce .Values.global.platform .Values.platform }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - volumeMounts: - - name: istio-token - mountPath: /var/run/secrets/tokens - readOnly: true - - name: local-certs - mountPath: /var/run/secrets/istio-dns - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - - name: istio-kubeconfig - mountPath: /var/run/secrets/remote - readOnly: true - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts - {{- end }} - - name: istio-csr-dns-cert - mountPath: /var/run/secrets/istiod/tls - readOnly: true - - name: istio-csr-ca-configmap - mountPath: /var/run/secrets/istiod/ca - readOnly: true - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 10 }} - {{- end }} - volumes: - # Technically not needed on this pod - but it helps debugging/testing SDS - # Should be removed after everything works. - - emptyDir: - medium: Memory - name: local-certs - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ .Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - # Optional: user-generated root - - name: cacerts - secret: - secretName: cacerts - optional: true - - name: istio-kubeconfig - secret: - secretName: istio-kubeconfig - optional: true - # Optional: istio-csr dns pilot certs - - name: istio-csr-dns-cert - secret: - secretName: istiod-tls - optional: true - - name: istio-csr-ca-configmap - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - optional: true - {{- else }} - configMap: - name: istio-ca-root-cert - defaultMode: 420 - optional: true - {{- end }} - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} - ---- -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.26.0/charts/istiod/templates/gateway-class-configmap.yaml deleted file mode 100644 index 6b23d716a..000000000 --- a/resources/v1.26.0/charts/istiod/templates/gateway-class-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ range $key, $value := .Values.gatewayClasses }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-{{ $.Values.revision | default "default" }}-gatewayclass-{{$key}} - namespace: {{ $.Release.Namespace }} - labels: - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - gateway.istio.io/defaults-for-class: {{$key|quote}} - {{- include "istio.labels" $ | nindent 4 }} -data: -{{ range $kind, $overlay := $value }} - {{$kind}}: | -{{$overlay|toYaml|trim|indent 4}} -{{ end }} ---- -{{ end }} diff --git a/resources/v1.26.0/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.26.0/charts/istiod/templates/istiod-injector-configmap.yaml deleted file mode 100644 index 171aff886..000000000 --- a/resources/v1.26.0/charts/istiod/templates/istiod-injector-configmap.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: -{{/* Scope the values to just top level fields used in the template, to reduce the size. */}} - values: |- -{{ $vals := pick .Values "global" "sidecarInjectorWebhook" "revision" -}} -{{ $pilotVals := pick .Values "cni" "env" -}} -{{ $vals = set $vals "pilot" $pilotVals -}} -{{ $gatewayVals := pick .Values.gateways "securityContext" "seccompProfile" -}} -{{ $vals = set $vals "gateways" $gatewayVals -}} -{{ $vals | toPrettyJson | indent 4 }} - - # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching - # and istiod webhook functionality. - # - # New fields should not use Values - it is a 'primary' config object, users should be able - # to fine tune it or use it with kube-inject. - config: |- - # defaultTemplates defines the default template to use for pods that do not explicitly specify a template - {{- if .Values.sidecarInjectorWebhook.defaultTemplates }} - defaultTemplates: -{{- range .Values.sidecarInjectorWebhook.defaultTemplates}} - - {{ . }} -{{- end }} - {{- else }} - defaultTemplates: [sidecar] - {{- end }} - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": {{ $val | quote }} - {{- end }} - {{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template - which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined". - This should make it obvious that their installation is broken. - */}} - template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }} - templates: -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }} - sidecar: | -{{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }} - gateway: | -{{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }} - grpc-simple: | -{{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }} - grpc-agent: | -{{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "waypoint") }} - waypoint: | -{{ .Files.Get "files/waypoint.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "kube-gateway") }} - kube-gateway: | -{{ .Files.Get "files/kube-gateway.yaml" | trim | indent 8 }} -{{- end }} -{{- with .Values.sidecarInjectorWebhook.templates }} -{{ toYaml . | trim | indent 6 }} -{{- end }} - -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.26.0/charts/istiod/templates/mutatingwebhook.yaml deleted file mode 100644 index 22160f70a..000000000 --- a/resources/v1.26.0/charts/istiod/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- /* Core defines the common configuration used by all webhook segments */}} -{{/* Copy just what we need to avoid expensive deepCopy */}} -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "caBundle" .Values.istiodRemote.injectionCABundle - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - {{- if .caBundle }} - caBundle: "{{ .caBundle }}" - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- /* Installed for each revision - not installed for cluster resources ( cluster roles, bindings, crds) */}} -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq .Release.Namespace "istio-system"}} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- else }} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -{{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- /* Set up the selectors. First section is for revision, rest is for "default" revision */}} - -{{- /* Case 1: namespace selector matches, and object doesn't disable */}} -{{- /* Note: if both revision and legacy selector, we give precedence to the legacy one */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: No namespace selector, but object selects our revision (and doesn't disable) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - -{{- /* Webhooks for default revision */}} -{{- if (eq .Values.revision "") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if .Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.26.0/charts/istiod/templates/poddisruptionbudget.yaml deleted file mode 100644 index 1eacf16e6..000000000 --- a/resources/v1.26.0/charts/istiod/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - istio: pilot - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - minAvailable: 1 - selector: - matchLabels: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - istio: pilot - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.26.0/charts/istiod/templates/reader-clusterrole.yaml deleted file mode 100644 index 4707c7e9f..000000000 --- a/resources/v1.26.0/charts/istiod/templates/reader-clusterrole.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: - - "config.istio.io" - - "security.istio.io" - - "networking.istio.io" - - "authentication.istio.io" - - "rbac.istio.io" - - "telemetry.istio.io" - - "extensions.istio.io" - resources: ["*"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - # TODO(keithmattix): See if we can conditionally give permission to read secrets and configmaps iff externalIstiod - # is enabled. Best I can tell, these two resources are only needed for configuring proxy TLS (i.e. CA certs). - resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets", "configmaps"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] - resources: ["gateways"] - verbs: ["get", "watch", "list"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] -{{- if .Values.istiodRemote.enabled }} - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] -{{- end}} diff --git a/resources/v1.26.0/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.26.0/charts/istiod/templates/reader-clusterrolebinding.yaml deleted file mode 100644 index aea9f01f7..000000000 --- a/resources/v1.26.0/charts/istiod/templates/reader-clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} diff --git a/resources/v1.26.0/charts/istiod/templates/remote-istiod-endpoints.yaml b/resources/v1.26.0/charts/istiod/templates/remote-istiod-endpoints.yaml deleted file mode 100644 index a6de571da..000000000 --- a/resources/v1.26.0/charts/istiod/templates/remote-istiod-endpoints.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.istiodRemote.enabled }} -# if the remotePilotAddress is an IP addr -{{- if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 15017 - name: tcp-webhook - protocol: TCP ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.26.0/charts/istiod/templates/remote-istiod-service.yaml deleted file mode 100644 index d3f872f74..000000000 --- a/resources/v1.26.0/charts/istiod/templates/remote-istiod-service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 443 - targetPort: 15017 - name: tcp-webhook - protocol: TCP - {{- if and .Values.global.remotePilotAddress (not (regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress)) }} - # if the remotePilotAddress is not an IP addr, we use ExternalName - type: ExternalName - externalName: {{ .Values.global.remotePilotAddress }} - {{- end }} -{{- if .Values.global.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy }} -{{- end }} -{{- if .Values.global.ipFamilies }} - ipFamilies: -{{- range .Values.global.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/revision-tags.yaml b/resources/v1.26.0/charts/istiod/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.0/charts/istiod/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/role.yaml b/resources/v1.26.0/charts/istiod/templates/role.yaml deleted file mode 100644 index 10d89e8d1..000000000 --- a/resources/v1.26.0/charts/istiod/templates/role.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: -# permissions to verify the webhook is ready and rejecting -# invalid config. We use --server-dry-run so no config is persisted. -- apiGroups: ["networking.istio.io"] - verbs: ["create"] - resources: ["gateways"] - -# For storing CA secret -- apiGroups: [""] - resources: ["secrets"] - # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config - verbs: ["create", "get", "watch", "list", "update", "delete"] - -# For status controller, so it can delete the distribution report configmap -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["delete"] - -# For gateway deployment controller -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "update", "patch", "create"] -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/rolebinding.yaml b/resources/v1.26.0/charts/istiod/templates/rolebinding.yaml deleted file mode 100644 index a42f4ec44..000000000 --- a/resources/v1.26.0/charts/istiod/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/service.yaml b/resources/v1.26.0/charts/istiod/templates/service.yaml deleted file mode 100644 index 30d5b8912..000000000 --- a/resources/v1.26.0/charts/istiod/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.serviceAnnotations }} - annotations: -{{ toYaml .Values.serviceAnnotations | indent 4 }} - {{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: istiod - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15010 - name: grpc-xds # plaintext - protocol: TCP - - port: 15012 - name: https-dns # mTLS with k8s-signed cert - protocol: TCP - - port: 443 - name: https-webhook # validation and injection - targetPort: 15017 - protocol: TCP - - port: 15014 - name: http-monitoring # prometheus stats - protocol: TCP - selector: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - # Label used by the 'default' service. For versioned deployments we match with app and version. - # This avoids default deployment picking the canary - istio: pilot - {{- end }} - {{- if .Values.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.ipFamilyPolicy }} - {{- end }} - {{- if .Values.ipFamilies }} - ipFamilies: - {{- range .Values.ipFamilies }} - - {{ . }} - {{- end }} - {{- end }} ---- -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/serviceaccount.yaml b/resources/v1.26.0/charts/istiod/templates/serviceaccount.yaml deleted file mode 100644 index a673a4d07..000000000 --- a/resources/v1.26.0/charts/istiod/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} - {{- if .Values.serviceAccountAnnotations }} - annotations: -{{- toYaml .Values.serviceAccountAnnotations | nindent 4 }} - {{- end }} -{{- end }} ---- diff --git a/resources/v1.26.0/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.26.0/charts/istiod/templates/validatingadmissionpolicy.yaml deleted file mode 100644 index d36eef68e..000000000 --- a/resources/v1.26.0/charts/istiod/templates/validatingadmissionpolicy.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.experimental.stableValidationPolicy }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-policy-binding{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" -spec: - policyName: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - validationActions: [Deny] -{{- end }} -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.26.0/charts/istiod/templates/validatingwebhookconfiguration.yaml deleted file mode 100644 index fb28836a0..000000000 --- a/resources/v1.26.0/charts/istiod/templates/validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.global.configValidation }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-validator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - # Webhook handling per-revision validation. Mostly here so we can determine whether webhooks - # are rejecting invalid configs on a per-revision basis. - - name: rev.validation.istio.io - clientConfig: - # Should change from base but cannot for API compat - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.0/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.26.0/charts/istiod/templates/zzy_descope_legacy.yaml deleted file mode 100644 index ae8fced29..000000000 --- a/resources/v1.26.0/charts/istiod/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.pilot` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "pilot") }} \ No newline at end of file diff --git a/resources/v1.26.0/charts/istiod/templates/zzz_profile.yaml b/resources/v1.26.0/charts/istiod/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.0/charts/istiod/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.0/charts/istiod/values.yaml b/resources/v1.26.0/charts/istiod/values.yaml deleted file mode 100644 index 1507ad2a1..000000000 --- a/resources/v1.26.0/charts/istiod/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.0 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.0/charts/revisiontags/Chart.yaml b/resources/v1.26.0/charts/revisiontags/Chart.yaml deleted file mode 100644 index 2d44c056d..000000000 --- a/resources/v1.26.0/charts/revisiontags/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.0 -description: Helm chart for istio revision tags -name: revisiontags -sources: -- https://github.com/istio-ecosystem/sail-operator -version: 0.1.0 - diff --git a/resources/v1.26.0/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.26.0/charts/revisiontags/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.0/charts/revisiontags/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.0/charts/revisiontags/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.0/charts/revisiontags/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.0/charts/revisiontags/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/revisiontags/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.0/charts/revisiontags/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.0/charts/revisiontags/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.0/charts/revisiontags/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.0/charts/revisiontags/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/revisiontags/files/profile-demo.yaml b/resources/v1.26.0/charts/revisiontags/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.0/charts/revisiontags/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.0/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.26.0/charts/revisiontags/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.0/charts/revisiontags/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.0/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.26.0/charts/revisiontags/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.0/charts/revisiontags/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.0/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.26.0/charts/revisiontags/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.0/charts/revisiontags/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.0/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.26.0/charts/revisiontags/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.0/charts/revisiontags/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.0/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.26.0/charts/revisiontags/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.0/charts/revisiontags/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.0/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.26.0/charts/revisiontags/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.0/charts/revisiontags/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.0/charts/revisiontags/files/profile-preview.yaml b/resources/v1.26.0/charts/revisiontags/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.0/charts/revisiontags/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.0/charts/revisiontags/files/profile-remote.yaml b/resources/v1.26.0/charts/revisiontags/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.0/charts/revisiontags/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.0/charts/revisiontags/files/profile-stable.yaml b/resources/v1.26.0/charts/revisiontags/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.0/charts/revisiontags/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.0/charts/revisiontags/templates/revision-tags.yaml b/resources/v1.26.0/charts/revisiontags/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.0/charts/revisiontags/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.0/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.26.0/charts/revisiontags/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.0/charts/revisiontags/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.0/charts/revisiontags/values.yaml b/resources/v1.26.0/charts/revisiontags/values.yaml deleted file mode 100644 index 1507ad2a1..000000000 --- a/resources/v1.26.0/charts/revisiontags/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.0 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.0/charts/ztunnel/Chart.yaml b/resources/v1.26.0/charts/ztunnel/Chart.yaml deleted file mode 100644 index d763cbbcf..000000000 --- a/resources/v1.26.0/charts/ztunnel/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.0 -description: Helm chart for istio ztunnel components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-ztunnel -- istio -name: ztunnel -sources: -- https://github.com/istio/istio -version: 1.26.0 diff --git a/resources/v1.26.0/charts/ztunnel/README.md b/resources/v1.26.0/charts/ztunnel/README.md deleted file mode 100644 index ffe0b94fe..000000000 --- a/resources/v1.26.0/charts/ztunnel/README.md +++ /dev/null @@ -1,50 +0,0 @@ -# Istio Ztunnel Helm Chart - -This chart installs an Istio ztunnel. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart: - -```console -helm install ztunnel istio/ztunnel -``` - -## Uninstalling the Chart - -To uninstall/delete the chart: - -```console -helm delete ztunnel -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/ztunnel -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.0/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.26.0/charts/ztunnel/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.0/charts/ztunnel/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.0/charts/ztunnel/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.0/charts/ztunnel/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.0/charts/ztunnel/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/ztunnel/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.0/charts/ztunnel/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.0/charts/ztunnel/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.0/charts/ztunnel/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.0/charts/ztunnel/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.0/charts/ztunnel/files/profile-demo.yaml b/resources/v1.26.0/charts/ztunnel/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.0/charts/ztunnel/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.0/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.26.0/charts/ztunnel/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.0/charts/ztunnel/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.0/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.26.0/charts/ztunnel/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.0/charts/ztunnel/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.0/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.26.0/charts/ztunnel/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.0/charts/ztunnel/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.0/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.26.0/charts/ztunnel/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.0/charts/ztunnel/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.0/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.26.0/charts/ztunnel/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.0/charts/ztunnel/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.0/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.26.0/charts/ztunnel/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.0/charts/ztunnel/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.0/charts/ztunnel/files/profile-preview.yaml b/resources/v1.26.0/charts/ztunnel/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.0/charts/ztunnel/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.0/charts/ztunnel/files/profile-remote.yaml b/resources/v1.26.0/charts/ztunnel/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.0/charts/ztunnel/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.0/charts/ztunnel/files/profile-stable.yaml b/resources/v1.26.0/charts/ztunnel/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.0/charts/ztunnel/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.0/charts/ztunnel/templates/NOTES.txt b/resources/v1.26.0/charts/ztunnel/templates/NOTES.txt deleted file mode 100644 index 244f59db0..000000000 --- a/resources/v1.26.0/charts/ztunnel/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -ztunnel successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.0/charts/ztunnel/templates/_helpers.tpl b/resources/v1.26.0/charts/ztunnel/templates/_helpers.tpl deleted file mode 100644 index 46a7a0b79..000000000 --- a/resources/v1.26.0/charts/ztunnel/templates/_helpers.tpl +++ /dev/null @@ -1 +0,0 @@ -{{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }} diff --git a/resources/v1.26.0/charts/ztunnel/templates/daemonset.yaml b/resources/v1.26.0/charts/ztunnel/templates/daemonset.yaml deleted file mode 100644 index 720970c97..000000000 --- a/resources/v1.26.0/charts/ztunnel/templates/daemonset.yaml +++ /dev/null @@ -1,205 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -spec: - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - app: ztunnel - template: - metadata: - labels: - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app: ztunnel - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 8}} -{{ with .Values.podLabels -}}{{ toYaml . | indent 8 }}{{ end }} - annotations: - sidecar.istio.io/inject: "false" -{{- if .Values.revision }} - istio.io/rev: {{ .Values.revision }} -{{- end }} -{{ with .Values.podAnnotations -}}{{ toYaml . | indent 8 }}{{ end }} - spec: - nodeSelector: - kubernetes.io/os: linux -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | trim | indent 8 }} -{{- end }} - serviceAccountName: {{ include "ztunnel.release-name" . }} - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - containers: - - name: istio-proxy -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub }}/{{ .Values.image | default "ztunnel" }}:{{ .Values.tag }}{{with (.Values.variant )}}-{{.}}{{end}}" -{{- end }} - ports: - - containerPort: 15020 - name: ztunnel-stats - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 10 }} -{{- end }} -{{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} -{{- end }} - securityContext: - # K8S docs are clear that CAP_SYS_ADMIN *or* privileged: true - # both force this to `true`: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - # But there is a K8S validation bug that doesn't propery catch this: https://github.com/kubernetes/kubernetes/issues/119568 - allowPrivilegeEscalation: true - privileged: false - capabilities: - drop: - - ALL - add: # See https://man7.org/linux/man-pages/man7/capabilities.7.html - - NET_ADMIN # Required for TPROXY and setsockopt - - SYS_ADMIN # Required for `setns` - doing things in other netns - - NET_RAW # Required for RAW/PACKET sockets, TPROXY - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: false - runAsUser: 0 -{{- if .Values.seLinuxOptions }} - seLinuxOptions: -{{ toYaml .Values.seLinuxOptions | trim | indent 12 }} -{{- end }} - readinessProbe: - httpGet: - port: 15021 - path: /healthz/ready - args: - - proxy - - ztunnel - env: - - name: CA_ADDRESS - {{- if .Values.caAddress }} - value: {{ .Values.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - - name: XDS_ADDRESS - {{- if .Values.xdsAddress }} - value: {{ .Values.xdsAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - {{- if .Values.logAsJson }} - - name: LOG_FORMAT - value: json - {{- end}} - - name: RUST_LOG - value: {{ .Values.logLevel | quote }} - - name: RUST_BACKTRACE - value: "1" - - name: ISTIO_META_CLUSTER_ID - value: {{ .Values.multiCluster.clusterName | default "Kubernetes" }} - - name: INPOD_ENABLED - value: "true" - - name: TERMINATION_GRACE_PERIOD_SECONDS - value: "{{ .Values.terminationGracePeriodSeconds }}" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.meshConfig.defaultConfig.proxyMetadata }} - {{- range $key, $value := .Values.meshConfig.defaultConfig.proxyMetadata}} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- with .Values.env }} - {{- range $key, $val := . }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - volumeMounts: - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - - mountPath: /tmp - name: tmp - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 8 }} - {{- end }} - priorityClassName: system-node-critical - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - volumes: - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: istio-ca - - name: istiod-ca-cert - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate # ideally this would be a socket, but istio-cni may not have started yet. - # pprof needs a writable /tmp, and we don't have that thanks to `readOnlyRootFilesystem: true`, so mount one - - name: tmp - emptyDir: {} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} diff --git a/resources/v1.26.0/charts/ztunnel/templates/rbac.yaml b/resources/v1.26.0/charts/ztunnel/templates/rbac.yaml deleted file mode 100644 index 0a8138c9a..000000000 --- a/resources/v1.26.0/charts/ztunnel/templates/rbac.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount - {{- with .Values.imagePullSecrets }} -imagePullSecrets: - {{- range . }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} ---- -{{- if (eq (.Values.platform | default "") "openshift") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ztunnel.release-name" . }} -subjects: -- kind: ServiceAccount - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} -{{- end }} ---- diff --git a/resources/v1.26.0/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.26.0/charts/ztunnel/templates/resourcequota.yaml deleted file mode 100644 index a1c0e5496..000000000 --- a/resources/v1.26.0/charts/ztunnel/templates/resourcequota.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.0/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.26.0/charts/ztunnel/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.0/charts/ztunnel/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.0/charts/ztunnel/values.yaml b/resources/v1.26.0/charts/ztunnel/values.yaml deleted file mode 100644 index 33c9d83af..000000000 --- a/resources/v1.26.0/charts/ztunnel/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Hub to pull from. Image will be `Hub/Image:Tag-Variant` - hub: gcr.io/istio-release - # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.26.0 - # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. - variant: "" - - # Image name to pull from. Image will be `Hub/Image:Tag-Variant` - # If Image contains a "/", it will replace the entire `image` in the pod. - image: ztunnel - - # resourceName, if set, will override the naming of resources. If not set, will default to 'ztunnel'. - # If you set this, you MUST also set `trustedZtunnelName` in the `istiod` chart. - resourceName: "" - - # Labels to apply to all top level resources - labels: {} - # Annotations to apply to all top level resources - annotations: {} - - # Additional volumeMounts to the ztunnel container - volumeMounts: [] - - # Additional volumes to the ztunnel pod - volumes: [] - - # Annotations added to each pod. The default annotations are required for scraping prometheus (in most environments). - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - - # Additional labels to apply on the pod level - podLabels: {} - - # Pod resource configuration - resources: - requests: - cpu: 200m - # Ztunnel memory scales with the size of the cluster and traffic load - # While there are many factors, this is enough for ~200k pod cluster or 100k concurrently open connections. - memory: 512Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # List of secret names to add to the service account as image pull secrets - imagePullSecrets: [] - - # A `key: value` mapping of environment variables to add to the pod - env: {} - - # Override for the pod imagePullPolicy - imagePullPolicy: "" - - # Settings for multicluster - multiCluster: - # The name of the cluster we are installing in. Note this is a user-defined name, which must be consistent - # with Istiod configuration. - clusterName: "" - - # meshConfig defines runtime configuration of components. - # For ztunnel, only defaultConfig is used, but this is nested under `meshConfig` for consistency with other - # components. - # TODO: https://github.com/istio/istio/issues/43248 - meshConfig: - defaultConfig: - proxyMetadata: {} - - # This value defines: - # 1. how many seconds kube waits for ztunnel pod to gracefully exit before forcibly terminating it (this value) - # 2. how many seconds ztunnel waits to drain its own connections (this value - 1 sec) - # Default K8S value is 30 seconds - terminationGracePeriodSeconds: 30 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set explicitly. - revision: "" - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - caAddress: "" - - # The customized XDS address to retrieve configuration. - # This should include the port - 15012 for Istiod. TLS will be used with the certificates in "istiod-ca-cert" secret. - # By default, it is istiod.istio-system.svc:15012 if revision is not set, or istiod-..svc:15012 - xdsAddress: "" - - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set. - istioNamespace: istio-system - - # Configuration log level of ztunnel binary, default is info. - # Valid values are: trace, debug, info, warn, error - logLevel: info - - # To output all logs in json format - logAsJson: false - - # Set to `type: RuntimeDefault` to use the default profile if available. - seLinuxOptions: {} - # TODO Ambient inpod - for OpenShift, set to the following to get writable sockets in hostmounts to work, eventually consider CSI driver instead - #seLinuxOptions: - # type: spc_t - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 diff --git a/resources/v1.26.0/cni-1.26.0.tgz.etag b/resources/v1.26.0/cni-1.26.0.tgz.etag deleted file mode 100644 index 2940bb698..000000000 --- a/resources/v1.26.0/cni-1.26.0.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -e7a58e6728de5f42b5391ec7bd7e56ab diff --git a/resources/v1.26.0/cni-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag b/resources/v1.26.0/cni-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag deleted file mode 100644 index 24bf50257..000000000 --- a/resources/v1.26.0/cni-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -ecf3f5e34345742cdb30be6b84184238 diff --git a/resources/v1.26.0/commit b/resources/v1.26.0/commit deleted file mode 100644 index 5ff8c4f5d..000000000 --- a/resources/v1.26.0/commit +++ /dev/null @@ -1 +0,0 @@ -1.26.0 diff --git a/resources/v1.26.0/gateway-1.26.0.tgz.etag b/resources/v1.26.0/gateway-1.26.0.tgz.etag deleted file mode 100644 index f28a63d9d..000000000 --- a/resources/v1.26.0/gateway-1.26.0.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -97edf9ae2171db934b6a4f7f6ef3aef6 diff --git a/resources/v1.26.0/gateway-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag b/resources/v1.26.0/gateway-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag deleted file mode 100644 index 38c49a3d0..000000000 --- a/resources/v1.26.0/gateway-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -e0fd578cbbce63ce26f9636972240354 diff --git a/resources/v1.26.0/istiod-1.26.0.tgz.etag b/resources/v1.26.0/istiod-1.26.0.tgz.etag deleted file mode 100644 index 043b8a8e4..000000000 --- a/resources/v1.26.0/istiod-1.26.0.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -21b3c1c903f8181d04103ff1a51762d7 diff --git a/resources/v1.26.0/istiod-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag b/resources/v1.26.0/istiod-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag deleted file mode 100644 index 6163cdc78..000000000 --- a/resources/v1.26.0/istiod-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -91db9510a383b42e03217d5ce1c754d9 diff --git a/resources/v1.26.0/profiles/ambient.yaml b/resources/v1.26.0/profiles/ambient.yaml deleted file mode 100644 index 71ea784a8..000000000 --- a/resources/v1.26.0/profiles/ambient.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient diff --git a/resources/v1.26.0/profiles/default.yaml b/resources/v1.26.0/profiles/default.yaml deleted file mode 100644 index 8f1ef1967..000000000 --- a/resources/v1.26.0/profiles/default.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - # Most default values come from the helm chart's values.yaml - # Below are the things that differ - values: - defaultRevision: "" - global: - istioNamespace: istio-system - configValidation: true - ztunnel: - resourceName: ztunnel diff --git a/resources/v1.26.0/profiles/demo.yaml b/resources/v1.26.0/profiles/demo.yaml deleted file mode 100644 index 53c4b4163..000000000 --- a/resources/v1.26.0/profiles/demo.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: demo diff --git a/resources/v1.26.0/profiles/empty.yaml b/resources/v1.26.0/profiles/empty.yaml deleted file mode 100644 index 4477cb1fe..000000000 --- a/resources/v1.26.0/profiles/empty.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# The empty profile has everything disabled -# This is useful as a base for custom user configuration -apiVersion: sailoperator.io/v1 -kind: Istio -spec: {} diff --git a/resources/v1.26.0/profiles/openshift-ambient.yaml b/resources/v1.26.0/profiles/openshift-ambient.yaml deleted file mode 100644 index 76edf00cd..000000000 --- a/resources/v1.26.0/profiles/openshift-ambient.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient - global: - platform: openshift diff --git a/resources/v1.26.0/profiles/openshift.yaml b/resources/v1.26.0/profiles/openshift.yaml deleted file mode 100644 index 41492660f..000000000 --- a/resources/v1.26.0/profiles/openshift.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - global: - platform: openshift diff --git a/resources/v1.26.0/profiles/preview.yaml b/resources/v1.26.0/profiles/preview.yaml deleted file mode 100644 index 59d545c84..000000000 --- a/resources/v1.26.0/profiles/preview.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: preview diff --git a/resources/v1.26.0/profiles/remote.yaml b/resources/v1.26.0/profiles/remote.yaml deleted file mode 100644 index 54c65c8ba..000000000 --- a/resources/v1.26.0/profiles/remote.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The remote profile is used to configure a mesh cluster without a locally deployed control plane. -# Only the injector mutating webhook configuration is installed. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: remote diff --git a/resources/v1.26.0/profiles/stable.yaml b/resources/v1.26.0/profiles/stable.yaml deleted file mode 100644 index 285feba24..000000000 --- a/resources/v1.26.0/profiles/stable.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: stable diff --git a/resources/v1.26.0/ztunnel-1.26.0.tgz.etag b/resources/v1.26.0/ztunnel-1.26.0.tgz.etag deleted file mode 100644 index 07ea384c9..000000000 --- a/resources/v1.26.0/ztunnel-1.26.0.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -c06501f990c337f34410e5662b2ca6b9 diff --git a/resources/v1.26.0/ztunnel-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag b/resources/v1.26.0/ztunnel-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag deleted file mode 100644 index b9adaf0e5..000000000 --- a/resources/v1.26.0/ztunnel-1.27-alpha.f23c2f66bedef385e6f98904a001eebc9c4811ff.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -40fcc9dc5db6b733629d15742ee46b27 diff --git a/resources/v1.26.1/base-1.26.1.tgz.etag b/resources/v1.26.1/base-1.26.1.tgz.etag deleted file mode 100644 index 1d1672c16..000000000 --- a/resources/v1.26.1/base-1.26.1.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -87c2e78844289d11f821b7f480839ecc diff --git a/resources/v1.26.1/charts/base/Chart.yaml b/resources/v1.26.1/charts/base/Chart.yaml deleted file mode 100644 index 75dcdff34..000000000 --- a/resources/v1.26.1/charts/base/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.1 -description: Helm chart for deploying Istio cluster resources and CRDs -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -name: base -sources: -- https://github.com/istio/istio -version: 1.26.1 diff --git a/resources/v1.26.1/charts/base/README.md b/resources/v1.26.1/charts/base/README.md deleted file mode 100644 index ae8f6d5b0..000000000 --- a/resources/v1.26.1/charts/base/README.md +++ /dev/null @@ -1,35 +0,0 @@ -# Istio base Helm Chart - -This chart installs resources shared by all Istio revisions. This includes Istio CRDs. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-base`: - -```console -kubectl create namespace istio-system -helm install istio-base istio/base -n istio-system -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.1/charts/base/files/profile-ambient.yaml b/resources/v1.26.1/charts/base/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.1/charts/base/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.1/charts/base/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.1/charts/base/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.1/charts/base/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/base/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.1/charts/base/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.1/charts/base/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.1/charts/base/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.1/charts/base/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/base/files/profile-demo.yaml b/resources/v1.26.1/charts/base/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.1/charts/base/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.1/charts/base/files/profile-platform-gke.yaml b/resources/v1.26.1/charts/base/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.1/charts/base/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.1/charts/base/files/profile-platform-k3d.yaml b/resources/v1.26.1/charts/base/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.1/charts/base/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.1/charts/base/files/profile-platform-k3s.yaml b/resources/v1.26.1/charts/base/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.1/charts/base/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.1/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.26.1/charts/base/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.1/charts/base/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.1/charts/base/files/profile-platform-minikube.yaml b/resources/v1.26.1/charts/base/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.1/charts/base/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.1/charts/base/files/profile-platform-openshift.yaml b/resources/v1.26.1/charts/base/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.1/charts/base/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.1/charts/base/files/profile-preview.yaml b/resources/v1.26.1/charts/base/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.1/charts/base/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.1/charts/base/files/profile-remote.yaml b/resources/v1.26.1/charts/base/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.1/charts/base/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.1/charts/base/files/profile-stable.yaml b/resources/v1.26.1/charts/base/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.1/charts/base/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.1/charts/base/templates/NOTES.txt b/resources/v1.26.1/charts/base/templates/NOTES.txt deleted file mode 100644 index f12616f57..000000000 --- a/resources/v1.26.1/charts/base/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -Istio base successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.1/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.26.1/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml deleted file mode 100644 index 2616b09c9..000000000 --- a/resources/v1.26.1/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if and .Values.experimental.stableValidationPolicy (not (eq .Values.defaultRevision "")) }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-default-policy.istio.io" - labels: - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision }} - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-default-policy-binding.istio.io" -spec: - policyName: "stable-channel-default-policy.istio.io" - validationActions: [Deny] -{{- end }} diff --git a/resources/v1.26.1/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.26.1/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml deleted file mode 100644 index 8cb76fd77..000000000 --- a/resources/v1.26.1/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if not (eq .Values.defaultRevision "") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istiod-default-validator - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - - name: validation.istio.io - clientConfig: - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - {{- if (eq .Values.defaultRevision "default") }} - name: istiod - {{- else }} - name: istiod-{{ .Values.defaultRevision }} - {{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] -{{- end }} diff --git a/resources/v1.26.1/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.26.1/charts/base/templates/reader-serviceaccount.yaml deleted file mode 100644 index ba829a6bf..000000000 --- a/resources/v1.26.1/charts/base/templates/reader-serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# This singleton service account aggregates reader permissions for the revisions in a given cluster -# ATM this is a singleton per cluster with Istio installed, and is not revisioned. It maybe should be, -# as otherwise compromising the token for this SA would give you access to *every* installed revision. -# Should be used for remote secret creation. -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.1/charts/base/templates/zzz_profile.yaml b/resources/v1.26.1/charts/base/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.1/charts/base/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.1/charts/base/values.yaml b/resources/v1.26.1/charts/base/values.yaml deleted file mode 100644 index d18296f00..000000000 --- a/resources/v1.26.1/charts/base/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - global: - - # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - - # Used to locate istiod. - istioNamespace: istio-system - base: - # A list of CRDs to exclude. Requires `enableCRDTemplates` to be true. - # Example: `excludedCRDs: ["envoyfilters.networking.istio.io"]`. - # Note: when installing with `istioctl`, `enableIstioConfigCRDs=false` must also be set. - excludedCRDs: [] - # Helm (as of V3) does not support upgrading CRDs, because it is not universally - # safe for them to support this. - # Istio as a project enforces certain backwards-compat guarantees that allow us - # to safely upgrade CRDs in spite of this, so we default to self-managing CRDs - # as standard K8S resources in Helm, and disable Helm's CRD management. See also: - # https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts - enableCRDTemplates: true - - # Validation webhook configuration url - # For example: https://$remotePilotAddress:15017/validate - validationURL: "" - # Validation webhook caBundle value. Useful when running pilot with a well known cert - validationCABundle: "" - - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - defaultRevision: "default" - experimental: - stableValidationPolicy: false diff --git a/resources/v1.26.1/charts/cni/Chart.yaml b/resources/v1.26.1/charts/cni/Chart.yaml deleted file mode 100644 index 66570c3c1..000000000 --- a/resources/v1.26.1/charts/cni/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.1 -description: Helm chart for istio-cni components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-cni -- istio -name: cni -sources: -- https://github.com/istio/istio -version: 1.26.1 diff --git a/resources/v1.26.1/charts/cni/README.md b/resources/v1.26.1/charts/cni/README.md deleted file mode 100644 index a8b78d5bd..000000000 --- a/resources/v1.26.1/charts/cni/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# Istio CNI Helm Chart - -This chart installs the Istio CNI Plugin. See the [CNI installation guide](https://istio.io/latest/docs/setup/additional-setup/cni/) -for more information. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-cni`: - -```console -helm install istio-cni istio/cni -n kube-system -``` - -Installation in `kube-system` is recommended to ensure the [`system-node-critical`](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) -`priorityClassName` can be used. You can install in other namespace only on K8S clusters that allow -'system-node-critical' outside of kube-system. - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istio-cni -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Ambient - -To enable ambient, you can use the ambient profile: `--set profile=ambient`. - -#### Calico - -For Calico, you must also modify the settings to allow source spoofing: - -- if deployed by operator, `kubectl patch felixconfigurations default --type='json' -p='[{"op": "add", "path": "/spec/workloadSourceSpoofing", "value": "Any"}]'` -- if deployed by manifest, add env `FELIX_WORKLOADSOURCESPOOFING` with value `Any` in `spec.template.spec.containers.env` for daemonset `calico-node`. (This will allow PODs with specified annotation to skip the rpf check. ) - -### GKE notes - -On GKE, 'kube-system' is required. - -If using `helm template`, `--set cni.cniBinDir=/home/kubernetes/bin` is required - with `helm install` -it is auto-detected. diff --git a/resources/v1.26.1/charts/cni/files/profile-ambient.yaml b/resources/v1.26.1/charts/cni/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.1/charts/cni/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.1/charts/cni/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.1/charts/cni/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.1/charts/cni/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/cni/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.1/charts/cni/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.1/charts/cni/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.1/charts/cni/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.1/charts/cni/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/cni/files/profile-demo.yaml b/resources/v1.26.1/charts/cni/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.1/charts/cni/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.1/charts/cni/files/profile-platform-gke.yaml b/resources/v1.26.1/charts/cni/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.1/charts/cni/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.1/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.26.1/charts/cni/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.1/charts/cni/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.1/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.26.1/charts/cni/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.1/charts/cni/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.1/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.26.1/charts/cni/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.1/charts/cni/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.1/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.26.1/charts/cni/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.1/charts/cni/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.1/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.26.1/charts/cni/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.1/charts/cni/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.1/charts/cni/files/profile-preview.yaml b/resources/v1.26.1/charts/cni/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.1/charts/cni/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.1/charts/cni/files/profile-remote.yaml b/resources/v1.26.1/charts/cni/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.1/charts/cni/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.1/charts/cni/files/profile-stable.yaml b/resources/v1.26.1/charts/cni/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.1/charts/cni/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.1/charts/cni/templates/NOTES.txt b/resources/v1.26.1/charts/cni/templates/NOTES.txt deleted file mode 100644 index fb35525b9..000000000 --- a/resources/v1.26.1/charts/cni/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -"{{ .Release.Name }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.1/charts/cni/templates/_helpers.tpl b/resources/v1.26.1/charts/cni/templates/_helpers.tpl deleted file mode 100644 index 73cc17b2f..000000000 --- a/resources/v1.26.1/charts/cni/templates/_helpers.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{- define "name" -}} - istio-cni -{{- end }} - - -{{- define "istio-tag" -}} - {{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}} -{{- end }} diff --git a/resources/v1.26.1/charts/cni/templates/clusterrole.yaml b/resources/v1.26.1/charts/cni/templates/clusterrole.yaml deleted file mode 100644 index 1779e0bb1..000000000 --- a/resources/v1.26.1/charts/cni/templates/clusterrole.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -- apiGroups: [""] - resources: ["pods","nodes","namespaces"] - verbs: ["get", "list", "watch"] -{{- if (eq ((coalesce .Values.platform .Values.global.platform) | default "") "openshift") }} -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -{{- end }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-repair-role - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["watch", "get", "list"] -{{- if .Values.repair.repairPods }} -{{- /* No privileges needed*/}} -{{- else if .Values.repair.deletePods }} - - apiGroups: [""] - resources: ["pods"] - verbs: ["delete"] -{{- else if .Values.repair.labelPods }} - - apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -{{- end }} -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-ambient - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -- apiGroups: ["apps"] - resources: ["daemonsets"] - resourceNames: ["{{ template "name" . }}-node"] - verbs: ["get"] -{{- end }} diff --git a/resources/v1.26.1/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.26.1/charts/cni/templates/clusterrolebinding.yaml deleted file mode 100644 index 42fedab1f..000000000 --- a/resources/v1.26.1/charts/cni/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-repair-rolebinding - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-repair-role -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-ambient - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-ambient -{{- end }} diff --git a/resources/v1.26.1/charts/cni/templates/configmap-cni.yaml b/resources/v1.26.1/charts/cni/templates/configmap-cni.yaml deleted file mode 100644 index 3deb2cb5a..000000000 --- a/resources/v1.26.1/charts/cni/templates/configmap-cni.yaml +++ /dev/null @@ -1,35 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "name" . }}-config - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -data: - CURRENT_AGENT_VERSION: {{ .Values.tag | default .Values.global.tag | quote }} - AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} - AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | quote }} - AMBIENT_IPV6: {{ .Values.ambient.ipv6 | quote }} - AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | quote }} - {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values - CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. - {{- end }} - CHAINED_CNI_PLUGIN: {{ .Values.chained | quote }} - EXCLUDE_NAMESPACES: "{{ range $idx, $ns := .Values.excludeNamespaces }}{{ if $idx }},{{ end }}{{ $ns }}{{ end }}" - REPAIR_ENABLED: {{ .Values.repair.enabled | quote }} - REPAIR_LABEL_PODS: {{ .Values.repair.labelPods | quote }} - REPAIR_DELETE_PODS: {{ .Values.repair.deletePods | quote }} - REPAIR_REPAIR_PODS: {{ .Values.repair.repairPods | quote }} - REPAIR_INIT_CONTAINER_NAME: {{ .Values.repair.initContainerName | quote }} - REPAIR_BROKEN_POD_LABEL_KEY: {{ .Values.repair.brokenPodLabelKey | quote }} - REPAIR_BROKEN_POD_LABEL_VALUE: {{ .Values.repair.brokenPodLabelValue | quote }} - {{- with .Values.env }} - {{- range $key, $val := . }} - {{ $key }}: "{{ $val }}" - {{- end }} - {{- end }} diff --git a/resources/v1.26.1/charts/cni/templates/daemonset.yaml b/resources/v1.26.1/charts/cni/templates/daemonset.yaml deleted file mode 100644 index cdccd3654..000000000 --- a/resources/v1.26.1/charts/cni/templates/daemonset.yaml +++ /dev/null @@ -1,245 +0,0 @@ -# This manifest installs the Istio install-cni container, as well -# as the Istio CNI plugin and config on -# each master and worker node in a Kubernetes cluster. -# -# $detectedBinDir exists to support a GKE-specific platform override, -# and is deprecated in favor of using the explicit `gke` platform profile. -{{- $detectedBinDir := (.Capabilities.KubeVersion.GitVersion | contains "-gke") | ternary - "/home/kubernetes/bin" - "/opt/cni/bin" -}} -{{- if .Values.cniBinDir }} -{{ $detectedBinDir = .Values.cniBinDir }} -{{- end }} -kind: DaemonSet -apiVersion: apps/v1 -metadata: - # Note that this is templated but evaluates to a fixed name - # which the CNI plugin may fall back onto in some failsafe scenarios. - # if this name is changed, CNI plugin logic that checks for this name - # format should also be updated. - name: {{ template "name" . }}-node - namespace: {{ .Release.Namespace }} - labels: - k8s-app: {{ template "name" . }}-node - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - k8s-app: {{ template "name" . }}-node - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - k8s-app: {{ template "name" . }}-node - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 8 }} - annotations: - sidecar.istio.io/inject: "false" - # Add Prometheus Scrape annotations - prometheus.io/scrape: 'true' - prometheus.io/port: "15014" - prometheus.io/path: '/metrics' - # Add AppArmor annotation - # This is required to avoid conflicts with AppArmor profiles which block certain - # privileged pod capabilities. - # Required for Kubernetes 1.29 which does not support setting appArmorProfile in the - # securityContext which is otherwise preferred. - container.apparmor.security.beta.kubernetes.io/install-cni: unconfined - # Custom annotations - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet -{{- end }} - nodeSelector: - kubernetes.io/os: linux - # Can be configured to allow for excluding istio-cni from being scheduled on specified nodes - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - tolerations: - # Make sure istio-cni-node gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: {{ template "name" . }} - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 5 - containers: - # This container installs the Istio CNI binaries - # and CNI network config file on each node. - - name: install-cni -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "install-cni" }}:{{ template "istio-tag" . }}" -{{- end }} -{{- if or .Values.pullPolicy .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.imagePullPolicy }} -{{- end }} - ports: - - containerPort: 15014 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8000 - securityContext: - privileged: false - runAsGroup: 0 - runAsUser: 0 - runAsNonRoot: false - # Both ambient and sidecar repair mode require elevated node privileges to function. - # But we don't need _everything_ in `privileged`, so explicitly set it to false and - # add capabilities based on feature. - capabilities: - drop: - - ALL - add: - # CAP_NET_ADMIN is required to allow ipset and route table access - - NET_ADMIN - # CAP_NET_RAW is required to allow iptables mutation of the `nat` table - - NET_RAW - # CAP_SYS_PTRACE is required for repair and ambient mode to describe - # the pod's network namespace. - - SYS_PTRACE - # CAP_SYS_ADMIN is required for both ambient and repair, in order to open - # network namespaces in `/proc` to obtain descriptors for entering pod network - # namespaces. There does not appear to be a more granular capability for this. - - SYS_ADMIN - # While we run as a 'root' (UID/GID 0), since we drop all capabilities we lose - # the typical ability to read/write to folders owned by others. - # This can cause problems if the hostPath mounts we use, which we require write access into, - # are owned by non-root. DAC_OVERRIDE bypasses these and gives us write access into any folder. - - DAC_OVERRIDE -{{- if .Values.seLinuxOptions }} -{{ with (merge .Values.seLinuxOptions (dict "type" "spc_t")) }} - seLinuxOptions: -{{ toYaml . | trim | indent 14 }} -{{- end }} -{{- end }} -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - command: ["install-cni"] - args: - {{- if or .Values.logging.level .Values.global.logging.level }} - - --log_output_level={{ coalesce .Values.logging.level .Values.global.logging.level }} - {{- end}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end}} - envFrom: - - configMapRef: - name: {{ template "name" . }}-config - env: - - name: REPAIR_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: REPAIR_RUN_AS_DAEMON - value: "true" - - name: REPAIR_SIDECAR_ANNOTATION - value: "sidecar.istio.io/status" - {{- if not (and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace) }} - - name: ALLOW_SWITCH_TO_HOST_NS - value: "true" - {{- end }} - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - mountPath: /host/proc - name: cni-host-procfs - readOnly: true - {{- end }} - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - - mountPath: /var/run/istio-cni - name: cni-socket-dir - {{- if .Values.ambient.enabled }} - - mountPath: /host/var/run/netns - mountPropagation: HostToContainer - name: cni-netns-dir - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - {{ end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - volumes: - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: {{ $detectedBinDir }} - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - name: cni-host-procfs - hostPath: - path: /proc - type: Directory - {{- end }} - {{- if .Values.ambient.enabled }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate - {{- end }} - - name: cni-net-dir - hostPath: - path: {{ .Values.cniConfDir }} - # Used for UDS sockets for logging, ambient eventing - - name: cni-socket-dir - hostPath: - path: /var/run/istio-cni - - name: cni-netns-dir - hostPath: - path: {{ .Values.cniNetnsDir }} - type: DirectoryOrCreate # DirectoryOrCreate instead of Directory for the following reason - CNI may not bind mount this until a non-hostnetwork pod is scheduled on the node, - # and we don't want to block CNI agent pod creation on waiting for the first non-hostnetwork pod. - # Once the CNI does mount this, it will get populated and we're good. diff --git a/resources/v1.26.1/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.26.1/charts/cni/templates/network-attachment-definition.yaml deleted file mode 100644 index 86a2eb7c0..000000000 --- a/resources/v1.26.1/charts/cni/templates/network-attachment-definition.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if eq .Values.provider "multus" }} -apiVersion: k8s.cni.cncf.io/v1 -kind: NetworkAttachmentDefinition -metadata: - name: {{ template "name" . }} - namespace: default - labels: - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.1/charts/cni/templates/resourcequota.yaml b/resources/v1.26.1/charts/cni/templates/resourcequota.yaml deleted file mode 100644 index 9a6d61ff9..000000000 --- a/resources/v1.26.1/charts/cni/templates/resourcequota.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ template "name" . }}-resource-quota - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.1/charts/cni/templates/serviceaccount.yaml b/resources/v1.26.1/charts/cni/templates/serviceaccount.yaml deleted file mode 100644 index 3193d7b74..000000000 --- a/resources/v1.26.1/charts/cni/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.1/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.26.1/charts/cni/templates/zzy_descope_legacy.yaml deleted file mode 100644 index a9584ac29..000000000 --- a/resources/v1.26.1/charts/cni/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.cni` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "cni") }} \ No newline at end of file diff --git a/resources/v1.26.1/charts/cni/templates/zzz_profile.yaml b/resources/v1.26.1/charts/cni/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.1/charts/cni/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.1/charts/cni/values.yaml b/resources/v1.26.1/charts/cni/values.yaml deleted file mode 100644 index 995440123..000000000 --- a/resources/v1.26.1/charts/cni/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - hub: "" - tag: "" - variant: "" - image: install-cni - pullPolicy: "" - - # Same as `global.logging.level`, but will override it if set - logging: - level: "" - - # Configuration file to insert istio-cni plugin configuration - # by default this will be the first file found in the cni-conf-dir - # Example - # cniConfFileName: 10-calico.conflist - - # CNI-and-platform specific path defaults. - # These may need to be set to platform-specific values, consult - # overrides for your platform in `manifests/helm-profiles/platform-*.yaml` - cniBinDir: /opt/cni/bin - cniConfDir: /etc/cni/net.d - cniConfFileName: "" - cniNetnsDir: "/var/run/netns" - - excludeNamespaces: - - kube-system - - # Allows user to set custom affinity for the DaemonSet - affinity: {} - - # Custom annotations on pod level, if you need them - podAnnotations: {} - - # Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")? - # Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case - chained: true - - # Custom configuration happens based on the CNI provider. - # Possible values: "default", "multus" - provider: "default" - - # Configure ambient settings - ambient: - # If enabled, ambient redirection will be enabled - enabled: false - # Set ambient config dir path: defaults to /etc/ambient-config - configDir: "" - # If enabled, and ambient is enabled, DNS redirection will be enabled - dnsCapture: true - # If enabled, and ambient is enabled, enables ipv6 support - ipv6: true - # If enabled, and ambient is enabled, the CNI agent will reconcile incompatible iptables rules and chains at startup. - # This will eventually be enabled by default - reconcileIptablesOnStartup: false - # If enabled, and ambient is enabled, the CNI agent will always share the network namespace of the host node it is running on - shareHostNetworkNamespace: false - - - repair: - enabled: true - hub: "" - tag: "" - - # Repair controller has 3 modes. Pick which one meets your use cases. Note only one may be used. - # This defines the action the controller will take when a pod is detected as broken. - - # labelPods will label all pods with =. - # This is only capable of identifying broken pods; the user is responsible for fixing them (generally, by deleting them). - # Note this gives the DaemonSet a relatively high privilege, as modifying pod metadata/status can have wider impacts. - labelPods: false - # deletePods will delete any broken pod. These will then be rescheduled, hopefully onto a node that is fully ready. - # Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod. - deletePods: false - # repairPods will dynamically repair any broken pod by setting up the pod networking configuration even after it has started. - # Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. - # This requires no RBAC privilege, but does require `securityContext.privileged/CAP_SYS_ADMIN`. - repairPods: true - - initContainerName: "istio-validation" - - brokenPodLabelKey: "cni.istio.io/uninitialized" - brokenPodLabelValue: "true" - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # SELinux options to set in the istio-cni-node pods. You may need to set this to `type: spc_t` for some platforms. - seLinuxOptions: {} - - resources: - requests: - cpu: 100m - memory: 100Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # For Helm compatibility. - ownerName: "" - - global: - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - - # Default tag for Istio images. - tag: 1.26.1 - - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # change cni scope level to control logging out of istio-cni-node DaemonSet - logging: - level: info - - logAsJson: false - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Default resources allocated - defaultResources: - requests: - cpu: 100m - memory: 100Mi - - # A `key: value` mapping of environment variables to add to the pod - env: {} diff --git a/resources/v1.26.1/charts/gateway/Chart.yaml b/resources/v1.26.1/charts/gateway/Chart.yaml deleted file mode 100644 index 23b199769..000000000 --- a/resources/v1.26.1/charts/gateway/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.1 -description: Helm chart for deploying Istio gateways -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- gateways -name: gateway -sources: -- https://github.com/istio/istio -type: application -version: 1.26.1 diff --git a/resources/v1.26.1/charts/gateway/README.md b/resources/v1.26.1/charts/gateway/README.md deleted file mode 100644 index 5c064d165..000000000 --- a/resources/v1.26.1/charts/gateway/README.md +++ /dev/null @@ -1,170 +0,0 @@ -# Istio Gateway Helm Chart - -This chart installs an Istio gateway deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-ingressgateway`: - -```console -helm install istio-ingressgateway istio/gateway -``` - -## Uninstalling the Chart - -To uninstall/delete the `istio-ingressgateway` deployment: - -```console -helm delete istio-ingressgateway -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/gateway -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### OpenShift - -When deploying the gateway in an OpenShift cluster, use the `openshift` profile to override the default values, for example: - -```console -helm install istio-ingressgateway istio/gateway --set profile=openshift -``` - -### `image: auto` Information - -The image used by the chart, `auto`, may be unintuitive. -This exists because the pod spec will be automatically populated at runtime, using the same mechanism as [Sidecar Injection](istio.io/latest/docs/setup/additional-setup/sidecar-injection). -This allows the same configurations and lifecycle to apply to gateways as sidecars. - -Note: this does mean that the namespace the gateway is deployed in must not have the `istio-injection=disabled` label. -See [Controlling the injection policy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) for more info. - -### Examples - -#### Egress Gateway - -Deploying a Gateway to be used as an [Egress Gateway](https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/): - -```yaml -service: - # Egress gateways do not need an external LoadBalancer IP - type: ClusterIP -``` - -#### Multi-network/VM Gateway - -Deploying a Gateway to be used as a [Multi-network Gateway](https://istio.io/latest/docs/setup/install/multicluster/) for network `network-1`: - -```yaml -networkGateway: network-1 -``` - -### Migrating from other installation methods - -Installations from other installation methods (such as istioctl, Istio Operator, other helm charts, etc) can be migrated to use the new Helm charts -following the guidance below. -If you are able to, a clean installation is simpler. However, this often requires an external IP migration which can be challenging. - -WARNING: when installing over an existing deployment, the two deployments will be merged together by Helm, which may lead to unexpected results. - -#### Legacy Gateway Helm charts - -Istio historically offered two different charts - `manifests/charts/gateways/istio-ingress` and `manifests/charts/gateways/istio-egress`. -These are replaced by this chart. -While not required, it is recommended all new users use this chart, and existing users migrate when possible. - -This chart has the following benefits and differences: -* Designed with Helm best practices in mind (standardized values options, values schema, values are not all nested under `gateways.istio-ingressgateway.*`, release name and namespace taken into account, etc). -* Utilizes Gateway injection, simplifying upgrades, allowing gateways to run in any namespace, and avoiding repeating config for sidecars and gateways. -* Published to official Istio Helm repository. -* Single chart for all gateways (Ingress, Egress, East West). - -#### General concerns - -For a smooth migration, the resource names and `Deployment.spec.selector` labels must match. - -If you install with `helm install istio-gateway istio/gateway`, resources will be named `istio-gateway` and the `selector` labels set to: - -```yaml -app: istio-gateway -istio: gateway # the release name with leading istio- prefix stripped -``` - -If your existing installation doesn't follow these names, you can override them. For example, if you have resources named `my-custom-gateway` with `selector` labels -`foo=bar,istio=ingressgateway`: - -```yaml -name: my-custom-gateway # Override the name to match existing resources -labels: - app: "" # Unset default app selector label - istio: ingressgateway # override default istio selector label - foo: bar # Add the existing custom selector label -``` - -#### Migrating an existing Helm release - -An existing helm release can be `helm upgrade`d to this chart by using the same release name. For example, if a previous -installation was done like: - -```console -helm install istio-ingress manifests/charts/gateways/istio-ingress -n istio-system -``` - -It could be upgraded with - -```console -helm upgrade istio-ingress manifests/charts/gateway -n istio-system --set name=istio-ingressgateway --set labels.app=istio-ingressgateway --set labels.istio=ingressgateway -``` - -Note the name and labels are overridden to match the names of the existing installation. - -Warning: the helm charts here default to using port 80 and 443, while the old charts used 8080 and 8443. -If you have AuthorizationPolicies that reference port these ports, you should update them during this process, -or customize the ports to match the old defaults. -See the [security advisory](https://istio.io/latest/news/security/istio-security-2021-002/) for more information. - -#### Other migrations - -If you see errors like `rendered manifests contain a resource that already exists` during installation, you may need to forcibly take ownership. - -The script below can handle this for you. Replace `RELEASE` and `NAMESPACE` with the name and namespace of the release: - -```console -KINDS=(service deployment) -RELEASE=istio-ingressgateway -NAMESPACE=istio-system -for KIND in "${KINDS[@]}"; do - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-name=$RELEASE - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-namespace=$NAMESPACE - kubectl --namespace $NAMESPACE --overwrite=true label $KIND $RELEASE app.kubernetes.io/managed-by=Helm -done -``` - -You may ignore errors about resources not being found. diff --git a/resources/v1.26.1/charts/gateway/files/profile-ambient.yaml b/resources/v1.26.1/charts/gateway/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.1/charts/gateway/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.1/charts/gateway/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.1/charts/gateway/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.1/charts/gateway/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/gateway/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.1/charts/gateway/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.1/charts/gateway/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.1/charts/gateway/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.1/charts/gateway/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/gateway/files/profile-demo.yaml b/resources/v1.26.1/charts/gateway/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.1/charts/gateway/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.1/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.26.1/charts/gateway/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.1/charts/gateway/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.1/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.26.1/charts/gateway/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.1/charts/gateway/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.1/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.26.1/charts/gateway/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.1/charts/gateway/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.1/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.26.1/charts/gateway/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.1/charts/gateway/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.1/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.26.1/charts/gateway/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.1/charts/gateway/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.1/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.26.1/charts/gateway/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.1/charts/gateway/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.1/charts/gateway/files/profile-preview.yaml b/resources/v1.26.1/charts/gateway/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.1/charts/gateway/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.1/charts/gateway/files/profile-remote.yaml b/resources/v1.26.1/charts/gateway/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.1/charts/gateway/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.1/charts/gateway/files/profile-stable.yaml b/resources/v1.26.1/charts/gateway/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.1/charts/gateway/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.1/charts/gateway/templates/NOTES.txt b/resources/v1.26.1/charts/gateway/templates/NOTES.txt deleted file mode 100644 index fd0142911..000000000 --- a/resources/v1.26.1/charts/gateway/templates/NOTES.txt +++ /dev/null @@ -1,9 +0,0 @@ -"{{ include "gateway.name" . }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: - * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ - * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ diff --git a/resources/v1.26.1/charts/gateway/templates/_helpers.tpl b/resources/v1.26.1/charts/gateway/templates/_helpers.tpl deleted file mode 100644 index e5a0a9b3c..000000000 --- a/resources/v1.26.1/charts/gateway/templates/_helpers.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{- define "gateway.name" -}} -{{- if eq .Release.Name "RELEASE-NAME" -}} - {{- .Values.name | default "istio-ingressgateway" -}} -{{- else -}} - {{- .Values.name | default .Release.Name | default "istio-ingressgateway" -}} -{{- end -}} -{{- end }} - -{{- define "gateway.labels" -}} -{{ include "gateway.selectorLabels" . }} -{{- range $key, $val := .Values.labels }} -{{- if and (ne $key "app") (ne $key "istio") }} -{{ $key | quote }}: {{ $val | quote }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "gateway.selectorLabels" -}} -app: {{ (.Values.labels.app | quote) | default (include "gateway.name" .) }} -istio: {{ (.Values.labels.istio | quote) | default (include "gateway.name" . | trimPrefix "istio-") }} -{{- end }} - -{{/* -Keep sidecar injection labels together -https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy -*/}} -{{- define "gateway.sidecarInjectionLabels" -}} -sidecar.istio.io/inject: "true" -{{- with .Values.revision }} -istio.io/rev: {{ . | quote }} -{{- end }} -{{- end }} - -{{- define "gateway.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- .Values.serviceAccount.name | default (include "gateway.name" .) }} -{{- else }} -{{- .Values.serviceAccount.name | default "default" }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.1/charts/gateway/templates/deployment.yaml b/resources/v1.26.1/charts/gateway/templates/deployment.yaml deleted file mode 100644 index d83ff3b49..000000000 --- a/resources/v1.26.1/charts/gateway/templates/deployment.yaml +++ /dev/null @@ -1,131 +0,0 @@ -apiVersion: apps/v1 -kind: {{ .Values.kind | default "Deployment" }} -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - {{- if and (hasKey .Values "replicaCount") (ne .Values.replicaCount nil) }} - replicas: {{ .Values.replicaCount }} - {{- end }} - {{- end }} - {{- with .Values.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.minReadySeconds }} - minReadySeconds: {{ . }} - {{- end }} - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "gateway.sidecarInjectionLabels" . | nindent 8 }} - {{- include "gateway.selectorLabels" . | nindent 8 }} - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 8}} - {{- range $key, $val := .Values.labels }} - {{- if and (ne $key "app") (ne $key "istio") }} - {{ $key | quote }}: {{ $val | quote }} - {{- end }} - {{- end }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "gateway.serviceAccountName" . }} - securityContext: - {{- if .Values.securityContext }} - {{- toYaml .Values.securityContext | nindent 8 }} - {{- else }} - # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326 - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - {{- with .Values.volumes }} - volumes: - {{ toYaml . | nindent 8 }} - {{- end }} - containers: - - name: istio-proxy - # "auto" will be populated at runtime by the mutating webhook. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#customizing-injection - image: auto - {{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} - {{- end }} - securityContext: - {{- if .Values.containerSecurityContext }} - {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- else }} - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - {{- if not (eq (.Values.platform | default "") "openshift") }} - runAsUser: 1337 - runAsGroup: 1337 - {{- end }} - runAsNonRoot: true - {{- end }} - env: - {{- with .Values.networkGateway }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: "{{.}}" - {{- end }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} - {{- with .Values.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} diff --git a/resources/v1.26.1/charts/gateway/templates/hpa.yaml b/resources/v1.26.1/charts/gateway/templates/hpa.yaml deleted file mode 100644 index 64ecb6a4c..000000000 --- a/resources/v1.26.1/charts/gateway/templates/hpa.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if and (.Values.autoscaling.enabled) (eq .Values.kind "Deployment") }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: {{ .Values.kind | default "Deployment" }} - name: {{ include "gateway.name" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaling.autoscaleBehavior | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.1/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.26.1/charts/gateway/templates/poddisruptionbudget.yaml deleted file mode 100644 index b0155cdf0..000000000 --- a/resources/v1.26.1/charts/gateway/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} -spec: - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - {{- with .Values.podDisruptionBudget }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.1/charts/gateway/templates/role.yaml b/resources/v1.26.1/charts/gateway/templates/role.yaml deleted file mode 100644 index 3d1607963..000000000 --- a/resources/v1.26.1/charts/gateway/templates/role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/*Set up roles for Istio Gateway. Not required for gateway-api*/}} -{{- if .Values.rbac.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "gateway.serviceAccountName" . }} -subjects: -- kind: ServiceAccount - name: {{ include "gateway.serviceAccountName" . }} -{{- end }} diff --git a/resources/v1.26.1/charts/gateway/templates/service.yaml b/resources/v1.26.1/charts/gateway/templates/service.yaml deleted file mode 100644 index 3e28418f7..000000000 --- a/resources/v1.26.1/charts/gateway/templates/service.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if not (eq .Values.service.type "None") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - annotations: - {{- merge (deepCopy .Values.service.annotations) .Values.annotations | toYaml | nindent 4 }} -spec: -{{- with .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ . }}" -{{- end }} -{{- if eq .Values.service.type "LoadBalancer" }} - {{- if hasKey .Values.service "allocateLoadBalancerNodePorts" }} - allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }} - {{- end }} - {{- if hasKey .Values.service "loadBalancerClass" }} - loadBalancerClass: {{ .Values.service.loadBalancerClass }} - {{- end }} -{{- end }} -{{- if .Values.service.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} -{{- end }} -{{- if .Values.service.ipFamilies }} - ipFamilies: -{{- range .Values.service.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} -{{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: "{{ . }}" -{{- end }} - type: {{ .Values.service.type }} - ports: -{{- if .Values.networkGateway }} - - name: status-port - port: 15021 - targetPort: 15021 - - name: tls - port: 15443 - targetPort: 15443 - - name: tls-istiod - port: 15012 - targetPort: 15012 - - name: tls-webhook - port: 15017 - targetPort: 15017 -{{- else }} -{{ .Values.service.ports | toYaml | indent 4 }} -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: {{- range .Values.service.externalIPs }} - - {{.}} - {{- end }} -{{- end }} - selector: - {{- include "gateway.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.1/charts/gateway/templates/serviceaccount.yaml b/resources/v1.26.1/charts/gateway/templates/serviceaccount.yaml deleted file mode 100644 index c88afeadd..000000000 --- a/resources/v1.26.1/charts/gateway/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.1/charts/gateway/templates/zzz_profile.yaml b/resources/v1.26.1/charts/gateway/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.1/charts/gateway/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.1/charts/gateway/values.schema.json b/resources/v1.26.1/charts/gateway/values.schema.json deleted file mode 100644 index 3fdaa2730..000000000 --- a/resources/v1.26.1/charts/gateway/values.schema.json +++ /dev/null @@ -1,330 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "$defs": { - "values": { - "type": "object", - "properties": { - "global": { - "type": "object" - }, - "affinity": { - "type": "object" - }, - "securityContext": { - "type": [ - "object", - "null" - ] - }, - "containerSecurityContext": { - "type": [ - "object", - "null" - ] - }, - "kind": { - "type": "string", - "enum": [ - "Deployment", - "DaemonSet" - ] - }, - "annotations": { - "additionalProperties": { - "type": [ - "string", - "integer" - ] - }, - "type": "object" - }, - "autoscaling": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxReplicas": { - "type": "integer" - }, - "minReplicas": { - "type": "integer" - }, - "targetCPUUtilizationPercentage": { - "type": "integer" - } - } - }, - "env": { - "type": "object" - }, - "strategy": { - "type": "object" - }, - "minReadySeconds": { - "type": [ - "null", - "integer" - ] - }, - "readinessProbe": { - "type": [ - "null", - "object" - ] - }, - "labels": { - "type": "object" - }, - "name": { - "type": "string" - }, - "nodeSelector": { - "type": "object" - }, - "podAnnotations": { - "type": "object", - "properties": { - "inject.istio.io/templates": { - "type": "string" - }, - "prometheus.io/path": { - "type": "string" - }, - "prometheus.io/port": { - "type": "string" - }, - "prometheus.io/scrape": { - "type": "string" - } - } - }, - "replicaCount": { - "type": [ - "integer", - "null" - ] - }, - "resources": { - "type": "object", - "properties": { - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - }, - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - } - } - }, - "revision": { - "type": "string" - }, - "compatibilityVersion": { - "type": "string" - }, - "runAsRoot": { - "type": "boolean" - }, - "unprivilegedPort": { - "type": [ - "string", - "boolean" - ], - "enum": [ - true, - false, - "auto" - ] - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "loadBalancerIP": { - "type": "string" - }, - "loadBalancerSourceRanges": { - "type": "array" - }, - "ipFamilies": { - "items": { - "type": "string", - "enum": [ - "IPv4", - "IPv6" - ] - } - }, - "ipFamilyPolicy": { - "type": "string", - "enum": [ - "", - "SingleStack", - "PreferDualStack", - "RequireDualStack" - ] - }, - "ports": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "protocol": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - }, - "type": { - "type": "string" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "name": { - "type": "string" - }, - "create": { - "type": "boolean" - } - } - }, - "rbac": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "tolerations": { - "type": "array" - }, - "topologySpreadConstraints": { - "type": "array" - }, - "networkGateway": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string", - "enum": [ - "", - "Always", - "IfNotPresent", - "Never" - ] - }, - "imagePullSecrets": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - } - } - }, - "podDisruptionBudget": { - "type": "object", - "properties": { - "minAvailable": { - "type": [ - "integer", - "string" - ] - }, - "maxUnavailable": { - "type": [ - "integer", - "string" - ] - }, - "unhealthyPodEvictionPolicy": { - "type": "string", - "enum": [ - "", - "IfHealthyBudget", - "AlwaysAllow" - ] - } - } - }, - "terminationGracePeriodSeconds": { - "type": "number" - }, - "volumes": { - "type": "array", - "items": { - "type": "object" - } - }, - "volumeMounts": { - "type": "array", - "items": { - "type": "object" - } - }, - "priorityClassName": { - "type": "string" - }, - "_internal_defaults_do_not_set": { - "type": "object" - } - }, - "additionalProperties": false - } - }, - "defaults": { - "$ref": "#/$defs/values" - }, - "$ref": "#/$defs/values" -} diff --git a/resources/v1.26.1/charts/gateway/values.yaml b/resources/v1.26.1/charts/gateway/values.yaml deleted file mode 100644 index 4e65676ba..000000000 --- a/resources/v1.26.1/charts/gateway/values.yaml +++ /dev/null @@ -1,170 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Name allows overriding the release name. Generally this should not be set - name: "" - # revision declares which revision this gateway is a part of - revision: "" - - # Controls the spec.replicas setting for the Gateway deployment if set. - # Otherwise defaults to Kubernetes Deployment default (1). - replicaCount: - - kind: Deployment - - rbac: - # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed - # when using http://gateway-api.org/. - enabled: true - - serviceAccount: - # If set, a service account will be created. Otherwise, the default is used - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set, the release name is used - name: "" - - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - prometheus.io/path: "/stats/prometheus" - inject.istio.io/templates: "gateway" - sidecar.istio.io/inject: "true" - - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - containerSecurityContext: {} - - service: - # Type of service. Set to "None" to disable the service entirely - type: LoadBalancer - ports: - - name: status-port - port: 15021 - protocol: TCP - targetPort: 15021 - - name: http2 - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - annotations: {} - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalTrafficPolicy: "" - externalIPs: [] - ipFamilyPolicy: "" - ipFamilies: [] - ## Whether to automatically allocate NodePorts (only for LoadBalancers). - # allocateLoadBalancerNodePorts: false - ## Set LoadBalancer class (only for LoadBalancers). - # loadBalancerClass: "" - - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: {} - autoscaleBehavior: {} - - # Pod environment variables - env: {} - - # Deployment Update strategy - strategy: {} - - # Sets the Deployment minReadySeconds value - minReadySeconds: - - # Optionally configure a custom readinessProbe. By default the control plane - # automatically injects the readinessProbe. If you wish to override that - # behavior, you may define your own readinessProbe here. - readinessProbe: {} - - # Labels to apply to all resources - labels: - # By default, don't enroll gateways into the ambient dataplane - "istio.io/dataplane-mode": none - - # Annotations to apply to all resources - annotations: {} - - nodeSelector: {} - - tolerations: [] - - topologySpreadConstraints: [] - - affinity: {} - - # If specified, the gateway will act as a network gateway for the given network. - networkGateway: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent - imagePullPolicy: "" - - imagePullSecrets: [] - - # This value is used to configure a Kubernetes PodDisruptionBudget for the gateway. - # - # By default, the `podDisruptionBudget` is disabled (set to `{}`), - # which means that no PodDisruptionBudget resource will be created. - # - # To enable the PodDisruptionBudget, configure it by specifying the - # `minAvailable` or `maxUnavailable`. For example, to set the - # minimum number of available replicas to 1, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # - # Or, to allow a maximum of 1 unavailable replica, you can set: - # - # podDisruptionBudget: - # maxUnavailable: 1 - # - # You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`. - # For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # unhealthyPodEvictionPolicy: AlwaysAllow - # - # To disable the PodDisruptionBudget, you can leave it as an empty object `{}`: - # - # podDisruptionBudget: {} - # - podDisruptionBudget: {} - - # Sets the per-pod terminationGracePeriodSeconds setting. - terminationGracePeriodSeconds: 30 - - # A list of `Volumes` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumes: [] - - # A list of `VolumeMounts` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumeMounts: [] - - # Configure this to a higher priority class in order to make sure your Istio gateway pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" diff --git a/resources/v1.26.1/charts/istiod/Chart.yaml b/resources/v1.26.1/charts/istiod/Chart.yaml deleted file mode 100644 index fd94f0a1f..000000000 --- a/resources/v1.26.1/charts/istiod/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.1 -description: Helm chart for istio control plane -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- istiod -- istio-discovery -name: istiod -sources: -- https://github.com/istio/istio -version: 1.26.1 diff --git a/resources/v1.26.1/charts/istiod/README.md b/resources/v1.26.1/charts/istiod/README.md deleted file mode 100644 index ddbfbc8fe..000000000 --- a/resources/v1.26.1/charts/istiod/README.md +++ /dev/null @@ -1,73 +0,0 @@ -# Istiod Helm Chart - -This chart installs an Istiod deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -Before installing, ensure CRDs are installed in the cluster (from the `istio/base` chart). - -To install the chart with the release name `istiod`: - -```console -kubectl create namespace istio-system -helm install istiod istio/istiod --namespace istio-system -``` - -## Uninstalling the Chart - -To uninstall/delete the `istiod` deployment: - -```console -helm delete istiod --namespace istio-system -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istiod -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Examples - -#### Configuring mesh configuration settings - -Any [Mesh Config](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/) options can be configured like below: - -```yaml -meshConfig: - accessLogFile: /dev/stdout -``` - -#### Revisions - -Control plane revisions allow deploying multiple versions of the control plane in the same cluster. -This allows safe [canary upgrades](https://istio.io/latest/docs/setup/upgrade/canary/) - -```yaml -revision: my-revision-name -``` diff --git a/resources/v1.26.1/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.26.1/charts/istiod/files/gateway-injection-template.yaml deleted file mode 100644 index fdeab1adb..000000000 --- a/resources/v1.26.1/charts/istiod/files/gateway-injection-template.yaml +++ /dev/null @@ -1,261 +0,0 @@ -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: - istio.io/rev: {{ .Revision | default "default" | quote }} - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}" - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}" - {{- end }} - {{- end }} -spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 4 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- end }} - securityContext: - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.1/charts/istiod/files/grpc-agent.yaml b/resources/v1.26.1/charts/istiod/files/grpc-agent.yaml deleted file mode 100644 index 6f3315b35..000000000 --- a/resources/v1.26.1/charts/istiod/files/grpc-agent.yaml +++ /dev/null @@ -1,318 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - {{/* security.istio.io/tlsMode: istio must be set by user, if gRPC is using mTLS initialization code. We can't set it automatically. */}} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} - sidecar.istio.io/rewriteAppHTTPProbers: "false", - } -spec: - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15020 - protocol: TCP - name: mesh-metrics - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - - --url=http://localhost:15020/healthz/ready - env: - - name: ISTIO_META_GENERATOR - value: grpc - - name: OUTPUT_CERTS - value: /var/lib/istio/data - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - # grpc uses xds:/// to resolve – no need to resolve VIP - - name: ISTIO_META_DNS_CAPTURE - value: "false" - - name: DISABLE_ENVOY - value: "true" - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15020 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} -{{- range $index, $container := .Spec.Containers }} -{{ if not (eq $container.Name "istio-proxy") }} - - name: {{ $container.Name }} - env: - - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" - value: "true" - - name: "GRPC_XDS_BOOTSTRAP" - value: "/etc/istio/proxy/grpc-bootstrap.json" - volumeMounts: - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - {{- if eq $.Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} -{{- end }} -{{- end }} - volumes: - - emptyDir: - name: workload-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-xds - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.1/charts/istiod/files/grpc-simple.yaml b/resources/v1.26.1/charts/istiod/files/grpc-simple.yaml deleted file mode 100644 index 9ba0c7a46..000000000 --- a/resources/v1.26.1/charts/istiod/files/grpc-simple.yaml +++ /dev/null @@ -1,65 +0,0 @@ -metadata: - annotations: - sidecar.istio.io/rewriteAppHTTPProbers: "false" -spec: - initContainers: - - name: grpc-bootstrap-init - image: busybox:1.28 - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - env: - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_NAMESPACE - value: | - {{ .Values.global.istioNamespace }} - command: - - sh - - "-c" - - |- - NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local" - SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010" - echo ' - { - "xds_servers": [ - { - "server_uri": "'${SERVER_URI}'", - "channel_creds": [{"type": "insecure"}], - "server_features" : ["xds_v3"] - } - ], - "node": { - "id": "'${NODE_ID}'", - "metadata": { - "GENERATOR": "grpc" - } - } - }' > /var/lib/grpc/data/bootstrap.json - containers: - {{- range $index, $container := .Spec.Containers }} - - name: {{ $container.Name }} - env: - - name: GRPC_XDS_BOOTSTRAP - value: /var/lib/grpc/data/bootstrap.json - - name: GRPC_GO_LOG_VERBOSITY_LEVEL - value: "99" - - name: GRPC_GO_LOG_SEVERITY_LEVEL - value: info - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - {{- end }} - volumes: - - name: grpc-io-proxyless-bootstrap - emptyDir: {} diff --git a/resources/v1.26.1/charts/istiod/files/injection-template.yaml b/resources/v1.26.1/charts/istiod/files/injection-template.yaml deleted file mode 100644 index d8b96ffdc..000000000 --- a/resources/v1.26.1/charts/istiod/files/injection-template.yaml +++ /dev/null @@ -1,530 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{ $nativeSidecar := (or (and (not (isset .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`)) (eq (env "ENABLE_NATIVE_SIDECARS" "false") "true")) (eq (index .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`) "true")) }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio" | quote }} - {{- if eq (index .ProxyConfig.ProxyMetadata "ISTIO_META_ENABLE_HBONE") "true" }} - networking.istio.io/tunnel: {{ index .ObjectMeta.Labels `networking.istio.io/tunnel` | default "http" | quote }} - {{- end }} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | trunc 63 | trimSuffix "-" | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} -{{- if .Values.pilot.cni.enabled }} - {{- if eq .Values.pilot.cni.provider "multus" }} - k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `default/istio-cni` }}', - {{- end }} - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}", - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} - traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}", - {{- end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}istio.io/reroute-virtual-interfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}traffic.sidecar.istio.io/excludeInterfaces: "{{.}}",{{ end }} -{{- end }} - } -spec: - {{- $holdProxy := and - (or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts) - (not $nativeSidecar) }} - {{- $noInitContainer := and - (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE`) - (not $nativeSidecar) }} - {{ if $noInitContainer }} - initContainers: [] - {{ else -}} - initContainers: - {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} - {{ if .Values.pilot.cni.enabled -}} - - name: istio-validation - {{ else -}} - - name: istio-init - {{ end -}} - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - args: - - istio-iptables - - "-p" - - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }} - - "-z" - - {{ .MeshConfig.ProxyInboundListenPort | default "15006" | quote }} - - "-u" - - {{ .ProxyUID | default "1337" | quote }} - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}" - - "-d" - {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} - - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{- else }} - - "15090,15021" - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} - - "-q" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" - {{ end -}} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`) -}} - - "-c" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}" - {{ end -}} - - "--log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}" - {{ if .Values.global.logAsJson -}} - - "--log_as_json" - {{ end -}} - {{ if .Values.pilot.cni.enabled -}} - - "--run-validation" - - "--skip-rule-apply" - {{ else if .Values.global.proxy_init.forceApplyIptables -}} - - "--force-apply" - {{ end -}} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{- if .ProxyConfig.ProxyMetadata }} - env: - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: - {{- if not .Values.pilot.cni.enabled }} - add: - - NET_ADMIN - - NET_RAW - {{- end }} - drop: - - ALL - {{- if not .Values.pilot.cni.enabled }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - readOnlyRootFilesystem: true - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsUser: {{ .ProxyUID | default "1337" }} - runAsNonRoot: true - {{- end }} - {{ end -}} - {{ end -}} - {{ if not $nativeSidecar }} - containers: - {{ end }} - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{ if $nativeSidecar }}restartPolicy: Always{{end}} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- else if $holdProxy }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - {{- else if $nativeSidecar }} - {{- /* preStop is called when the pod starts shutdown. Initialize drain. We will get SIGTERM once applications are torn down. */}} - lifecycle: - preStop: - exec: - command: - - pilot-agent - - request - - --debug-port={{(annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort)}} - - POST - - drain - {{- end }} - env: - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- with (index .ObjectMeta.Labels `service.istio.io/workload-name` | default .DeploymentMeta.Name) }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ . }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - {{ if .Values.global.proxy.startupProbe.enabled }} - startupProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: 0 - periodSeconds: 1 - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.startupProbe.failureThreshold }} - {{ end }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }} - allowPrivilegeEscalation: true - capabilities: - add: - - NET_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: true - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: false - runAsUser: 0 - {{- else }} - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - add: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - - NET_ADMIN - {{- end }} - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} - - NET_BIND_SERVICE - {{- end }} - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: true - runAsGroup: {{ .ProxyGID | default "1337" }} - {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - runAsNonRoot: false - runAsUser: 0 - {{- else -}} - runAsNonRoot: true - runAsUser: {{ .ProxyUID | default "1337" }} - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} - volumes: - - emptyDir: - name: workload-socket - - emptyDir: - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.1/charts/istiod/files/kube-gateway.yaml b/resources/v1.26.1/charts/istiod/files/kube-gateway.yaml deleted file mode 100644 index 447ecae83..000000000 --- a/resources/v1.26.1/charts/istiod/files/kube-gateway.yaml +++ /dev/null @@ -1,401 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": {{.Name}} - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 8 }} - spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 8 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- if .Values.gateways.seccompProfile }} - seccompProfile: - {{- toYaml .Values.gateways.seccompProfile | nindent 10 }} - {{- end }} - {{- end }} - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{- if .Values.global.proxy.resources }} - resources: - {{- toYaml .Values.global.proxy.resources | nindent 10 }} - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - securityContext: - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: true - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }} - {{- end }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: "[]" - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName .ClusterID }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- with (valueOrDefault (index .InfrastructureLabels "topology.istio.io/network") .Values.global.network) }} - - name: ISTIO_META_NETWORK - value: {{.|quote}} - {{- end }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName|quote}} - - name: ISTIO_META_OWNER - value: "kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}}" - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- with (index .InfrastructureLabels "topology.istio.io/network") }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: {{.|quote}} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq ((.Values.pilot).env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: {{.UID}} -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": {{.Name}} - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.1/charts/istiod/files/profile-ambient.yaml b/resources/v1.26.1/charts/istiod/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.1/charts/istiod/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.1/charts/istiod/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.1/charts/istiod/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.1/charts/istiod/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/istiod/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.1/charts/istiod/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.1/charts/istiod/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.1/charts/istiod/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.1/charts/istiod/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/istiod/files/profile-demo.yaml b/resources/v1.26.1/charts/istiod/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.1/charts/istiod/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.1/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.26.1/charts/istiod/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.1/charts/istiod/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.1/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.26.1/charts/istiod/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.1/charts/istiod/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.1/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.26.1/charts/istiod/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.1/charts/istiod/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.1/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.26.1/charts/istiod/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.1/charts/istiod/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.1/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.26.1/charts/istiod/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.1/charts/istiod/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.1/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.26.1/charts/istiod/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.1/charts/istiod/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.1/charts/istiod/files/profile-preview.yaml b/resources/v1.26.1/charts/istiod/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.1/charts/istiod/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.1/charts/istiod/files/profile-remote.yaml b/resources/v1.26.1/charts/istiod/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.1/charts/istiod/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.1/charts/istiod/files/profile-stable.yaml b/resources/v1.26.1/charts/istiod/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.1/charts/istiod/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.1/charts/istiod/files/waypoint.yaml b/resources/v1.26.1/charts/istiod/files/waypoint.yaml deleted file mode 100644 index 421cabeae..000000000 --- a/resources/v1.26.1/charts/istiod/files/waypoint.yaml +++ /dev/null @@ -1,396 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": "{{.Name}}" - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "istio.io/dataplane-mode" "none" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 8}} - spec: - {{- if .Values.global.waypoint.affinity }} - affinity: - {{- toYaml .Values.global.waypoint.affinity | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml .Values.global.waypoint.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.nodeSelector }} - nodeSelector: - {{- toYaml .Values.global.waypoint.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.tolerations }} - tolerations: - {{- toYaml .Values.global.waypoint.tolerations | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 2 - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - args: - - proxy - - waypoint - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - {{.ServiceAccount}}.$(POD_NAMESPACE) - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - env: - - name: ISTIO_META_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - {{- if .ProxyConfig.ProxyMetadata }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - {{- $network := valueOrDefault (index .InfrastructureLabels `topology.istio.io/network`) .Values.global.network }} - {{- if $network }} - - name: ISTIO_META_NETWORK - value: "{{ $network }}" - {{- end }} - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName}} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if .Values.global.waypoint.resources }} - resources: - {{- toYaml .Values.global.waypoint.resources | nindent 10 }} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - privileged: false - {{- if not (eq .Values.global.platform "openshift") }} - runAsGroup: 1337 - runAsUser: 1337 - {{- end }} - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.gateways.seccompProfile }} - seccompProfile: -{{- toYaml .Values.gateways.seccompProfile | nindent 12 }} -{{- end }} - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: - medium: Memory - name: go-proxy-envoy - - emptyDir: {} - name: istio-data - - emptyDir: {} - name: go-proxy-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap - (strdict "networking.istio.io/traffic-distribution" "PreferClose") - (omit .InfrastructureAnnotations - "kubectl.kubernetes.io/last-applied-configuration" - "gateway.istio.io/name-override" - "gateway.istio.io/service-account" - "gateway.istio.io/controller-version" - ) | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": "{{.Name}}" - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.1/charts/istiod/templates/NOTES.txt b/resources/v1.26.1/charts/istiod/templates/NOTES.txt deleted file mode 100644 index 0d07ea7f4..000000000 --- a/resources/v1.26.1/charts/istiod/templates/NOTES.txt +++ /dev/null @@ -1,82 +0,0 @@ -"istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: -{{- $profile := default "" .Values.profile }} -{{- if (eq $profile "ambient") }} - * Get started with ambient: https://istio.io/latest/docs/ops/ambient/getting-started/ - * Review ambient's architecture: https://istio.io/latest/docs/ops/ambient/architecture/ -{{- else }} - * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/ - * Try out our tasks to get started on common configurations: - * https://istio.io/latest/docs/tasks/traffic-management - * https://istio.io/latest/docs/tasks/security/ - * https://istio.io/latest/docs/tasks/policy-enforcement/ -{{- end }} - * Review the list of actively supported releases, CVE publications and our hardening guide: - * https://istio.io/latest/docs/releases/supported-releases/ - * https://istio.io/latest/news/security/ - * https://istio.io/latest/docs/ops/best-practices/security/ - -For further documentation see https://istio.io website - -{{- - $deps := dict - "global.outboundTrafficPolicy" "meshConfig.outboundTrafficPolicy" - "global.certificates" "meshConfig.certificates" - "global.localityLbSetting" "meshConfig.localityLbSetting" - "global.policyCheckFailOpen" "meshConfig.policyCheckFailOpen" - "global.enableTracing" "meshConfig.enableTracing" - "global.proxy.accessLogFormat" "meshConfig.accessLogFormat" - "global.proxy.accessLogFile" "meshConfig.accessLogFile" - "global.proxy.concurrency" "meshConfig.defaultConfig.concurrency" - "global.proxy.envoyAccessLogService" "meshConfig.defaultConfig.envoyAccessLogService" - "global.proxy.envoyAccessLogService.enabled" "meshConfig.enableEnvoyAccessLogService" - "global.proxy.envoyMetricsService" "meshConfig.defaultConfig.envoyMetricsService" - "global.proxy.protocolDetectionTimeout" "meshConfig.protocolDetectionTimeout" - "global.proxy.holdApplicationUntilProxyStarts" "meshConfig.defaultConfig.holdApplicationUntilProxyStarts" - "pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" - "global.mtls.enabled" "the PeerAuthentication resource" - "global.mtls.auto" "meshConfig.enableAutoMtls" - "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address" - "global.tracer.lightstep.accessToken" "meshConfig.defaultConfig.tracing.lightstep.accessToken" - "global.tracer.zipkin.address" "meshConfig.defaultConfig.tracing.zipkin.address" - "global.tracer.datadog.address" "meshConfig.defaultConfig.tracing.datadog.address" - "global.meshExpansion.enabled" "Gateway and other Istio networking resources, such as in samples/multicluster/" - "istiocoredns.enabled" "the in-proxy DNS capturing (ISTIO_META_DNS_CAPTURE)" -}} -{{- range $dep, $replace := $deps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -WARNING: {{$dep|quote}} is deprecated; use {{$replace|quote}} instead. -{{- end }} -{{- end }} -{{- - $failDeps := dict - "telemetry.v2.prometheus.configOverride" - "telemetry.v2.stackdriver.configOverride" - "telemetry.v2.stackdriver.disableOutbound" - "telemetry.v2.stackdriver.outboundAccessLogging" - "global.tracer.stackdriver.debug" "meshConfig.defaultConfig.tracing.stackdriver.debug" - "global.tracer.stackdriver.maxNumberOfAttributes" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" - "global.tracer.stackdriver.maxNumberOfAnnotations" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" - "global.tracer.stackdriver.maxNumberOfMessageEvents" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" - "meshConfig.defaultConfig.tracing.stackdriver.debug" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" "Istio supported tracers" -}} -{{- range $dep, $replace := $failDeps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -{{fail (print $dep " is removed")}} -{{- end }} -{{- end }} -{{- if eq $.Values.global.pilotCertProvider "kubernetes" }} -{{- fail "pilotCertProvider=kubernetes is not supported" }} -{{- end }} \ No newline at end of file diff --git a/resources/v1.26.1/charts/istiod/templates/_helpers.tpl b/resources/v1.26.1/charts/istiod/templates/_helpers.tpl deleted file mode 100644 index 042c92538..000000000 --- a/resources/v1.26.1/charts/istiod/templates/_helpers.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* Default Prometheus is enabled if its enabled and there are no config overrides set */}} -{{ define "default-prometheus" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.prometheus.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. Default metrics are enabled if SD is enabled */}} -{{ define "default-sd-metrics" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. */}} -{{ define "default-sd-logs" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/autoscale.yaml b/resources/v1.26.1/charts/istiod/templates/autoscale.yaml deleted file mode 100644 index 09cd6258c..000000000 --- a/resources/v1.26.1/charts/istiod/templates/autoscale.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.cpu.targetAverageUtilization }} - {{- if .Values.memory.targetAverageUtilization }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.memory.targetAverageUtilization }} - {{- end }} - {{- if .Values.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaleBehavior | nindent 4 }} - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/clusterrole.yaml b/resources/v1.26.1/charts/istiod/templates/clusterrole.yaml deleted file mode 100644 index f5157600e..000000000 --- a/resources/v1.26.1/charts/istiod/templates/clusterrole.yaml +++ /dev/null @@ -1,206 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - # sidecar injection controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - # configuration validation webhook controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] - - # istio configuration - # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) - # please proceed with caution - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["get", "watch", "list"] - resources: ["*"] -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["update", "patch"] - resources: - - authorizationpolicies/status - - destinationrules/status - - envoyfilters/status - - gateways/status - - peerauthentications/status - - proxyconfigs/status - - requestauthentications/status - - serviceentries/status - - sidecars/status - - telemetries/status - - virtualservices/status - - wasmplugins/status - - workloadentries/status - - workloadgroups/status -{{- end }} - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries/status", "serviceentries/status" ] - - apiGroups: ["security.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "authorizationpolicies/status" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services/status" ] - - # auto-detect installed CRD definitions - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - # discovery and routing - - apiGroups: [""] - resources: ["pods", "nodes", "services", "namespaces", "endpoints"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - -{{- if .Values.taint.enabled }} - - apiGroups: [""] - resources: ["nodes"] - verbs: ["patch"] -{{- end }} - - # ingress controller -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] -{{- end}} - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses", "ingressclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] - - # required for CA's namespace controller - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - # Istiod and bootstrap. -{{- $omitCertProvidersForClusterRole := list "istiod" "custom" "none"}} -{{- if or .Values.env.EXTERNAL_CA (not (has .Values.global.pilotCertProvider $omitCertProvidersForClusterRole)) }} - - apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete", "watch"] - - apiGroups: ["certificates.k8s.io"] - resources: - - "signers" - resourceNames: -{{- range .Values.global.certSigners }} - - {{ . | quote }} -{{- end }} - verbs: ["approve"] -{{- end}} -{{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - - apiGroups: ["certificates.k8s.io"] - resources: ["clustertrustbundles"] - verbs: ["update", "create", "delete"] - - apiGroups: ["certificates.k8s.io"] - resources: ["signers"] - resourceNames: ["istio.io/istiod-ca"] - verbs: ["attest"] -{{- end }} - - # Used by Istiod to verify the JWT tokens - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - # Used by Istiod to verify gateway SDS - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] - - # Use for Kubernetes Service APIs - - apiGroups: ["gateway.networking.k8s.io", "gateway.networking.x-k8s.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] - - apiGroups: ["gateway.networking.x-k8s.io"] - resources: - - xbackendtrafficpolicies/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: - - backendtlspolicies/status - - gatewayclasses/status - - gateways/status - - grpcroutes/status - - httproutes/status - - referencegrants/status - - tcproutes/status - - tlsroutes/status - - udproutes/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: ["gatewayclasses"] - verbs: ["create", "update", "patch", "delete"] - - # Needed for multicluster secret reading, possibly ingress certs in the future - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] - - # Used for MCS serviceexport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: [ "get", "watch", "list", "create", "delete"] - - # Used for MCS serviceimport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "watch", "list"] ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: ["apps"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "deployments" ] - - apiGroups: ["autoscaling"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "horizontalpodautoscalers" ] - - apiGroups: ["policy"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "poddisruptionbudgets" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "serviceaccounts"] -{{- end }} -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.26.1/charts/istiod/templates/clusterrolebinding.yaml deleted file mode 100644 index 10781b407..000000000 --- a/resources/v1.26.1/charts/istiod/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.26.1/charts/istiod/templates/configmap-jwks.yaml deleted file mode 100644 index 3505d2822..000000000 --- a/resources/v1.26.1/charts/istiod/templates/configmap-jwks.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/configmap-values.yaml b/resources/v1.26.1/charts/istiod/templates/configmap-values.yaml deleted file mode 100644 index 75e6e0bcc..000000000 --- a/resources/v1.26.1/charts/istiod/templates/configmap-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: values{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - annotations: - kubernetes.io/description: This ConfigMap contains the Helm values used during chart rendering. This ConfigMap is rendered for debugging purposes and external tooling; modifying these values has no effect. - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - original-values: |- -{{ .Values._original | toPrettyJson | indent 4 }} -{{- $_ := unset $.Values "_original" }} - merged-values: |- -{{ .Values | toPrettyJson | indent 4 }} diff --git a/resources/v1.26.1/charts/istiod/templates/configmap.yaml b/resources/v1.26.1/charts/istiod/templates/configmap.yaml deleted file mode 100644 index 3098d300f..000000000 --- a/resources/v1.26.1/charts/istiod/templates/configmap.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- define "mesh" }} - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: "cluster.local" - - # The namespace to treat as the administrative root namespace for Istio configuration. - # When processing a leaf namespace Istio will search for declarations in that namespace first - # and if none are found it will search in the root namespace. Any matching declaration found in the root namespace - # is processed as if it were declared in the leaf namespace. - rootNamespace: {{ .Values.meshConfig.rootNamespace | default .Values.global.istioNamespace }} - - {{ $prom := include "default-prometheus" . | eq "true" }} - {{ $sdMetrics := include "default-sd-metrics" . | eq "true" }} - {{ $sdLogs := include "default-sd-logs" . | eq "true" }} - {{- if or $prom $sdMetrics $sdLogs }} - defaultProviders: - {{- if or $prom $sdMetrics }} - metrics: - {{ if $prom }}- prometheus{{ end }} - {{ if and $sdMetrics $sdLogs }}- stackdriver{{ end }} - {{- end }} - {{- if and $sdMetrics $sdLogs }} - accessLogging: - - stackdriver - {{- end }} - {{- end }} - - defaultConfig: - {{- if .Values.global.meshID }} - meshId: "{{ .Values.global.meshID }}" - {{- end }} - {{- with (.Values.global.proxy.variant | default .Values.global.variant) }} - image: - imageType: {{. | quote}} - {{- end }} - {{- if not (eq .Values.global.proxy.tracer "none") }} - tracing: - {{- if eq .Values.global.proxy.tracer "lightstep" }} - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - zipkin: - # Address of the Zipkin collector - address: {{ ((.Values.global.tracer).zipkin).address | default (print "zipkin." .Values.global.istioNamespace ":9411") }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - datadog: - # Address of the Datadog Agent - address: {{ ((.Values.global.tracer).datadog).address | default "$(HOST_IP):8126" }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - stackdriver: - # enables trace output to stdout. - debug: {{ (($.Values.global.tracer).stackdriver).debug | default "false" }} - # The global default max number of attributes per span. - maxNumberOfAttributes: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAttributes | default "200" }} - # The global default max number of annotation events per span. - maxNumberOfAnnotations: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAnnotations | default "200" }} - # The global default max number of message events per span. - maxNumberOfMessageEvents: {{ (($.Values.global.tracer).stackdriver).maxNumberOfMessageEvents | default "200" }} - {{- end }} - {{- end }} - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ printf "istiod.%s.svc" .Release.Namespace }}:15012 - {{- else }} - discoveryAddress: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{.Release.Namespace}}.svc:15012 - {{- end }} -{{- end }} - -{{/* We take the mesh config above, defined with individual values.yaml, and merge with .Values.meshConfig */}} -{{/* The intent here is that meshConfig.foo becomes the API, rather than re-inventing the API in values.yaml */}} -{{- $originalMesh := include "mesh" . | fromYaml }} -{{- $mesh := mergeOverwrite $originalMesh .Values.meshConfig }} - -{{- if .Values.configMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} - - mesh: |- -{{- if .Values.meshConfig }} -{{ $mesh | toYaml | indent 4 }} -{{- else }} -{{- include "mesh" . }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/deployment.yaml b/resources/v1.26.1/charts/istiod/templates/deployment.yaml deleted file mode 100644 index 73917d860..000000000 --- a/resources/v1.26.1/charts/istiod/templates/deployment.yaml +++ /dev/null @@ -1,304 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- range $key, $val := .Values.deploymentLabels }} - {{ $key }}: "{{ $val }}" -{{- end }} -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - {{- if ne .Values.revision "" }} - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - {{- else }} - istio: pilot - {{- end }} - template: - metadata: - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - sidecar.istio.io/inject: "false" - operator.istio.io/component: "Pilot" - {{- if ne .Values.revision "" }} - istio: istiod - {{- else }} - istio: pilot - {{- end }} - {{- range $key, $val := .Values.podLabels }} - {{ $key }}: "{{ $val }}" - {{- end }} - istio.io/dataplane-mode: none - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 8 }} - annotations: - prometheus.io/port: "15014" - prometheus.io/scrape: "true" - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- with .Values.affinity }} - affinity: -{{- toYaml . | nindent 8 }} -{{- end }} - tolerations: - - key: cni.istio.io/not-ready - operator: "Exists" -{{- with .Values.tolerations }} -{{- toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{- toYaml . | nindent 8 }} -{{- end }} - serviceAccountName: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- with .Values.initContainers }} - initContainers: - {{- tpl (toYaml .) $ | nindent 8 }} -{{- end }} - containers: - - name: discovery -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "pilot" }}:{{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}}" -{{- end }} -{{- if .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} -{{- end }} - args: - - "discovery" - - --monitoringAddr=:15014 -{{- if .Values.global.logging.level }} - - --log_output_level={{ .Values.global.logging.level }} -{{- end}} -{{- if .Values.global.logAsJson }} - - --log_as_json -{{- end }} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.taint.namespace }} - - --cniNamespace={{ .Values.taint.namespace }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" -{{- if .Values.extraContainerArgs }} - {{- with .Values.extraContainerArgs }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- end }} - ports: - - containerPort: 8080 - protocol: TCP - name: http-debug - - containerPort: 15010 - protocol: TCP - name: grpc-xds - - containerPort: 15012 - protocol: TCP - name: tls-xds - - containerPort: 15017 - protocol: TCP - name: https-webhooks - - containerPort: 15014 - protocol: TCP - name: http-monitoring - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 1 - periodSeconds: 3 - timeoutSeconds: 5 - env: - - name: REVISION - value: "{{ .Values.revision | default `default` }}" - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.serviceAccountName - - name: KUBECONFIG - value: /var/run/secrets/remote/config - # If you explicitly told us where ztunnel lives, use that. - # Otherwise, assume it lives in our namespace - # Also, check for an explicit ENV override (legacy approach) and prefer that - # if present - {{ $ztTrustedNS := or .Values.trustedZtunnelNamespace .Release.Namespace }} - {{ $ztTrustedName := or .Values.trustedZtunnelName "ztunnel" }} - {{- if not .Values.env.CA_TRUSTED_NODE_ACCOUNTS }} - - name: CA_TRUSTED_NODE_ACCOUNTS - value: "{{ $ztTrustedNS }}/{{ $ztTrustedName }}" - {{- end }} - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - {{- with .Values.envVarFrom }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} -# If externalIstiod is set via Values.Global, then enable the pilot env variable. However, if it's set via Values.pilot.env, then -# don't set it here to avoid duplication. -# TODO (nshankar13): Move from Helm chart to code: https://github.com/istio/istio/issues/52449 -{{- if and .Values.global.externalIstiod (not (and .Values.env .Values.env.EXTERNAL_ISTIOD)) }} - - name: EXTERNAL_ISTIOD - value: "{{ .Values.global.externalIstiod }}" -{{- end }} - - name: PILOT_ENABLE_ANALYSIS - value: "{{ .Values.global.istiod.enableAnalysis }}" - - name: CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - divisor: "1" - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - divisor: "1" - - name: PLATFORM - value: "{{ coalesce .Values.global.platform .Values.platform }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - volumeMounts: - - name: istio-token - mountPath: /var/run/secrets/tokens - readOnly: true - - name: local-certs - mountPath: /var/run/secrets/istio-dns - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - - name: istio-kubeconfig - mountPath: /var/run/secrets/remote - readOnly: true - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts - {{- end }} - - name: istio-csr-dns-cert - mountPath: /var/run/secrets/istiod/tls - readOnly: true - - name: istio-csr-ca-configmap - mountPath: /var/run/secrets/istiod/ca - readOnly: true - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 10 }} - {{- end }} - volumes: - # Technically not needed on this pod - but it helps debugging/testing SDS - # Should be removed after everything works. - - emptyDir: - medium: Memory - name: local-certs - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ .Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - # Optional: user-generated root - - name: cacerts - secret: - secretName: cacerts - optional: true - - name: istio-kubeconfig - secret: - secretName: istio-kubeconfig - optional: true - # Optional: istio-csr dns pilot certs - - name: istio-csr-dns-cert - secret: - secretName: istiod-tls - optional: true - - name: istio-csr-ca-configmap - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - optional: true - {{- else }} - configMap: - name: istio-ca-root-cert - defaultMode: 420 - optional: true - {{- end }} - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} - ---- -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.26.1/charts/istiod/templates/gateway-class-configmap.yaml deleted file mode 100644 index 6b23d716a..000000000 --- a/resources/v1.26.1/charts/istiod/templates/gateway-class-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ range $key, $value := .Values.gatewayClasses }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-{{ $.Values.revision | default "default" }}-gatewayclass-{{$key}} - namespace: {{ $.Release.Namespace }} - labels: - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - gateway.istio.io/defaults-for-class: {{$key|quote}} - {{- include "istio.labels" $ | nindent 4 }} -data: -{{ range $kind, $overlay := $value }} - {{$kind}}: | -{{$overlay|toYaml|trim|indent 4}} -{{ end }} ---- -{{ end }} diff --git a/resources/v1.26.1/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.26.1/charts/istiod/templates/istiod-injector-configmap.yaml deleted file mode 100644 index 171aff886..000000000 --- a/resources/v1.26.1/charts/istiod/templates/istiod-injector-configmap.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: -{{/* Scope the values to just top level fields used in the template, to reduce the size. */}} - values: |- -{{ $vals := pick .Values "global" "sidecarInjectorWebhook" "revision" -}} -{{ $pilotVals := pick .Values "cni" "env" -}} -{{ $vals = set $vals "pilot" $pilotVals -}} -{{ $gatewayVals := pick .Values.gateways "securityContext" "seccompProfile" -}} -{{ $vals = set $vals "gateways" $gatewayVals -}} -{{ $vals | toPrettyJson | indent 4 }} - - # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching - # and istiod webhook functionality. - # - # New fields should not use Values - it is a 'primary' config object, users should be able - # to fine tune it or use it with kube-inject. - config: |- - # defaultTemplates defines the default template to use for pods that do not explicitly specify a template - {{- if .Values.sidecarInjectorWebhook.defaultTemplates }} - defaultTemplates: -{{- range .Values.sidecarInjectorWebhook.defaultTemplates}} - - {{ . }} -{{- end }} - {{- else }} - defaultTemplates: [sidecar] - {{- end }} - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": {{ $val | quote }} - {{- end }} - {{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template - which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined". - This should make it obvious that their installation is broken. - */}} - template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }} - templates: -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }} - sidecar: | -{{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }} - gateway: | -{{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }} - grpc-simple: | -{{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }} - grpc-agent: | -{{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "waypoint") }} - waypoint: | -{{ .Files.Get "files/waypoint.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "kube-gateway") }} - kube-gateway: | -{{ .Files.Get "files/kube-gateway.yaml" | trim | indent 8 }} -{{- end }} -{{- with .Values.sidecarInjectorWebhook.templates }} -{{ toYaml . | trim | indent 6 }} -{{- end }} - -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.26.1/charts/istiod/templates/mutatingwebhook.yaml deleted file mode 100644 index 22160f70a..000000000 --- a/resources/v1.26.1/charts/istiod/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- /* Core defines the common configuration used by all webhook segments */}} -{{/* Copy just what we need to avoid expensive deepCopy */}} -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "caBundle" .Values.istiodRemote.injectionCABundle - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - {{- if .caBundle }} - caBundle: "{{ .caBundle }}" - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- /* Installed for each revision - not installed for cluster resources ( cluster roles, bindings, crds) */}} -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq .Release.Namespace "istio-system"}} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- else }} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -{{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- /* Set up the selectors. First section is for revision, rest is for "default" revision */}} - -{{- /* Case 1: namespace selector matches, and object doesn't disable */}} -{{- /* Note: if both revision and legacy selector, we give precedence to the legacy one */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: No namespace selector, but object selects our revision (and doesn't disable) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - -{{- /* Webhooks for default revision */}} -{{- if (eq .Values.revision "") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if .Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.26.1/charts/istiod/templates/poddisruptionbudget.yaml deleted file mode 100644 index 1eacf16e6..000000000 --- a/resources/v1.26.1/charts/istiod/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - istio: pilot - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - minAvailable: 1 - selector: - matchLabels: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - istio: pilot - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.26.1/charts/istiod/templates/reader-clusterrole.yaml deleted file mode 100644 index 4707c7e9f..000000000 --- a/resources/v1.26.1/charts/istiod/templates/reader-clusterrole.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: - - "config.istio.io" - - "security.istio.io" - - "networking.istio.io" - - "authentication.istio.io" - - "rbac.istio.io" - - "telemetry.istio.io" - - "extensions.istio.io" - resources: ["*"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - # TODO(keithmattix): See if we can conditionally give permission to read secrets and configmaps iff externalIstiod - # is enabled. Best I can tell, these two resources are only needed for configuring proxy TLS (i.e. CA certs). - resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets", "configmaps"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] - resources: ["gateways"] - verbs: ["get", "watch", "list"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] -{{- if .Values.istiodRemote.enabled }} - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] -{{- end}} diff --git a/resources/v1.26.1/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.26.1/charts/istiod/templates/reader-clusterrolebinding.yaml deleted file mode 100644 index aea9f01f7..000000000 --- a/resources/v1.26.1/charts/istiod/templates/reader-clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} diff --git a/resources/v1.26.1/charts/istiod/templates/remote-istiod-endpoints.yaml b/resources/v1.26.1/charts/istiod/templates/remote-istiod-endpoints.yaml deleted file mode 100644 index a6de571da..000000000 --- a/resources/v1.26.1/charts/istiod/templates/remote-istiod-endpoints.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.istiodRemote.enabled }} -# if the remotePilotAddress is an IP addr -{{- if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 15017 - name: tcp-webhook - protocol: TCP ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.26.1/charts/istiod/templates/remote-istiod-service.yaml deleted file mode 100644 index d3f872f74..000000000 --- a/resources/v1.26.1/charts/istiod/templates/remote-istiod-service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 443 - targetPort: 15017 - name: tcp-webhook - protocol: TCP - {{- if and .Values.global.remotePilotAddress (not (regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress)) }} - # if the remotePilotAddress is not an IP addr, we use ExternalName - type: ExternalName - externalName: {{ .Values.global.remotePilotAddress }} - {{- end }} -{{- if .Values.global.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy }} -{{- end }} -{{- if .Values.global.ipFamilies }} - ipFamilies: -{{- range .Values.global.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/revision-tags.yaml b/resources/v1.26.1/charts/istiod/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.1/charts/istiod/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/role.yaml b/resources/v1.26.1/charts/istiod/templates/role.yaml deleted file mode 100644 index 10d89e8d1..000000000 --- a/resources/v1.26.1/charts/istiod/templates/role.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: -# permissions to verify the webhook is ready and rejecting -# invalid config. We use --server-dry-run so no config is persisted. -- apiGroups: ["networking.istio.io"] - verbs: ["create"] - resources: ["gateways"] - -# For storing CA secret -- apiGroups: [""] - resources: ["secrets"] - # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config - verbs: ["create", "get", "watch", "list", "update", "delete"] - -# For status controller, so it can delete the distribution report configmap -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["delete"] - -# For gateway deployment controller -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "update", "patch", "create"] -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/rolebinding.yaml b/resources/v1.26.1/charts/istiod/templates/rolebinding.yaml deleted file mode 100644 index a42f4ec44..000000000 --- a/resources/v1.26.1/charts/istiod/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/service.yaml b/resources/v1.26.1/charts/istiod/templates/service.yaml deleted file mode 100644 index 30d5b8912..000000000 --- a/resources/v1.26.1/charts/istiod/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.serviceAnnotations }} - annotations: -{{ toYaml .Values.serviceAnnotations | indent 4 }} - {{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: istiod - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15010 - name: grpc-xds # plaintext - protocol: TCP - - port: 15012 - name: https-dns # mTLS with k8s-signed cert - protocol: TCP - - port: 443 - name: https-webhook # validation and injection - targetPort: 15017 - protocol: TCP - - port: 15014 - name: http-monitoring # prometheus stats - protocol: TCP - selector: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - # Label used by the 'default' service. For versioned deployments we match with app and version. - # This avoids default deployment picking the canary - istio: pilot - {{- end }} - {{- if .Values.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.ipFamilyPolicy }} - {{- end }} - {{- if .Values.ipFamilies }} - ipFamilies: - {{- range .Values.ipFamilies }} - - {{ . }} - {{- end }} - {{- end }} ---- -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/serviceaccount.yaml b/resources/v1.26.1/charts/istiod/templates/serviceaccount.yaml deleted file mode 100644 index a673a4d07..000000000 --- a/resources/v1.26.1/charts/istiod/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} - {{- if .Values.serviceAccountAnnotations }} - annotations: -{{- toYaml .Values.serviceAccountAnnotations | nindent 4 }} - {{- end }} -{{- end }} ---- diff --git a/resources/v1.26.1/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.26.1/charts/istiod/templates/validatingadmissionpolicy.yaml deleted file mode 100644 index d36eef68e..000000000 --- a/resources/v1.26.1/charts/istiod/templates/validatingadmissionpolicy.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.experimental.stableValidationPolicy }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-policy-binding{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" -spec: - policyName: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - validationActions: [Deny] -{{- end }} -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.26.1/charts/istiod/templates/validatingwebhookconfiguration.yaml deleted file mode 100644 index fb28836a0..000000000 --- a/resources/v1.26.1/charts/istiod/templates/validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.global.configValidation }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-validator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - # Webhook handling per-revision validation. Mostly here so we can determine whether webhooks - # are rejecting invalid configs on a per-revision basis. - - name: rev.validation.istio.io - clientConfig: - # Should change from base but cannot for API compat - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.1/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.26.1/charts/istiod/templates/zzy_descope_legacy.yaml deleted file mode 100644 index ae8fced29..000000000 --- a/resources/v1.26.1/charts/istiod/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.pilot` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "pilot") }} \ No newline at end of file diff --git a/resources/v1.26.1/charts/istiod/templates/zzz_profile.yaml b/resources/v1.26.1/charts/istiod/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.1/charts/istiod/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.1/charts/istiod/values.yaml b/resources/v1.26.1/charts/istiod/values.yaml deleted file mode 100644 index 26e9a6161..000000000 --- a/resources/v1.26.1/charts/istiod/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.1 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.1/charts/revisiontags/Chart.yaml b/resources/v1.26.1/charts/revisiontags/Chart.yaml deleted file mode 100644 index e1132f0c9..000000000 --- a/resources/v1.26.1/charts/revisiontags/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.1 -description: Helm chart for istio revision tags -name: revisiontags -sources: -- https://github.com/istio-ecosystem/sail-operator -version: 0.1.0 - diff --git a/resources/v1.26.1/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.26.1/charts/revisiontags/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.1/charts/revisiontags/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.1/charts/revisiontags/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.1/charts/revisiontags/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.1/charts/revisiontags/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/revisiontags/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.1/charts/revisiontags/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.1/charts/revisiontags/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.1/charts/revisiontags/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.1/charts/revisiontags/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/revisiontags/files/profile-demo.yaml b/resources/v1.26.1/charts/revisiontags/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.1/charts/revisiontags/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.1/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.26.1/charts/revisiontags/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.1/charts/revisiontags/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.1/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.26.1/charts/revisiontags/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.1/charts/revisiontags/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.1/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.26.1/charts/revisiontags/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.1/charts/revisiontags/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.1/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.26.1/charts/revisiontags/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.1/charts/revisiontags/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.1/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.26.1/charts/revisiontags/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.1/charts/revisiontags/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.1/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.26.1/charts/revisiontags/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.1/charts/revisiontags/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.1/charts/revisiontags/files/profile-preview.yaml b/resources/v1.26.1/charts/revisiontags/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.1/charts/revisiontags/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.1/charts/revisiontags/files/profile-remote.yaml b/resources/v1.26.1/charts/revisiontags/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.1/charts/revisiontags/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.1/charts/revisiontags/files/profile-stable.yaml b/resources/v1.26.1/charts/revisiontags/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.1/charts/revisiontags/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.1/charts/revisiontags/templates/revision-tags.yaml b/resources/v1.26.1/charts/revisiontags/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.1/charts/revisiontags/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.1/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.26.1/charts/revisiontags/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.1/charts/revisiontags/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.1/charts/revisiontags/values.yaml b/resources/v1.26.1/charts/revisiontags/values.yaml deleted file mode 100644 index 26e9a6161..000000000 --- a/resources/v1.26.1/charts/revisiontags/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.1 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.1/charts/ztunnel/Chart.yaml b/resources/v1.26.1/charts/ztunnel/Chart.yaml deleted file mode 100644 index 8b477b07b..000000000 --- a/resources/v1.26.1/charts/ztunnel/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.1 -description: Helm chart for istio ztunnel components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-ztunnel -- istio -name: ztunnel -sources: -- https://github.com/istio/istio -version: 1.26.1 diff --git a/resources/v1.26.1/charts/ztunnel/README.md b/resources/v1.26.1/charts/ztunnel/README.md deleted file mode 100644 index ffe0b94fe..000000000 --- a/resources/v1.26.1/charts/ztunnel/README.md +++ /dev/null @@ -1,50 +0,0 @@ -# Istio Ztunnel Helm Chart - -This chart installs an Istio ztunnel. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart: - -```console -helm install ztunnel istio/ztunnel -``` - -## Uninstalling the Chart - -To uninstall/delete the chart: - -```console -helm delete ztunnel -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/ztunnel -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.1/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.26.1/charts/ztunnel/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.1/charts/ztunnel/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.1/charts/ztunnel/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.1/charts/ztunnel/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.1/charts/ztunnel/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/ztunnel/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.1/charts/ztunnel/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.1/charts/ztunnel/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.1/charts/ztunnel/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.1/charts/ztunnel/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.1/charts/ztunnel/files/profile-demo.yaml b/resources/v1.26.1/charts/ztunnel/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.1/charts/ztunnel/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.1/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.26.1/charts/ztunnel/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.1/charts/ztunnel/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.1/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.26.1/charts/ztunnel/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.1/charts/ztunnel/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.1/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.26.1/charts/ztunnel/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.1/charts/ztunnel/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.1/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.26.1/charts/ztunnel/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.1/charts/ztunnel/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.1/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.26.1/charts/ztunnel/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.1/charts/ztunnel/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.1/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.26.1/charts/ztunnel/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.1/charts/ztunnel/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.1/charts/ztunnel/files/profile-preview.yaml b/resources/v1.26.1/charts/ztunnel/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.1/charts/ztunnel/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.1/charts/ztunnel/files/profile-remote.yaml b/resources/v1.26.1/charts/ztunnel/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.1/charts/ztunnel/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.1/charts/ztunnel/files/profile-stable.yaml b/resources/v1.26.1/charts/ztunnel/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.1/charts/ztunnel/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.1/charts/ztunnel/templates/NOTES.txt b/resources/v1.26.1/charts/ztunnel/templates/NOTES.txt deleted file mode 100644 index 244f59db0..000000000 --- a/resources/v1.26.1/charts/ztunnel/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -ztunnel successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.1/charts/ztunnel/templates/_helpers.tpl b/resources/v1.26.1/charts/ztunnel/templates/_helpers.tpl deleted file mode 100644 index 46a7a0b79..000000000 --- a/resources/v1.26.1/charts/ztunnel/templates/_helpers.tpl +++ /dev/null @@ -1 +0,0 @@ -{{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }} diff --git a/resources/v1.26.1/charts/ztunnel/templates/daemonset.yaml b/resources/v1.26.1/charts/ztunnel/templates/daemonset.yaml deleted file mode 100644 index 720970c97..000000000 --- a/resources/v1.26.1/charts/ztunnel/templates/daemonset.yaml +++ /dev/null @@ -1,205 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -spec: - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - app: ztunnel - template: - metadata: - labels: - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app: ztunnel - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 8}} -{{ with .Values.podLabels -}}{{ toYaml . | indent 8 }}{{ end }} - annotations: - sidecar.istio.io/inject: "false" -{{- if .Values.revision }} - istio.io/rev: {{ .Values.revision }} -{{- end }} -{{ with .Values.podAnnotations -}}{{ toYaml . | indent 8 }}{{ end }} - spec: - nodeSelector: - kubernetes.io/os: linux -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | trim | indent 8 }} -{{- end }} - serviceAccountName: {{ include "ztunnel.release-name" . }} - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - containers: - - name: istio-proxy -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub }}/{{ .Values.image | default "ztunnel" }}:{{ .Values.tag }}{{with (.Values.variant )}}-{{.}}{{end}}" -{{- end }} - ports: - - containerPort: 15020 - name: ztunnel-stats - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 10 }} -{{- end }} -{{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} -{{- end }} - securityContext: - # K8S docs are clear that CAP_SYS_ADMIN *or* privileged: true - # both force this to `true`: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - # But there is a K8S validation bug that doesn't propery catch this: https://github.com/kubernetes/kubernetes/issues/119568 - allowPrivilegeEscalation: true - privileged: false - capabilities: - drop: - - ALL - add: # See https://man7.org/linux/man-pages/man7/capabilities.7.html - - NET_ADMIN # Required for TPROXY and setsockopt - - SYS_ADMIN # Required for `setns` - doing things in other netns - - NET_RAW # Required for RAW/PACKET sockets, TPROXY - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: false - runAsUser: 0 -{{- if .Values.seLinuxOptions }} - seLinuxOptions: -{{ toYaml .Values.seLinuxOptions | trim | indent 12 }} -{{- end }} - readinessProbe: - httpGet: - port: 15021 - path: /healthz/ready - args: - - proxy - - ztunnel - env: - - name: CA_ADDRESS - {{- if .Values.caAddress }} - value: {{ .Values.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - - name: XDS_ADDRESS - {{- if .Values.xdsAddress }} - value: {{ .Values.xdsAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - {{- if .Values.logAsJson }} - - name: LOG_FORMAT - value: json - {{- end}} - - name: RUST_LOG - value: {{ .Values.logLevel | quote }} - - name: RUST_BACKTRACE - value: "1" - - name: ISTIO_META_CLUSTER_ID - value: {{ .Values.multiCluster.clusterName | default "Kubernetes" }} - - name: INPOD_ENABLED - value: "true" - - name: TERMINATION_GRACE_PERIOD_SECONDS - value: "{{ .Values.terminationGracePeriodSeconds }}" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.meshConfig.defaultConfig.proxyMetadata }} - {{- range $key, $value := .Values.meshConfig.defaultConfig.proxyMetadata}} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- with .Values.env }} - {{- range $key, $val := . }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - volumeMounts: - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - - mountPath: /tmp - name: tmp - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 8 }} - {{- end }} - priorityClassName: system-node-critical - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - volumes: - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: istio-ca - - name: istiod-ca-cert - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate # ideally this would be a socket, but istio-cni may not have started yet. - # pprof needs a writable /tmp, and we don't have that thanks to `readOnlyRootFilesystem: true`, so mount one - - name: tmp - emptyDir: {} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} diff --git a/resources/v1.26.1/charts/ztunnel/templates/rbac.yaml b/resources/v1.26.1/charts/ztunnel/templates/rbac.yaml deleted file mode 100644 index 0a8138c9a..000000000 --- a/resources/v1.26.1/charts/ztunnel/templates/rbac.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount - {{- with .Values.imagePullSecrets }} -imagePullSecrets: - {{- range . }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} ---- -{{- if (eq (.Values.platform | default "") "openshift") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ztunnel.release-name" . }} -subjects: -- kind: ServiceAccount - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} -{{- end }} ---- diff --git a/resources/v1.26.1/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.26.1/charts/ztunnel/templates/resourcequota.yaml deleted file mode 100644 index a1c0e5496..000000000 --- a/resources/v1.26.1/charts/ztunnel/templates/resourcequota.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.1/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.26.1/charts/ztunnel/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.1/charts/ztunnel/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.1/charts/ztunnel/values.yaml b/resources/v1.26.1/charts/ztunnel/values.yaml deleted file mode 100644 index 1b4bc2649..000000000 --- a/resources/v1.26.1/charts/ztunnel/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Hub to pull from. Image will be `Hub/Image:Tag-Variant` - hub: gcr.io/istio-release - # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.26.1 - # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. - variant: "" - - # Image name to pull from. Image will be `Hub/Image:Tag-Variant` - # If Image contains a "/", it will replace the entire `image` in the pod. - image: ztunnel - - # resourceName, if set, will override the naming of resources. If not set, will default to 'ztunnel'. - # If you set this, you MUST also set `trustedZtunnelName` in the `istiod` chart. - resourceName: "" - - # Labels to apply to all top level resources - labels: {} - # Annotations to apply to all top level resources - annotations: {} - - # Additional volumeMounts to the ztunnel container - volumeMounts: [] - - # Additional volumes to the ztunnel pod - volumes: [] - - # Annotations added to each pod. The default annotations are required for scraping prometheus (in most environments). - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - - # Additional labels to apply on the pod level - podLabels: {} - - # Pod resource configuration - resources: - requests: - cpu: 200m - # Ztunnel memory scales with the size of the cluster and traffic load - # While there are many factors, this is enough for ~200k pod cluster or 100k concurrently open connections. - memory: 512Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # List of secret names to add to the service account as image pull secrets - imagePullSecrets: [] - - # A `key: value` mapping of environment variables to add to the pod - env: {} - - # Override for the pod imagePullPolicy - imagePullPolicy: "" - - # Settings for multicluster - multiCluster: - # The name of the cluster we are installing in. Note this is a user-defined name, which must be consistent - # with Istiod configuration. - clusterName: "" - - # meshConfig defines runtime configuration of components. - # For ztunnel, only defaultConfig is used, but this is nested under `meshConfig` for consistency with other - # components. - # TODO: https://github.com/istio/istio/issues/43248 - meshConfig: - defaultConfig: - proxyMetadata: {} - - # This value defines: - # 1. how many seconds kube waits for ztunnel pod to gracefully exit before forcibly terminating it (this value) - # 2. how many seconds ztunnel waits to drain its own connections (this value - 1 sec) - # Default K8S value is 30 seconds - terminationGracePeriodSeconds: 30 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set explicitly. - revision: "" - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - caAddress: "" - - # The customized XDS address to retrieve configuration. - # This should include the port - 15012 for Istiod. TLS will be used with the certificates in "istiod-ca-cert" secret. - # By default, it is istiod.istio-system.svc:15012 if revision is not set, or istiod-..svc:15012 - xdsAddress: "" - - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set. - istioNamespace: istio-system - - # Configuration log level of ztunnel binary, default is info. - # Valid values are: trace, debug, info, warn, error - logLevel: info - - # To output all logs in json format - logAsJson: false - - # Set to `type: RuntimeDefault` to use the default profile if available. - seLinuxOptions: {} - # TODO Ambient inpod - for OpenShift, set to the following to get writable sockets in hostmounts to work, eventually consider CSI driver instead - #seLinuxOptions: - # type: spc_t - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 diff --git a/resources/v1.26.1/cni-1.26.1.tgz.etag b/resources/v1.26.1/cni-1.26.1.tgz.etag deleted file mode 100644 index 58fb81d69..000000000 --- a/resources/v1.26.1/cni-1.26.1.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -b368282dc9937bbb53abfe4fd6773d31 diff --git a/resources/v1.26.1/commit b/resources/v1.26.1/commit deleted file mode 100644 index dd43a143f..000000000 --- a/resources/v1.26.1/commit +++ /dev/null @@ -1 +0,0 @@ -1.26.1 diff --git a/resources/v1.26.1/gateway-1.26.1.tgz.etag b/resources/v1.26.1/gateway-1.26.1.tgz.etag deleted file mode 100644 index a5d01e4be..000000000 --- a/resources/v1.26.1/gateway-1.26.1.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -ca64d856f14a167134131f4b77c9e721 diff --git a/resources/v1.26.1/istiod-1.26.1.tgz.etag b/resources/v1.26.1/istiod-1.26.1.tgz.etag deleted file mode 100644 index 6e1e63ef2..000000000 --- a/resources/v1.26.1/istiod-1.26.1.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -009e19296fd4240900197ced8120a8d9 diff --git a/resources/v1.26.1/profiles/ambient.yaml b/resources/v1.26.1/profiles/ambient.yaml deleted file mode 100644 index 71ea784a8..000000000 --- a/resources/v1.26.1/profiles/ambient.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient diff --git a/resources/v1.26.1/profiles/default.yaml b/resources/v1.26.1/profiles/default.yaml deleted file mode 100644 index 8f1ef1967..000000000 --- a/resources/v1.26.1/profiles/default.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - # Most default values come from the helm chart's values.yaml - # Below are the things that differ - values: - defaultRevision: "" - global: - istioNamespace: istio-system - configValidation: true - ztunnel: - resourceName: ztunnel diff --git a/resources/v1.26.1/profiles/demo.yaml b/resources/v1.26.1/profiles/demo.yaml deleted file mode 100644 index 53c4b4163..000000000 --- a/resources/v1.26.1/profiles/demo.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: demo diff --git a/resources/v1.26.1/profiles/empty.yaml b/resources/v1.26.1/profiles/empty.yaml deleted file mode 100644 index 4477cb1fe..000000000 --- a/resources/v1.26.1/profiles/empty.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# The empty profile has everything disabled -# This is useful as a base for custom user configuration -apiVersion: sailoperator.io/v1 -kind: Istio -spec: {} diff --git a/resources/v1.26.1/profiles/openshift-ambient.yaml b/resources/v1.26.1/profiles/openshift-ambient.yaml deleted file mode 100644 index 76edf00cd..000000000 --- a/resources/v1.26.1/profiles/openshift-ambient.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient - global: - platform: openshift diff --git a/resources/v1.26.1/profiles/openshift.yaml b/resources/v1.26.1/profiles/openshift.yaml deleted file mode 100644 index 41492660f..000000000 --- a/resources/v1.26.1/profiles/openshift.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - global: - platform: openshift diff --git a/resources/v1.26.1/profiles/preview.yaml b/resources/v1.26.1/profiles/preview.yaml deleted file mode 100644 index 59d545c84..000000000 --- a/resources/v1.26.1/profiles/preview.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: preview diff --git a/resources/v1.26.1/profiles/remote.yaml b/resources/v1.26.1/profiles/remote.yaml deleted file mode 100644 index 54c65c8ba..000000000 --- a/resources/v1.26.1/profiles/remote.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The remote profile is used to configure a mesh cluster without a locally deployed control plane. -# Only the injector mutating webhook configuration is installed. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: remote diff --git a/resources/v1.26.1/profiles/stable.yaml b/resources/v1.26.1/profiles/stable.yaml deleted file mode 100644 index 285feba24..000000000 --- a/resources/v1.26.1/profiles/stable.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: stable diff --git a/resources/v1.26.1/ztunnel-1.26.1.tgz.etag b/resources/v1.26.1/ztunnel-1.26.1.tgz.etag deleted file mode 100644 index 350ee60c0..000000000 --- a/resources/v1.26.1/ztunnel-1.26.1.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -aa522bf4a1e9c534278742aaeedcf471 diff --git a/resources/v1.26.2/base-1.26.2.tgz.etag b/resources/v1.26.2/base-1.26.2.tgz.etag deleted file mode 100644 index ad8d3463a..000000000 --- a/resources/v1.26.2/base-1.26.2.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -55c53e3010a844165bc1b0d2648338a7 diff --git a/resources/v1.26.2/charts/base/Chart.yaml b/resources/v1.26.2/charts/base/Chart.yaml deleted file mode 100644 index acc961e93..000000000 --- a/resources/v1.26.2/charts/base/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.2 -description: Helm chart for deploying Istio cluster resources and CRDs -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -name: base -sources: -- https://github.com/istio/istio -version: 1.26.2 diff --git a/resources/v1.26.2/charts/base/README.md b/resources/v1.26.2/charts/base/README.md deleted file mode 100644 index ae8f6d5b0..000000000 --- a/resources/v1.26.2/charts/base/README.md +++ /dev/null @@ -1,35 +0,0 @@ -# Istio base Helm Chart - -This chart installs resources shared by all Istio revisions. This includes Istio CRDs. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-base`: - -```console -kubectl create namespace istio-system -helm install istio-base istio/base -n istio-system -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.2/charts/base/files/profile-ambient.yaml b/resources/v1.26.2/charts/base/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.2/charts/base/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.2/charts/base/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.2/charts/base/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.2/charts/base/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/base/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.2/charts/base/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.2/charts/base/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.2/charts/base/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.2/charts/base/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/base/files/profile-demo.yaml b/resources/v1.26.2/charts/base/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.2/charts/base/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.2/charts/base/files/profile-platform-gke.yaml b/resources/v1.26.2/charts/base/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.2/charts/base/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.2/charts/base/files/profile-platform-k3d.yaml b/resources/v1.26.2/charts/base/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.2/charts/base/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.2/charts/base/files/profile-platform-k3s.yaml b/resources/v1.26.2/charts/base/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.2/charts/base/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.2/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.26.2/charts/base/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.2/charts/base/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.2/charts/base/files/profile-platform-minikube.yaml b/resources/v1.26.2/charts/base/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.2/charts/base/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.2/charts/base/files/profile-platform-openshift.yaml b/resources/v1.26.2/charts/base/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.2/charts/base/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.2/charts/base/files/profile-preview.yaml b/resources/v1.26.2/charts/base/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.2/charts/base/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.2/charts/base/files/profile-remote.yaml b/resources/v1.26.2/charts/base/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.2/charts/base/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.2/charts/base/files/profile-stable.yaml b/resources/v1.26.2/charts/base/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.2/charts/base/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.2/charts/base/templates/NOTES.txt b/resources/v1.26.2/charts/base/templates/NOTES.txt deleted file mode 100644 index f12616f57..000000000 --- a/resources/v1.26.2/charts/base/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -Istio base successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.2/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.26.2/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml deleted file mode 100644 index 2616b09c9..000000000 --- a/resources/v1.26.2/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if and .Values.experimental.stableValidationPolicy (not (eq .Values.defaultRevision "")) }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-default-policy.istio.io" - labels: - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision }} - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-default-policy-binding.istio.io" -spec: - policyName: "stable-channel-default-policy.istio.io" - validationActions: [Deny] -{{- end }} diff --git a/resources/v1.26.2/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.26.2/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml deleted file mode 100644 index 8cb76fd77..000000000 --- a/resources/v1.26.2/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if not (eq .Values.defaultRevision "") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istiod-default-validator - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - - name: validation.istio.io - clientConfig: - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - {{- if (eq .Values.defaultRevision "default") }} - name: istiod - {{- else }} - name: istiod-{{ .Values.defaultRevision }} - {{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] -{{- end }} diff --git a/resources/v1.26.2/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.26.2/charts/base/templates/reader-serviceaccount.yaml deleted file mode 100644 index ba829a6bf..000000000 --- a/resources/v1.26.2/charts/base/templates/reader-serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# This singleton service account aggregates reader permissions for the revisions in a given cluster -# ATM this is a singleton per cluster with Istio installed, and is not revisioned. It maybe should be, -# as otherwise compromising the token for this SA would give you access to *every* installed revision. -# Should be used for remote secret creation. -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.2/charts/base/templates/zzz_profile.yaml b/resources/v1.26.2/charts/base/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.2/charts/base/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.2/charts/base/values.yaml b/resources/v1.26.2/charts/base/values.yaml deleted file mode 100644 index d18296f00..000000000 --- a/resources/v1.26.2/charts/base/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - global: - - # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - - # Used to locate istiod. - istioNamespace: istio-system - base: - # A list of CRDs to exclude. Requires `enableCRDTemplates` to be true. - # Example: `excludedCRDs: ["envoyfilters.networking.istio.io"]`. - # Note: when installing with `istioctl`, `enableIstioConfigCRDs=false` must also be set. - excludedCRDs: [] - # Helm (as of V3) does not support upgrading CRDs, because it is not universally - # safe for them to support this. - # Istio as a project enforces certain backwards-compat guarantees that allow us - # to safely upgrade CRDs in spite of this, so we default to self-managing CRDs - # as standard K8S resources in Helm, and disable Helm's CRD management. See also: - # https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts - enableCRDTemplates: true - - # Validation webhook configuration url - # For example: https://$remotePilotAddress:15017/validate - validationURL: "" - # Validation webhook caBundle value. Useful when running pilot with a well known cert - validationCABundle: "" - - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - defaultRevision: "default" - experimental: - stableValidationPolicy: false diff --git a/resources/v1.26.2/charts/cni/Chart.yaml b/resources/v1.26.2/charts/cni/Chart.yaml deleted file mode 100644 index 72c52fc49..000000000 --- a/resources/v1.26.2/charts/cni/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.2 -description: Helm chart for istio-cni components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-cni -- istio -name: cni -sources: -- https://github.com/istio/istio -version: 1.26.2 diff --git a/resources/v1.26.2/charts/cni/README.md b/resources/v1.26.2/charts/cni/README.md deleted file mode 100644 index a8b78d5bd..000000000 --- a/resources/v1.26.2/charts/cni/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# Istio CNI Helm Chart - -This chart installs the Istio CNI Plugin. See the [CNI installation guide](https://istio.io/latest/docs/setup/additional-setup/cni/) -for more information. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-cni`: - -```console -helm install istio-cni istio/cni -n kube-system -``` - -Installation in `kube-system` is recommended to ensure the [`system-node-critical`](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) -`priorityClassName` can be used. You can install in other namespace only on K8S clusters that allow -'system-node-critical' outside of kube-system. - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istio-cni -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Ambient - -To enable ambient, you can use the ambient profile: `--set profile=ambient`. - -#### Calico - -For Calico, you must also modify the settings to allow source spoofing: - -- if deployed by operator, `kubectl patch felixconfigurations default --type='json' -p='[{"op": "add", "path": "/spec/workloadSourceSpoofing", "value": "Any"}]'` -- if deployed by manifest, add env `FELIX_WORKLOADSOURCESPOOFING` with value `Any` in `spec.template.spec.containers.env` for daemonset `calico-node`. (This will allow PODs with specified annotation to skip the rpf check. ) - -### GKE notes - -On GKE, 'kube-system' is required. - -If using `helm template`, `--set cni.cniBinDir=/home/kubernetes/bin` is required - with `helm install` -it is auto-detected. diff --git a/resources/v1.26.2/charts/cni/files/profile-ambient.yaml b/resources/v1.26.2/charts/cni/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.2/charts/cni/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.2/charts/cni/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.2/charts/cni/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.2/charts/cni/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/cni/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.2/charts/cni/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.2/charts/cni/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.2/charts/cni/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.2/charts/cni/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/cni/files/profile-demo.yaml b/resources/v1.26.2/charts/cni/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.2/charts/cni/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.2/charts/cni/files/profile-platform-gke.yaml b/resources/v1.26.2/charts/cni/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.2/charts/cni/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.2/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.26.2/charts/cni/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.2/charts/cni/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.2/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.26.2/charts/cni/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.2/charts/cni/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.2/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.26.2/charts/cni/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.2/charts/cni/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.2/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.26.2/charts/cni/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.2/charts/cni/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.2/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.26.2/charts/cni/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.2/charts/cni/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.2/charts/cni/files/profile-preview.yaml b/resources/v1.26.2/charts/cni/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.2/charts/cni/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.2/charts/cni/files/profile-remote.yaml b/resources/v1.26.2/charts/cni/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.2/charts/cni/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.2/charts/cni/files/profile-stable.yaml b/resources/v1.26.2/charts/cni/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.2/charts/cni/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.2/charts/cni/templates/NOTES.txt b/resources/v1.26.2/charts/cni/templates/NOTES.txt deleted file mode 100644 index fb35525b9..000000000 --- a/resources/v1.26.2/charts/cni/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -"{{ .Release.Name }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.2/charts/cni/templates/_helpers.tpl b/resources/v1.26.2/charts/cni/templates/_helpers.tpl deleted file mode 100644 index 73cc17b2f..000000000 --- a/resources/v1.26.2/charts/cni/templates/_helpers.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{- define "name" -}} - istio-cni -{{- end }} - - -{{- define "istio-tag" -}} - {{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}} -{{- end }} diff --git a/resources/v1.26.2/charts/cni/templates/clusterrole.yaml b/resources/v1.26.2/charts/cni/templates/clusterrole.yaml deleted file mode 100644 index 1779e0bb1..000000000 --- a/resources/v1.26.2/charts/cni/templates/clusterrole.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -- apiGroups: [""] - resources: ["pods","nodes","namespaces"] - verbs: ["get", "list", "watch"] -{{- if (eq ((coalesce .Values.platform .Values.global.platform) | default "") "openshift") }} -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -{{- end }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-repair-role - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["watch", "get", "list"] -{{- if .Values.repair.repairPods }} -{{- /* No privileges needed*/}} -{{- else if .Values.repair.deletePods }} - - apiGroups: [""] - resources: ["pods"] - verbs: ["delete"] -{{- else if .Values.repair.labelPods }} - - apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -{{- end }} -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-ambient - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -- apiGroups: ["apps"] - resources: ["daemonsets"] - resourceNames: ["{{ template "name" . }}-node"] - verbs: ["get"] -{{- end }} diff --git a/resources/v1.26.2/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.26.2/charts/cni/templates/clusterrolebinding.yaml deleted file mode 100644 index 42fedab1f..000000000 --- a/resources/v1.26.2/charts/cni/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-repair-rolebinding - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-repair-role -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-ambient - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-ambient -{{- end }} diff --git a/resources/v1.26.2/charts/cni/templates/configmap-cni.yaml b/resources/v1.26.2/charts/cni/templates/configmap-cni.yaml deleted file mode 100644 index 3deb2cb5a..000000000 --- a/resources/v1.26.2/charts/cni/templates/configmap-cni.yaml +++ /dev/null @@ -1,35 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "name" . }}-config - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -data: - CURRENT_AGENT_VERSION: {{ .Values.tag | default .Values.global.tag | quote }} - AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} - AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | quote }} - AMBIENT_IPV6: {{ .Values.ambient.ipv6 | quote }} - AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | quote }} - {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values - CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. - {{- end }} - CHAINED_CNI_PLUGIN: {{ .Values.chained | quote }} - EXCLUDE_NAMESPACES: "{{ range $idx, $ns := .Values.excludeNamespaces }}{{ if $idx }},{{ end }}{{ $ns }}{{ end }}" - REPAIR_ENABLED: {{ .Values.repair.enabled | quote }} - REPAIR_LABEL_PODS: {{ .Values.repair.labelPods | quote }} - REPAIR_DELETE_PODS: {{ .Values.repair.deletePods | quote }} - REPAIR_REPAIR_PODS: {{ .Values.repair.repairPods | quote }} - REPAIR_INIT_CONTAINER_NAME: {{ .Values.repair.initContainerName | quote }} - REPAIR_BROKEN_POD_LABEL_KEY: {{ .Values.repair.brokenPodLabelKey | quote }} - REPAIR_BROKEN_POD_LABEL_VALUE: {{ .Values.repair.brokenPodLabelValue | quote }} - {{- with .Values.env }} - {{- range $key, $val := . }} - {{ $key }}: "{{ $val }}" - {{- end }} - {{- end }} diff --git a/resources/v1.26.2/charts/cni/templates/daemonset.yaml b/resources/v1.26.2/charts/cni/templates/daemonset.yaml deleted file mode 100644 index cdccd3654..000000000 --- a/resources/v1.26.2/charts/cni/templates/daemonset.yaml +++ /dev/null @@ -1,245 +0,0 @@ -# This manifest installs the Istio install-cni container, as well -# as the Istio CNI plugin and config on -# each master and worker node in a Kubernetes cluster. -# -# $detectedBinDir exists to support a GKE-specific platform override, -# and is deprecated in favor of using the explicit `gke` platform profile. -{{- $detectedBinDir := (.Capabilities.KubeVersion.GitVersion | contains "-gke") | ternary - "/home/kubernetes/bin" - "/opt/cni/bin" -}} -{{- if .Values.cniBinDir }} -{{ $detectedBinDir = .Values.cniBinDir }} -{{- end }} -kind: DaemonSet -apiVersion: apps/v1 -metadata: - # Note that this is templated but evaluates to a fixed name - # which the CNI plugin may fall back onto in some failsafe scenarios. - # if this name is changed, CNI plugin logic that checks for this name - # format should also be updated. - name: {{ template "name" . }}-node - namespace: {{ .Release.Namespace }} - labels: - k8s-app: {{ template "name" . }}-node - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - k8s-app: {{ template "name" . }}-node - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - k8s-app: {{ template "name" . }}-node - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 8 }} - annotations: - sidecar.istio.io/inject: "false" - # Add Prometheus Scrape annotations - prometheus.io/scrape: 'true' - prometheus.io/port: "15014" - prometheus.io/path: '/metrics' - # Add AppArmor annotation - # This is required to avoid conflicts with AppArmor profiles which block certain - # privileged pod capabilities. - # Required for Kubernetes 1.29 which does not support setting appArmorProfile in the - # securityContext which is otherwise preferred. - container.apparmor.security.beta.kubernetes.io/install-cni: unconfined - # Custom annotations - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet -{{- end }} - nodeSelector: - kubernetes.io/os: linux - # Can be configured to allow for excluding istio-cni from being scheduled on specified nodes - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - tolerations: - # Make sure istio-cni-node gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: {{ template "name" . }} - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 5 - containers: - # This container installs the Istio CNI binaries - # and CNI network config file on each node. - - name: install-cni -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "install-cni" }}:{{ template "istio-tag" . }}" -{{- end }} -{{- if or .Values.pullPolicy .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.imagePullPolicy }} -{{- end }} - ports: - - containerPort: 15014 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8000 - securityContext: - privileged: false - runAsGroup: 0 - runAsUser: 0 - runAsNonRoot: false - # Both ambient and sidecar repair mode require elevated node privileges to function. - # But we don't need _everything_ in `privileged`, so explicitly set it to false and - # add capabilities based on feature. - capabilities: - drop: - - ALL - add: - # CAP_NET_ADMIN is required to allow ipset and route table access - - NET_ADMIN - # CAP_NET_RAW is required to allow iptables mutation of the `nat` table - - NET_RAW - # CAP_SYS_PTRACE is required for repair and ambient mode to describe - # the pod's network namespace. - - SYS_PTRACE - # CAP_SYS_ADMIN is required for both ambient and repair, in order to open - # network namespaces in `/proc` to obtain descriptors for entering pod network - # namespaces. There does not appear to be a more granular capability for this. - - SYS_ADMIN - # While we run as a 'root' (UID/GID 0), since we drop all capabilities we lose - # the typical ability to read/write to folders owned by others. - # This can cause problems if the hostPath mounts we use, which we require write access into, - # are owned by non-root. DAC_OVERRIDE bypasses these and gives us write access into any folder. - - DAC_OVERRIDE -{{- if .Values.seLinuxOptions }} -{{ with (merge .Values.seLinuxOptions (dict "type" "spc_t")) }} - seLinuxOptions: -{{ toYaml . | trim | indent 14 }} -{{- end }} -{{- end }} -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - command: ["install-cni"] - args: - {{- if or .Values.logging.level .Values.global.logging.level }} - - --log_output_level={{ coalesce .Values.logging.level .Values.global.logging.level }} - {{- end}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end}} - envFrom: - - configMapRef: - name: {{ template "name" . }}-config - env: - - name: REPAIR_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: REPAIR_RUN_AS_DAEMON - value: "true" - - name: REPAIR_SIDECAR_ANNOTATION - value: "sidecar.istio.io/status" - {{- if not (and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace) }} - - name: ALLOW_SWITCH_TO_HOST_NS - value: "true" - {{- end }} - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - mountPath: /host/proc - name: cni-host-procfs - readOnly: true - {{- end }} - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - - mountPath: /var/run/istio-cni - name: cni-socket-dir - {{- if .Values.ambient.enabled }} - - mountPath: /host/var/run/netns - mountPropagation: HostToContainer - name: cni-netns-dir - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - {{ end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - volumes: - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: {{ $detectedBinDir }} - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - name: cni-host-procfs - hostPath: - path: /proc - type: Directory - {{- end }} - {{- if .Values.ambient.enabled }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate - {{- end }} - - name: cni-net-dir - hostPath: - path: {{ .Values.cniConfDir }} - # Used for UDS sockets for logging, ambient eventing - - name: cni-socket-dir - hostPath: - path: /var/run/istio-cni - - name: cni-netns-dir - hostPath: - path: {{ .Values.cniNetnsDir }} - type: DirectoryOrCreate # DirectoryOrCreate instead of Directory for the following reason - CNI may not bind mount this until a non-hostnetwork pod is scheduled on the node, - # and we don't want to block CNI agent pod creation on waiting for the first non-hostnetwork pod. - # Once the CNI does mount this, it will get populated and we're good. diff --git a/resources/v1.26.2/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.26.2/charts/cni/templates/network-attachment-definition.yaml deleted file mode 100644 index 86a2eb7c0..000000000 --- a/resources/v1.26.2/charts/cni/templates/network-attachment-definition.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if eq .Values.provider "multus" }} -apiVersion: k8s.cni.cncf.io/v1 -kind: NetworkAttachmentDefinition -metadata: - name: {{ template "name" . }} - namespace: default - labels: - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.2/charts/cni/templates/resourcequota.yaml b/resources/v1.26.2/charts/cni/templates/resourcequota.yaml deleted file mode 100644 index 9a6d61ff9..000000000 --- a/resources/v1.26.2/charts/cni/templates/resourcequota.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ template "name" . }}-resource-quota - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.2/charts/cni/templates/serviceaccount.yaml b/resources/v1.26.2/charts/cni/templates/serviceaccount.yaml deleted file mode 100644 index 3193d7b74..000000000 --- a/resources/v1.26.2/charts/cni/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.2/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.26.2/charts/cni/templates/zzy_descope_legacy.yaml deleted file mode 100644 index a9584ac29..000000000 --- a/resources/v1.26.2/charts/cni/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.cni` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "cni") }} \ No newline at end of file diff --git a/resources/v1.26.2/charts/cni/templates/zzz_profile.yaml b/resources/v1.26.2/charts/cni/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.2/charts/cni/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.2/charts/cni/values.yaml b/resources/v1.26.2/charts/cni/values.yaml deleted file mode 100644 index d2507fbd5..000000000 --- a/resources/v1.26.2/charts/cni/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - hub: "" - tag: "" - variant: "" - image: install-cni - pullPolicy: "" - - # Same as `global.logging.level`, but will override it if set - logging: - level: "" - - # Configuration file to insert istio-cni plugin configuration - # by default this will be the first file found in the cni-conf-dir - # Example - # cniConfFileName: 10-calico.conflist - - # CNI-and-platform specific path defaults. - # These may need to be set to platform-specific values, consult - # overrides for your platform in `manifests/helm-profiles/platform-*.yaml` - cniBinDir: /opt/cni/bin - cniConfDir: /etc/cni/net.d - cniConfFileName: "" - cniNetnsDir: "/var/run/netns" - - excludeNamespaces: - - kube-system - - # Allows user to set custom affinity for the DaemonSet - affinity: {} - - # Custom annotations on pod level, if you need them - podAnnotations: {} - - # Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")? - # Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case - chained: true - - # Custom configuration happens based on the CNI provider. - # Possible values: "default", "multus" - provider: "default" - - # Configure ambient settings - ambient: - # If enabled, ambient redirection will be enabled - enabled: false - # Set ambient config dir path: defaults to /etc/ambient-config - configDir: "" - # If enabled, and ambient is enabled, DNS redirection will be enabled - dnsCapture: true - # If enabled, and ambient is enabled, enables ipv6 support - ipv6: true - # If enabled, and ambient is enabled, the CNI agent will reconcile incompatible iptables rules and chains at startup. - # This will eventually be enabled by default - reconcileIptablesOnStartup: false - # If enabled, and ambient is enabled, the CNI agent will always share the network namespace of the host node it is running on - shareHostNetworkNamespace: false - - - repair: - enabled: true - hub: "" - tag: "" - - # Repair controller has 3 modes. Pick which one meets your use cases. Note only one may be used. - # This defines the action the controller will take when a pod is detected as broken. - - # labelPods will label all pods with =. - # This is only capable of identifying broken pods; the user is responsible for fixing them (generally, by deleting them). - # Note this gives the DaemonSet a relatively high privilege, as modifying pod metadata/status can have wider impacts. - labelPods: false - # deletePods will delete any broken pod. These will then be rescheduled, hopefully onto a node that is fully ready. - # Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod. - deletePods: false - # repairPods will dynamically repair any broken pod by setting up the pod networking configuration even after it has started. - # Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. - # This requires no RBAC privilege, but does require `securityContext.privileged/CAP_SYS_ADMIN`. - repairPods: true - - initContainerName: "istio-validation" - - brokenPodLabelKey: "cni.istio.io/uninitialized" - brokenPodLabelValue: "true" - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # SELinux options to set in the istio-cni-node pods. You may need to set this to `type: spc_t` for some platforms. - seLinuxOptions: {} - - resources: - requests: - cpu: 100m - memory: 100Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # For Helm compatibility. - ownerName: "" - - global: - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - - # Default tag for Istio images. - tag: 1.26.2 - - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # change cni scope level to control logging out of istio-cni-node DaemonSet - logging: - level: info - - logAsJson: false - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Default resources allocated - defaultResources: - requests: - cpu: 100m - memory: 100Mi - - # A `key: value` mapping of environment variables to add to the pod - env: {} diff --git a/resources/v1.26.2/charts/gateway/Chart.yaml b/resources/v1.26.2/charts/gateway/Chart.yaml deleted file mode 100644 index a9c5446a0..000000000 --- a/resources/v1.26.2/charts/gateway/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.2 -description: Helm chart for deploying Istio gateways -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- gateways -name: gateway -sources: -- https://github.com/istio/istio -type: application -version: 1.26.2 diff --git a/resources/v1.26.2/charts/gateway/README.md b/resources/v1.26.2/charts/gateway/README.md deleted file mode 100644 index 5c064d165..000000000 --- a/resources/v1.26.2/charts/gateway/README.md +++ /dev/null @@ -1,170 +0,0 @@ -# Istio Gateway Helm Chart - -This chart installs an Istio gateway deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-ingressgateway`: - -```console -helm install istio-ingressgateway istio/gateway -``` - -## Uninstalling the Chart - -To uninstall/delete the `istio-ingressgateway` deployment: - -```console -helm delete istio-ingressgateway -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/gateway -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### OpenShift - -When deploying the gateway in an OpenShift cluster, use the `openshift` profile to override the default values, for example: - -```console -helm install istio-ingressgateway istio/gateway --set profile=openshift -``` - -### `image: auto` Information - -The image used by the chart, `auto`, may be unintuitive. -This exists because the pod spec will be automatically populated at runtime, using the same mechanism as [Sidecar Injection](istio.io/latest/docs/setup/additional-setup/sidecar-injection). -This allows the same configurations and lifecycle to apply to gateways as sidecars. - -Note: this does mean that the namespace the gateway is deployed in must not have the `istio-injection=disabled` label. -See [Controlling the injection policy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) for more info. - -### Examples - -#### Egress Gateway - -Deploying a Gateway to be used as an [Egress Gateway](https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/): - -```yaml -service: - # Egress gateways do not need an external LoadBalancer IP - type: ClusterIP -``` - -#### Multi-network/VM Gateway - -Deploying a Gateway to be used as a [Multi-network Gateway](https://istio.io/latest/docs/setup/install/multicluster/) for network `network-1`: - -```yaml -networkGateway: network-1 -``` - -### Migrating from other installation methods - -Installations from other installation methods (such as istioctl, Istio Operator, other helm charts, etc) can be migrated to use the new Helm charts -following the guidance below. -If you are able to, a clean installation is simpler. However, this often requires an external IP migration which can be challenging. - -WARNING: when installing over an existing deployment, the two deployments will be merged together by Helm, which may lead to unexpected results. - -#### Legacy Gateway Helm charts - -Istio historically offered two different charts - `manifests/charts/gateways/istio-ingress` and `manifests/charts/gateways/istio-egress`. -These are replaced by this chart. -While not required, it is recommended all new users use this chart, and existing users migrate when possible. - -This chart has the following benefits and differences: -* Designed with Helm best practices in mind (standardized values options, values schema, values are not all nested under `gateways.istio-ingressgateway.*`, release name and namespace taken into account, etc). -* Utilizes Gateway injection, simplifying upgrades, allowing gateways to run in any namespace, and avoiding repeating config for sidecars and gateways. -* Published to official Istio Helm repository. -* Single chart for all gateways (Ingress, Egress, East West). - -#### General concerns - -For a smooth migration, the resource names and `Deployment.spec.selector` labels must match. - -If you install with `helm install istio-gateway istio/gateway`, resources will be named `istio-gateway` and the `selector` labels set to: - -```yaml -app: istio-gateway -istio: gateway # the release name with leading istio- prefix stripped -``` - -If your existing installation doesn't follow these names, you can override them. For example, if you have resources named `my-custom-gateway` with `selector` labels -`foo=bar,istio=ingressgateway`: - -```yaml -name: my-custom-gateway # Override the name to match existing resources -labels: - app: "" # Unset default app selector label - istio: ingressgateway # override default istio selector label - foo: bar # Add the existing custom selector label -``` - -#### Migrating an existing Helm release - -An existing helm release can be `helm upgrade`d to this chart by using the same release name. For example, if a previous -installation was done like: - -```console -helm install istio-ingress manifests/charts/gateways/istio-ingress -n istio-system -``` - -It could be upgraded with - -```console -helm upgrade istio-ingress manifests/charts/gateway -n istio-system --set name=istio-ingressgateway --set labels.app=istio-ingressgateway --set labels.istio=ingressgateway -``` - -Note the name and labels are overridden to match the names of the existing installation. - -Warning: the helm charts here default to using port 80 and 443, while the old charts used 8080 and 8443. -If you have AuthorizationPolicies that reference port these ports, you should update them during this process, -or customize the ports to match the old defaults. -See the [security advisory](https://istio.io/latest/news/security/istio-security-2021-002/) for more information. - -#### Other migrations - -If you see errors like `rendered manifests contain a resource that already exists` during installation, you may need to forcibly take ownership. - -The script below can handle this for you. Replace `RELEASE` and `NAMESPACE` with the name and namespace of the release: - -```console -KINDS=(service deployment) -RELEASE=istio-ingressgateway -NAMESPACE=istio-system -for KIND in "${KINDS[@]}"; do - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-name=$RELEASE - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-namespace=$NAMESPACE - kubectl --namespace $NAMESPACE --overwrite=true label $KIND $RELEASE app.kubernetes.io/managed-by=Helm -done -``` - -You may ignore errors about resources not being found. diff --git a/resources/v1.26.2/charts/gateway/files/profile-ambient.yaml b/resources/v1.26.2/charts/gateway/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.2/charts/gateway/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.2/charts/gateway/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.2/charts/gateway/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.2/charts/gateway/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/gateway/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.2/charts/gateway/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.2/charts/gateway/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.2/charts/gateway/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.2/charts/gateway/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/gateway/files/profile-demo.yaml b/resources/v1.26.2/charts/gateway/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.2/charts/gateway/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.2/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.26.2/charts/gateway/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.2/charts/gateway/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.2/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.26.2/charts/gateway/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.2/charts/gateway/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.2/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.26.2/charts/gateway/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.2/charts/gateway/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.2/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.26.2/charts/gateway/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.2/charts/gateway/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.2/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.26.2/charts/gateway/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.2/charts/gateway/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.2/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.26.2/charts/gateway/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.2/charts/gateway/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.2/charts/gateway/files/profile-preview.yaml b/resources/v1.26.2/charts/gateway/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.2/charts/gateway/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.2/charts/gateway/files/profile-remote.yaml b/resources/v1.26.2/charts/gateway/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.2/charts/gateway/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.2/charts/gateway/files/profile-stable.yaml b/resources/v1.26.2/charts/gateway/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.2/charts/gateway/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.2/charts/gateway/templates/NOTES.txt b/resources/v1.26.2/charts/gateway/templates/NOTES.txt deleted file mode 100644 index fd0142911..000000000 --- a/resources/v1.26.2/charts/gateway/templates/NOTES.txt +++ /dev/null @@ -1,9 +0,0 @@ -"{{ include "gateway.name" . }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: - * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ - * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ diff --git a/resources/v1.26.2/charts/gateway/templates/_helpers.tpl b/resources/v1.26.2/charts/gateway/templates/_helpers.tpl deleted file mode 100644 index e5a0a9b3c..000000000 --- a/resources/v1.26.2/charts/gateway/templates/_helpers.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{- define "gateway.name" -}} -{{- if eq .Release.Name "RELEASE-NAME" -}} - {{- .Values.name | default "istio-ingressgateway" -}} -{{- else -}} - {{- .Values.name | default .Release.Name | default "istio-ingressgateway" -}} -{{- end -}} -{{- end }} - -{{- define "gateway.labels" -}} -{{ include "gateway.selectorLabels" . }} -{{- range $key, $val := .Values.labels }} -{{- if and (ne $key "app") (ne $key "istio") }} -{{ $key | quote }}: {{ $val | quote }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "gateway.selectorLabels" -}} -app: {{ (.Values.labels.app | quote) | default (include "gateway.name" .) }} -istio: {{ (.Values.labels.istio | quote) | default (include "gateway.name" . | trimPrefix "istio-") }} -{{- end }} - -{{/* -Keep sidecar injection labels together -https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy -*/}} -{{- define "gateway.sidecarInjectionLabels" -}} -sidecar.istio.io/inject: "true" -{{- with .Values.revision }} -istio.io/rev: {{ . | quote }} -{{- end }} -{{- end }} - -{{- define "gateway.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- .Values.serviceAccount.name | default (include "gateway.name" .) }} -{{- else }} -{{- .Values.serviceAccount.name | default "default" }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.2/charts/gateway/templates/deployment.yaml b/resources/v1.26.2/charts/gateway/templates/deployment.yaml deleted file mode 100644 index d83ff3b49..000000000 --- a/resources/v1.26.2/charts/gateway/templates/deployment.yaml +++ /dev/null @@ -1,131 +0,0 @@ -apiVersion: apps/v1 -kind: {{ .Values.kind | default "Deployment" }} -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - {{- if and (hasKey .Values "replicaCount") (ne .Values.replicaCount nil) }} - replicas: {{ .Values.replicaCount }} - {{- end }} - {{- end }} - {{- with .Values.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.minReadySeconds }} - minReadySeconds: {{ . }} - {{- end }} - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "gateway.sidecarInjectionLabels" . | nindent 8 }} - {{- include "gateway.selectorLabels" . | nindent 8 }} - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 8}} - {{- range $key, $val := .Values.labels }} - {{- if and (ne $key "app") (ne $key "istio") }} - {{ $key | quote }}: {{ $val | quote }} - {{- end }} - {{- end }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "gateway.serviceAccountName" . }} - securityContext: - {{- if .Values.securityContext }} - {{- toYaml .Values.securityContext | nindent 8 }} - {{- else }} - # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326 - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - {{- with .Values.volumes }} - volumes: - {{ toYaml . | nindent 8 }} - {{- end }} - containers: - - name: istio-proxy - # "auto" will be populated at runtime by the mutating webhook. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#customizing-injection - image: auto - {{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} - {{- end }} - securityContext: - {{- if .Values.containerSecurityContext }} - {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- else }} - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - {{- if not (eq (.Values.platform | default "") "openshift") }} - runAsUser: 1337 - runAsGroup: 1337 - {{- end }} - runAsNonRoot: true - {{- end }} - env: - {{- with .Values.networkGateway }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: "{{.}}" - {{- end }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} - {{- with .Values.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} diff --git a/resources/v1.26.2/charts/gateway/templates/hpa.yaml b/resources/v1.26.2/charts/gateway/templates/hpa.yaml deleted file mode 100644 index 64ecb6a4c..000000000 --- a/resources/v1.26.2/charts/gateway/templates/hpa.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if and (.Values.autoscaling.enabled) (eq .Values.kind "Deployment") }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: {{ .Values.kind | default "Deployment" }} - name: {{ include "gateway.name" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaling.autoscaleBehavior | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.2/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.26.2/charts/gateway/templates/poddisruptionbudget.yaml deleted file mode 100644 index b0155cdf0..000000000 --- a/resources/v1.26.2/charts/gateway/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} -spec: - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - {{- with .Values.podDisruptionBudget }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.2/charts/gateway/templates/role.yaml b/resources/v1.26.2/charts/gateway/templates/role.yaml deleted file mode 100644 index 3d1607963..000000000 --- a/resources/v1.26.2/charts/gateway/templates/role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/*Set up roles for Istio Gateway. Not required for gateway-api*/}} -{{- if .Values.rbac.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "gateway.serviceAccountName" . }} -subjects: -- kind: ServiceAccount - name: {{ include "gateway.serviceAccountName" . }} -{{- end }} diff --git a/resources/v1.26.2/charts/gateway/templates/service.yaml b/resources/v1.26.2/charts/gateway/templates/service.yaml deleted file mode 100644 index 3e28418f7..000000000 --- a/resources/v1.26.2/charts/gateway/templates/service.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if not (eq .Values.service.type "None") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - annotations: - {{- merge (deepCopy .Values.service.annotations) .Values.annotations | toYaml | nindent 4 }} -spec: -{{- with .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ . }}" -{{- end }} -{{- if eq .Values.service.type "LoadBalancer" }} - {{- if hasKey .Values.service "allocateLoadBalancerNodePorts" }} - allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }} - {{- end }} - {{- if hasKey .Values.service "loadBalancerClass" }} - loadBalancerClass: {{ .Values.service.loadBalancerClass }} - {{- end }} -{{- end }} -{{- if .Values.service.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} -{{- end }} -{{- if .Values.service.ipFamilies }} - ipFamilies: -{{- range .Values.service.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} -{{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: "{{ . }}" -{{- end }} - type: {{ .Values.service.type }} - ports: -{{- if .Values.networkGateway }} - - name: status-port - port: 15021 - targetPort: 15021 - - name: tls - port: 15443 - targetPort: 15443 - - name: tls-istiod - port: 15012 - targetPort: 15012 - - name: tls-webhook - port: 15017 - targetPort: 15017 -{{- else }} -{{ .Values.service.ports | toYaml | indent 4 }} -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: {{- range .Values.service.externalIPs }} - - {{.}} - {{- end }} -{{- end }} - selector: - {{- include "gateway.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.2/charts/gateway/templates/serviceaccount.yaml b/resources/v1.26.2/charts/gateway/templates/serviceaccount.yaml deleted file mode 100644 index c88afeadd..000000000 --- a/resources/v1.26.2/charts/gateway/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.2/charts/gateway/templates/zzz_profile.yaml b/resources/v1.26.2/charts/gateway/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.2/charts/gateway/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.2/charts/gateway/values.schema.json b/resources/v1.26.2/charts/gateway/values.schema.json deleted file mode 100644 index 3fdaa2730..000000000 --- a/resources/v1.26.2/charts/gateway/values.schema.json +++ /dev/null @@ -1,330 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "$defs": { - "values": { - "type": "object", - "properties": { - "global": { - "type": "object" - }, - "affinity": { - "type": "object" - }, - "securityContext": { - "type": [ - "object", - "null" - ] - }, - "containerSecurityContext": { - "type": [ - "object", - "null" - ] - }, - "kind": { - "type": "string", - "enum": [ - "Deployment", - "DaemonSet" - ] - }, - "annotations": { - "additionalProperties": { - "type": [ - "string", - "integer" - ] - }, - "type": "object" - }, - "autoscaling": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxReplicas": { - "type": "integer" - }, - "minReplicas": { - "type": "integer" - }, - "targetCPUUtilizationPercentage": { - "type": "integer" - } - } - }, - "env": { - "type": "object" - }, - "strategy": { - "type": "object" - }, - "minReadySeconds": { - "type": [ - "null", - "integer" - ] - }, - "readinessProbe": { - "type": [ - "null", - "object" - ] - }, - "labels": { - "type": "object" - }, - "name": { - "type": "string" - }, - "nodeSelector": { - "type": "object" - }, - "podAnnotations": { - "type": "object", - "properties": { - "inject.istio.io/templates": { - "type": "string" - }, - "prometheus.io/path": { - "type": "string" - }, - "prometheus.io/port": { - "type": "string" - }, - "prometheus.io/scrape": { - "type": "string" - } - } - }, - "replicaCount": { - "type": [ - "integer", - "null" - ] - }, - "resources": { - "type": "object", - "properties": { - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - }, - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - } - } - }, - "revision": { - "type": "string" - }, - "compatibilityVersion": { - "type": "string" - }, - "runAsRoot": { - "type": "boolean" - }, - "unprivilegedPort": { - "type": [ - "string", - "boolean" - ], - "enum": [ - true, - false, - "auto" - ] - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "loadBalancerIP": { - "type": "string" - }, - "loadBalancerSourceRanges": { - "type": "array" - }, - "ipFamilies": { - "items": { - "type": "string", - "enum": [ - "IPv4", - "IPv6" - ] - } - }, - "ipFamilyPolicy": { - "type": "string", - "enum": [ - "", - "SingleStack", - "PreferDualStack", - "RequireDualStack" - ] - }, - "ports": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "protocol": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - }, - "type": { - "type": "string" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "name": { - "type": "string" - }, - "create": { - "type": "boolean" - } - } - }, - "rbac": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "tolerations": { - "type": "array" - }, - "topologySpreadConstraints": { - "type": "array" - }, - "networkGateway": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string", - "enum": [ - "", - "Always", - "IfNotPresent", - "Never" - ] - }, - "imagePullSecrets": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - } - } - }, - "podDisruptionBudget": { - "type": "object", - "properties": { - "minAvailable": { - "type": [ - "integer", - "string" - ] - }, - "maxUnavailable": { - "type": [ - "integer", - "string" - ] - }, - "unhealthyPodEvictionPolicy": { - "type": "string", - "enum": [ - "", - "IfHealthyBudget", - "AlwaysAllow" - ] - } - } - }, - "terminationGracePeriodSeconds": { - "type": "number" - }, - "volumes": { - "type": "array", - "items": { - "type": "object" - } - }, - "volumeMounts": { - "type": "array", - "items": { - "type": "object" - } - }, - "priorityClassName": { - "type": "string" - }, - "_internal_defaults_do_not_set": { - "type": "object" - } - }, - "additionalProperties": false - } - }, - "defaults": { - "$ref": "#/$defs/values" - }, - "$ref": "#/$defs/values" -} diff --git a/resources/v1.26.2/charts/gateway/values.yaml b/resources/v1.26.2/charts/gateway/values.yaml deleted file mode 100644 index 4e65676ba..000000000 --- a/resources/v1.26.2/charts/gateway/values.yaml +++ /dev/null @@ -1,170 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Name allows overriding the release name. Generally this should not be set - name: "" - # revision declares which revision this gateway is a part of - revision: "" - - # Controls the spec.replicas setting for the Gateway deployment if set. - # Otherwise defaults to Kubernetes Deployment default (1). - replicaCount: - - kind: Deployment - - rbac: - # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed - # when using http://gateway-api.org/. - enabled: true - - serviceAccount: - # If set, a service account will be created. Otherwise, the default is used - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set, the release name is used - name: "" - - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - prometheus.io/path: "/stats/prometheus" - inject.istio.io/templates: "gateway" - sidecar.istio.io/inject: "true" - - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - containerSecurityContext: {} - - service: - # Type of service. Set to "None" to disable the service entirely - type: LoadBalancer - ports: - - name: status-port - port: 15021 - protocol: TCP - targetPort: 15021 - - name: http2 - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - annotations: {} - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalTrafficPolicy: "" - externalIPs: [] - ipFamilyPolicy: "" - ipFamilies: [] - ## Whether to automatically allocate NodePorts (only for LoadBalancers). - # allocateLoadBalancerNodePorts: false - ## Set LoadBalancer class (only for LoadBalancers). - # loadBalancerClass: "" - - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: {} - autoscaleBehavior: {} - - # Pod environment variables - env: {} - - # Deployment Update strategy - strategy: {} - - # Sets the Deployment minReadySeconds value - minReadySeconds: - - # Optionally configure a custom readinessProbe. By default the control plane - # automatically injects the readinessProbe. If you wish to override that - # behavior, you may define your own readinessProbe here. - readinessProbe: {} - - # Labels to apply to all resources - labels: - # By default, don't enroll gateways into the ambient dataplane - "istio.io/dataplane-mode": none - - # Annotations to apply to all resources - annotations: {} - - nodeSelector: {} - - tolerations: [] - - topologySpreadConstraints: [] - - affinity: {} - - # If specified, the gateway will act as a network gateway for the given network. - networkGateway: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent - imagePullPolicy: "" - - imagePullSecrets: [] - - # This value is used to configure a Kubernetes PodDisruptionBudget for the gateway. - # - # By default, the `podDisruptionBudget` is disabled (set to `{}`), - # which means that no PodDisruptionBudget resource will be created. - # - # To enable the PodDisruptionBudget, configure it by specifying the - # `minAvailable` or `maxUnavailable`. For example, to set the - # minimum number of available replicas to 1, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # - # Or, to allow a maximum of 1 unavailable replica, you can set: - # - # podDisruptionBudget: - # maxUnavailable: 1 - # - # You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`. - # For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # unhealthyPodEvictionPolicy: AlwaysAllow - # - # To disable the PodDisruptionBudget, you can leave it as an empty object `{}`: - # - # podDisruptionBudget: {} - # - podDisruptionBudget: {} - - # Sets the per-pod terminationGracePeriodSeconds setting. - terminationGracePeriodSeconds: 30 - - # A list of `Volumes` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumes: [] - - # A list of `VolumeMounts` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumeMounts: [] - - # Configure this to a higher priority class in order to make sure your Istio gateway pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" diff --git a/resources/v1.26.2/charts/istiod/Chart.yaml b/resources/v1.26.2/charts/istiod/Chart.yaml deleted file mode 100644 index 68663298a..000000000 --- a/resources/v1.26.2/charts/istiod/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.2 -description: Helm chart for istio control plane -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- istiod -- istio-discovery -name: istiod -sources: -- https://github.com/istio/istio -version: 1.26.2 diff --git a/resources/v1.26.2/charts/istiod/README.md b/resources/v1.26.2/charts/istiod/README.md deleted file mode 100644 index ddbfbc8fe..000000000 --- a/resources/v1.26.2/charts/istiod/README.md +++ /dev/null @@ -1,73 +0,0 @@ -# Istiod Helm Chart - -This chart installs an Istiod deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -Before installing, ensure CRDs are installed in the cluster (from the `istio/base` chart). - -To install the chart with the release name `istiod`: - -```console -kubectl create namespace istio-system -helm install istiod istio/istiod --namespace istio-system -``` - -## Uninstalling the Chart - -To uninstall/delete the `istiod` deployment: - -```console -helm delete istiod --namespace istio-system -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istiod -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Examples - -#### Configuring mesh configuration settings - -Any [Mesh Config](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/) options can be configured like below: - -```yaml -meshConfig: - accessLogFile: /dev/stdout -``` - -#### Revisions - -Control plane revisions allow deploying multiple versions of the control plane in the same cluster. -This allows safe [canary upgrades](https://istio.io/latest/docs/setup/upgrade/canary/) - -```yaml -revision: my-revision-name -``` diff --git a/resources/v1.26.2/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.26.2/charts/istiod/files/gateway-injection-template.yaml deleted file mode 100644 index fdeab1adb..000000000 --- a/resources/v1.26.2/charts/istiod/files/gateway-injection-template.yaml +++ /dev/null @@ -1,261 +0,0 @@ -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: - istio.io/rev: {{ .Revision | default "default" | quote }} - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}" - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}" - {{- end }} - {{- end }} -spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 4 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- end }} - securityContext: - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.2/charts/istiod/files/grpc-agent.yaml b/resources/v1.26.2/charts/istiod/files/grpc-agent.yaml deleted file mode 100644 index 6f3315b35..000000000 --- a/resources/v1.26.2/charts/istiod/files/grpc-agent.yaml +++ /dev/null @@ -1,318 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - {{/* security.istio.io/tlsMode: istio must be set by user, if gRPC is using mTLS initialization code. We can't set it automatically. */}} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} - sidecar.istio.io/rewriteAppHTTPProbers: "false", - } -spec: - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15020 - protocol: TCP - name: mesh-metrics - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - - --url=http://localhost:15020/healthz/ready - env: - - name: ISTIO_META_GENERATOR - value: grpc - - name: OUTPUT_CERTS - value: /var/lib/istio/data - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - # grpc uses xds:/// to resolve – no need to resolve VIP - - name: ISTIO_META_DNS_CAPTURE - value: "false" - - name: DISABLE_ENVOY - value: "true" - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15020 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} -{{- range $index, $container := .Spec.Containers }} -{{ if not (eq $container.Name "istio-proxy") }} - - name: {{ $container.Name }} - env: - - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" - value: "true" - - name: "GRPC_XDS_BOOTSTRAP" - value: "/etc/istio/proxy/grpc-bootstrap.json" - volumeMounts: - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - {{- if eq $.Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} -{{- end }} -{{- end }} - volumes: - - emptyDir: - name: workload-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-xds - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.2/charts/istiod/files/grpc-simple.yaml b/resources/v1.26.2/charts/istiod/files/grpc-simple.yaml deleted file mode 100644 index 9ba0c7a46..000000000 --- a/resources/v1.26.2/charts/istiod/files/grpc-simple.yaml +++ /dev/null @@ -1,65 +0,0 @@ -metadata: - annotations: - sidecar.istio.io/rewriteAppHTTPProbers: "false" -spec: - initContainers: - - name: grpc-bootstrap-init - image: busybox:1.28 - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - env: - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_NAMESPACE - value: | - {{ .Values.global.istioNamespace }} - command: - - sh - - "-c" - - |- - NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local" - SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010" - echo ' - { - "xds_servers": [ - { - "server_uri": "'${SERVER_URI}'", - "channel_creds": [{"type": "insecure"}], - "server_features" : ["xds_v3"] - } - ], - "node": { - "id": "'${NODE_ID}'", - "metadata": { - "GENERATOR": "grpc" - } - } - }' > /var/lib/grpc/data/bootstrap.json - containers: - {{- range $index, $container := .Spec.Containers }} - - name: {{ $container.Name }} - env: - - name: GRPC_XDS_BOOTSTRAP - value: /var/lib/grpc/data/bootstrap.json - - name: GRPC_GO_LOG_VERBOSITY_LEVEL - value: "99" - - name: GRPC_GO_LOG_SEVERITY_LEVEL - value: info - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - {{- end }} - volumes: - - name: grpc-io-proxyless-bootstrap - emptyDir: {} diff --git a/resources/v1.26.2/charts/istiod/files/injection-template.yaml b/resources/v1.26.2/charts/istiod/files/injection-template.yaml deleted file mode 100644 index 1c13d94d6..000000000 --- a/resources/v1.26.2/charts/istiod/files/injection-template.yaml +++ /dev/null @@ -1,532 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{ $nativeSidecar := (or (and (not (isset .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`)) (eq (env "ENABLE_NATIVE_SIDECARS" "false") "true")) (eq (index .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`) "true")) }} -{{ $tproxy := (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio" | quote }} - {{- if eq (index .ProxyConfig.ProxyMetadata "ISTIO_META_ENABLE_HBONE") "true" }} - networking.istio.io/tunnel: {{ index .ObjectMeta.Labels `networking.istio.io/tunnel` | default "http" | quote }} - {{- end }} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | trunc 63 | trimSuffix "-" | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} -{{- if .Values.pilot.cni.enabled }} - {{- if eq .Values.pilot.cni.provider "multus" }} - k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `default/istio-cni` }}', - {{- end }} - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}", - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} - traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}", - {{- end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}istio.io/reroute-virtual-interfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}traffic.sidecar.istio.io/excludeInterfaces: "{{.}}",{{ end }} -{{- end }} - } -spec: - {{- $holdProxy := and - (or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts) - (not $nativeSidecar) }} - {{- $noInitContainer := and - (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE`) - (not $nativeSidecar) }} - {{ if $noInitContainer }} - initContainers: [] - {{ else -}} - initContainers: - {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} - {{ if .Values.pilot.cni.enabled -}} - - name: istio-validation - {{ else -}} - - name: istio-init - {{ end -}} - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - args: - - istio-iptables - - "-p" - - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }} - - "-z" - - {{ .MeshConfig.ProxyInboundListenPort | default "15006" | quote }} - - "-u" - - {{ if $tproxy }} "1337" {{ else }} {{ .ProxyUID | default "1337" | quote }} {{ end }} - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}" - - "-d" - {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} - - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{- else }} - - "15090,15021" - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} - - "-q" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" - {{ end -}} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`) -}} - - "-c" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}" - {{ end -}} - - "--log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}" - {{ if .Values.global.logAsJson -}} - - "--log_as_json" - {{ end -}} - {{ if .Values.pilot.cni.enabled -}} - - "--run-validation" - - "--skip-rule-apply" - {{ else if .Values.global.proxy_init.forceApplyIptables -}} - - "--force-apply" - {{ end -}} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{- if .ProxyConfig.ProxyMetadata }} - env: - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: - {{- if not .Values.pilot.cni.enabled }} - add: - - NET_ADMIN - - NET_RAW - {{- end }} - drop: - - ALL - {{- if not .Values.pilot.cni.enabled }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - readOnlyRootFilesystem: true - runAsGroup: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyGID | default "1337" }} {{ end }} - runAsUser: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyUID | default "1337" }} {{ end }} - runAsNonRoot: true - {{- end }} - {{ end -}} - {{ end -}} - {{ if not $nativeSidecar }} - containers: - {{ end }} - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{ if $nativeSidecar }}restartPolicy: Always{{end}} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- else if $holdProxy }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - {{- else if $nativeSidecar }} - {{- /* preStop is called when the pod starts shutdown. Initialize drain. We will get SIGTERM once applications are torn down. */}} - lifecycle: - preStop: - exec: - command: - - pilot-agent - - request - - --debug-port={{(annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort)}} - - POST - - drain - {{- end }} - env: - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- with (index .ObjectMeta.Labels `service.istio.io/workload-name` | default .DeploymentMeta.Name) }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ . }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - {{ if .Values.global.proxy.startupProbe.enabled }} - startupProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: 0 - periodSeconds: 1 - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.startupProbe.failureThreshold }} - {{ end }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }} - allowPrivilegeEscalation: true - capabilities: - add: - - NET_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: true - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: false - runAsUser: 0 - {{- else }} - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - add: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - - NET_ADMIN - {{- end }} - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} - - NET_BIND_SERVICE - {{- end }} - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: true - {{ if or ($tproxy) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - runAsNonRoot: false - runAsUser: 0 - runAsGroup: 1337 - {{- else -}} - runAsNonRoot: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} - volumes: - - emptyDir: - name: workload-socket - - emptyDir: - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.2/charts/istiod/files/kube-gateway.yaml b/resources/v1.26.2/charts/istiod/files/kube-gateway.yaml deleted file mode 100644 index 447ecae83..000000000 --- a/resources/v1.26.2/charts/istiod/files/kube-gateway.yaml +++ /dev/null @@ -1,401 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": {{.Name}} - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 8 }} - spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 8 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- if .Values.gateways.seccompProfile }} - seccompProfile: - {{- toYaml .Values.gateways.seccompProfile | nindent 10 }} - {{- end }} - {{- end }} - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{- if .Values.global.proxy.resources }} - resources: - {{- toYaml .Values.global.proxy.resources | nindent 10 }} - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - securityContext: - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: true - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }} - {{- end }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: "[]" - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName .ClusterID }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- with (valueOrDefault (index .InfrastructureLabels "topology.istio.io/network") .Values.global.network) }} - - name: ISTIO_META_NETWORK - value: {{.|quote}} - {{- end }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName|quote}} - - name: ISTIO_META_OWNER - value: "kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}}" - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- with (index .InfrastructureLabels "topology.istio.io/network") }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: {{.|quote}} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq ((.Values.pilot).env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: {{.UID}} -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": {{.Name}} - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.2/charts/istiod/files/profile-ambient.yaml b/resources/v1.26.2/charts/istiod/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.2/charts/istiod/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.2/charts/istiod/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.2/charts/istiod/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.2/charts/istiod/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/istiod/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.2/charts/istiod/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.2/charts/istiod/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.2/charts/istiod/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.2/charts/istiod/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/istiod/files/profile-demo.yaml b/resources/v1.26.2/charts/istiod/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.2/charts/istiod/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.2/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.26.2/charts/istiod/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.2/charts/istiod/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.2/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.26.2/charts/istiod/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.2/charts/istiod/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.2/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.26.2/charts/istiod/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.2/charts/istiod/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.2/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.26.2/charts/istiod/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.2/charts/istiod/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.2/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.26.2/charts/istiod/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.2/charts/istiod/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.2/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.26.2/charts/istiod/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.2/charts/istiod/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.2/charts/istiod/files/profile-preview.yaml b/resources/v1.26.2/charts/istiod/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.2/charts/istiod/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.2/charts/istiod/files/profile-remote.yaml b/resources/v1.26.2/charts/istiod/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.2/charts/istiod/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.2/charts/istiod/files/profile-stable.yaml b/resources/v1.26.2/charts/istiod/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.2/charts/istiod/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.2/charts/istiod/files/waypoint.yaml b/resources/v1.26.2/charts/istiod/files/waypoint.yaml deleted file mode 100644 index 421cabeae..000000000 --- a/resources/v1.26.2/charts/istiod/files/waypoint.yaml +++ /dev/null @@ -1,396 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": "{{.Name}}" - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "istio.io/dataplane-mode" "none" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 8}} - spec: - {{- if .Values.global.waypoint.affinity }} - affinity: - {{- toYaml .Values.global.waypoint.affinity | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml .Values.global.waypoint.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.nodeSelector }} - nodeSelector: - {{- toYaml .Values.global.waypoint.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.tolerations }} - tolerations: - {{- toYaml .Values.global.waypoint.tolerations | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 2 - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - args: - - proxy - - waypoint - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - {{.ServiceAccount}}.$(POD_NAMESPACE) - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - env: - - name: ISTIO_META_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - {{- if .ProxyConfig.ProxyMetadata }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - {{- $network := valueOrDefault (index .InfrastructureLabels `topology.istio.io/network`) .Values.global.network }} - {{- if $network }} - - name: ISTIO_META_NETWORK - value: "{{ $network }}" - {{- end }} - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName}} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if .Values.global.waypoint.resources }} - resources: - {{- toYaml .Values.global.waypoint.resources | nindent 10 }} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - privileged: false - {{- if not (eq .Values.global.platform "openshift") }} - runAsGroup: 1337 - runAsUser: 1337 - {{- end }} - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.gateways.seccompProfile }} - seccompProfile: -{{- toYaml .Values.gateways.seccompProfile | nindent 12 }} -{{- end }} - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: - medium: Memory - name: go-proxy-envoy - - emptyDir: {} - name: istio-data - - emptyDir: {} - name: go-proxy-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap - (strdict "networking.istio.io/traffic-distribution" "PreferClose") - (omit .InfrastructureAnnotations - "kubectl.kubernetes.io/last-applied-configuration" - "gateway.istio.io/name-override" - "gateway.istio.io/service-account" - "gateway.istio.io/controller-version" - ) | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": "{{.Name}}" - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.2/charts/istiod/templates/NOTES.txt b/resources/v1.26.2/charts/istiod/templates/NOTES.txt deleted file mode 100644 index 0d07ea7f4..000000000 --- a/resources/v1.26.2/charts/istiod/templates/NOTES.txt +++ /dev/null @@ -1,82 +0,0 @@ -"istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: -{{- $profile := default "" .Values.profile }} -{{- if (eq $profile "ambient") }} - * Get started with ambient: https://istio.io/latest/docs/ops/ambient/getting-started/ - * Review ambient's architecture: https://istio.io/latest/docs/ops/ambient/architecture/ -{{- else }} - * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/ - * Try out our tasks to get started on common configurations: - * https://istio.io/latest/docs/tasks/traffic-management - * https://istio.io/latest/docs/tasks/security/ - * https://istio.io/latest/docs/tasks/policy-enforcement/ -{{- end }} - * Review the list of actively supported releases, CVE publications and our hardening guide: - * https://istio.io/latest/docs/releases/supported-releases/ - * https://istio.io/latest/news/security/ - * https://istio.io/latest/docs/ops/best-practices/security/ - -For further documentation see https://istio.io website - -{{- - $deps := dict - "global.outboundTrafficPolicy" "meshConfig.outboundTrafficPolicy" - "global.certificates" "meshConfig.certificates" - "global.localityLbSetting" "meshConfig.localityLbSetting" - "global.policyCheckFailOpen" "meshConfig.policyCheckFailOpen" - "global.enableTracing" "meshConfig.enableTracing" - "global.proxy.accessLogFormat" "meshConfig.accessLogFormat" - "global.proxy.accessLogFile" "meshConfig.accessLogFile" - "global.proxy.concurrency" "meshConfig.defaultConfig.concurrency" - "global.proxy.envoyAccessLogService" "meshConfig.defaultConfig.envoyAccessLogService" - "global.proxy.envoyAccessLogService.enabled" "meshConfig.enableEnvoyAccessLogService" - "global.proxy.envoyMetricsService" "meshConfig.defaultConfig.envoyMetricsService" - "global.proxy.protocolDetectionTimeout" "meshConfig.protocolDetectionTimeout" - "global.proxy.holdApplicationUntilProxyStarts" "meshConfig.defaultConfig.holdApplicationUntilProxyStarts" - "pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" - "global.mtls.enabled" "the PeerAuthentication resource" - "global.mtls.auto" "meshConfig.enableAutoMtls" - "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address" - "global.tracer.lightstep.accessToken" "meshConfig.defaultConfig.tracing.lightstep.accessToken" - "global.tracer.zipkin.address" "meshConfig.defaultConfig.tracing.zipkin.address" - "global.tracer.datadog.address" "meshConfig.defaultConfig.tracing.datadog.address" - "global.meshExpansion.enabled" "Gateway and other Istio networking resources, such as in samples/multicluster/" - "istiocoredns.enabled" "the in-proxy DNS capturing (ISTIO_META_DNS_CAPTURE)" -}} -{{- range $dep, $replace := $deps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -WARNING: {{$dep|quote}} is deprecated; use {{$replace|quote}} instead. -{{- end }} -{{- end }} -{{- - $failDeps := dict - "telemetry.v2.prometheus.configOverride" - "telemetry.v2.stackdriver.configOverride" - "telemetry.v2.stackdriver.disableOutbound" - "telemetry.v2.stackdriver.outboundAccessLogging" - "global.tracer.stackdriver.debug" "meshConfig.defaultConfig.tracing.stackdriver.debug" - "global.tracer.stackdriver.maxNumberOfAttributes" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" - "global.tracer.stackdriver.maxNumberOfAnnotations" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" - "global.tracer.stackdriver.maxNumberOfMessageEvents" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" - "meshConfig.defaultConfig.tracing.stackdriver.debug" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" "Istio supported tracers" -}} -{{- range $dep, $replace := $failDeps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -{{fail (print $dep " is removed")}} -{{- end }} -{{- end }} -{{- if eq $.Values.global.pilotCertProvider "kubernetes" }} -{{- fail "pilotCertProvider=kubernetes is not supported" }} -{{- end }} \ No newline at end of file diff --git a/resources/v1.26.2/charts/istiod/templates/_helpers.tpl b/resources/v1.26.2/charts/istiod/templates/_helpers.tpl deleted file mode 100644 index 042c92538..000000000 --- a/resources/v1.26.2/charts/istiod/templates/_helpers.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* Default Prometheus is enabled if its enabled and there are no config overrides set */}} -{{ define "default-prometheus" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.prometheus.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. Default metrics are enabled if SD is enabled */}} -{{ define "default-sd-metrics" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. */}} -{{ define "default-sd-logs" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/autoscale.yaml b/resources/v1.26.2/charts/istiod/templates/autoscale.yaml deleted file mode 100644 index 09cd6258c..000000000 --- a/resources/v1.26.2/charts/istiod/templates/autoscale.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.cpu.targetAverageUtilization }} - {{- if .Values.memory.targetAverageUtilization }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.memory.targetAverageUtilization }} - {{- end }} - {{- if .Values.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaleBehavior | nindent 4 }} - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/clusterrole.yaml b/resources/v1.26.2/charts/istiod/templates/clusterrole.yaml deleted file mode 100644 index f5157600e..000000000 --- a/resources/v1.26.2/charts/istiod/templates/clusterrole.yaml +++ /dev/null @@ -1,206 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - # sidecar injection controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - # configuration validation webhook controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] - - # istio configuration - # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) - # please proceed with caution - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["get", "watch", "list"] - resources: ["*"] -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["update", "patch"] - resources: - - authorizationpolicies/status - - destinationrules/status - - envoyfilters/status - - gateways/status - - peerauthentications/status - - proxyconfigs/status - - requestauthentications/status - - serviceentries/status - - sidecars/status - - telemetries/status - - virtualservices/status - - wasmplugins/status - - workloadentries/status - - workloadgroups/status -{{- end }} - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries/status", "serviceentries/status" ] - - apiGroups: ["security.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "authorizationpolicies/status" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services/status" ] - - # auto-detect installed CRD definitions - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - # discovery and routing - - apiGroups: [""] - resources: ["pods", "nodes", "services", "namespaces", "endpoints"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - -{{- if .Values.taint.enabled }} - - apiGroups: [""] - resources: ["nodes"] - verbs: ["patch"] -{{- end }} - - # ingress controller -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] -{{- end}} - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses", "ingressclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] - - # required for CA's namespace controller - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - # Istiod and bootstrap. -{{- $omitCertProvidersForClusterRole := list "istiod" "custom" "none"}} -{{- if or .Values.env.EXTERNAL_CA (not (has .Values.global.pilotCertProvider $omitCertProvidersForClusterRole)) }} - - apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete", "watch"] - - apiGroups: ["certificates.k8s.io"] - resources: - - "signers" - resourceNames: -{{- range .Values.global.certSigners }} - - {{ . | quote }} -{{- end }} - verbs: ["approve"] -{{- end}} -{{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - - apiGroups: ["certificates.k8s.io"] - resources: ["clustertrustbundles"] - verbs: ["update", "create", "delete"] - - apiGroups: ["certificates.k8s.io"] - resources: ["signers"] - resourceNames: ["istio.io/istiod-ca"] - verbs: ["attest"] -{{- end }} - - # Used by Istiod to verify the JWT tokens - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - # Used by Istiod to verify gateway SDS - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] - - # Use for Kubernetes Service APIs - - apiGroups: ["gateway.networking.k8s.io", "gateway.networking.x-k8s.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] - - apiGroups: ["gateway.networking.x-k8s.io"] - resources: - - xbackendtrafficpolicies/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: - - backendtlspolicies/status - - gatewayclasses/status - - gateways/status - - grpcroutes/status - - httproutes/status - - referencegrants/status - - tcproutes/status - - tlsroutes/status - - udproutes/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: ["gatewayclasses"] - verbs: ["create", "update", "patch", "delete"] - - # Needed for multicluster secret reading, possibly ingress certs in the future - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] - - # Used for MCS serviceexport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: [ "get", "watch", "list", "create", "delete"] - - # Used for MCS serviceimport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "watch", "list"] ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: ["apps"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "deployments" ] - - apiGroups: ["autoscaling"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "horizontalpodautoscalers" ] - - apiGroups: ["policy"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "poddisruptionbudgets" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "serviceaccounts"] -{{- end }} -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.26.2/charts/istiod/templates/clusterrolebinding.yaml deleted file mode 100644 index 10781b407..000000000 --- a/resources/v1.26.2/charts/istiod/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.26.2/charts/istiod/templates/configmap-jwks.yaml deleted file mode 100644 index 3505d2822..000000000 --- a/resources/v1.26.2/charts/istiod/templates/configmap-jwks.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/configmap-values.yaml b/resources/v1.26.2/charts/istiod/templates/configmap-values.yaml deleted file mode 100644 index 75e6e0bcc..000000000 --- a/resources/v1.26.2/charts/istiod/templates/configmap-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: values{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - annotations: - kubernetes.io/description: This ConfigMap contains the Helm values used during chart rendering. This ConfigMap is rendered for debugging purposes and external tooling; modifying these values has no effect. - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - original-values: |- -{{ .Values._original | toPrettyJson | indent 4 }} -{{- $_ := unset $.Values "_original" }} - merged-values: |- -{{ .Values | toPrettyJson | indent 4 }} diff --git a/resources/v1.26.2/charts/istiod/templates/configmap.yaml b/resources/v1.26.2/charts/istiod/templates/configmap.yaml deleted file mode 100644 index 3098d300f..000000000 --- a/resources/v1.26.2/charts/istiod/templates/configmap.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- define "mesh" }} - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: "cluster.local" - - # The namespace to treat as the administrative root namespace for Istio configuration. - # When processing a leaf namespace Istio will search for declarations in that namespace first - # and if none are found it will search in the root namespace. Any matching declaration found in the root namespace - # is processed as if it were declared in the leaf namespace. - rootNamespace: {{ .Values.meshConfig.rootNamespace | default .Values.global.istioNamespace }} - - {{ $prom := include "default-prometheus" . | eq "true" }} - {{ $sdMetrics := include "default-sd-metrics" . | eq "true" }} - {{ $sdLogs := include "default-sd-logs" . | eq "true" }} - {{- if or $prom $sdMetrics $sdLogs }} - defaultProviders: - {{- if or $prom $sdMetrics }} - metrics: - {{ if $prom }}- prometheus{{ end }} - {{ if and $sdMetrics $sdLogs }}- stackdriver{{ end }} - {{- end }} - {{- if and $sdMetrics $sdLogs }} - accessLogging: - - stackdriver - {{- end }} - {{- end }} - - defaultConfig: - {{- if .Values.global.meshID }} - meshId: "{{ .Values.global.meshID }}" - {{- end }} - {{- with (.Values.global.proxy.variant | default .Values.global.variant) }} - image: - imageType: {{. | quote}} - {{- end }} - {{- if not (eq .Values.global.proxy.tracer "none") }} - tracing: - {{- if eq .Values.global.proxy.tracer "lightstep" }} - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - zipkin: - # Address of the Zipkin collector - address: {{ ((.Values.global.tracer).zipkin).address | default (print "zipkin." .Values.global.istioNamespace ":9411") }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - datadog: - # Address of the Datadog Agent - address: {{ ((.Values.global.tracer).datadog).address | default "$(HOST_IP):8126" }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - stackdriver: - # enables trace output to stdout. - debug: {{ (($.Values.global.tracer).stackdriver).debug | default "false" }} - # The global default max number of attributes per span. - maxNumberOfAttributes: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAttributes | default "200" }} - # The global default max number of annotation events per span. - maxNumberOfAnnotations: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAnnotations | default "200" }} - # The global default max number of message events per span. - maxNumberOfMessageEvents: {{ (($.Values.global.tracer).stackdriver).maxNumberOfMessageEvents | default "200" }} - {{- end }} - {{- end }} - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ printf "istiod.%s.svc" .Release.Namespace }}:15012 - {{- else }} - discoveryAddress: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{.Release.Namespace}}.svc:15012 - {{- end }} -{{- end }} - -{{/* We take the mesh config above, defined with individual values.yaml, and merge with .Values.meshConfig */}} -{{/* The intent here is that meshConfig.foo becomes the API, rather than re-inventing the API in values.yaml */}} -{{- $originalMesh := include "mesh" . | fromYaml }} -{{- $mesh := mergeOverwrite $originalMesh .Values.meshConfig }} - -{{- if .Values.configMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} - - mesh: |- -{{- if .Values.meshConfig }} -{{ $mesh | toYaml | indent 4 }} -{{- else }} -{{- include "mesh" . }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/deployment.yaml b/resources/v1.26.2/charts/istiod/templates/deployment.yaml deleted file mode 100644 index 73917d860..000000000 --- a/resources/v1.26.2/charts/istiod/templates/deployment.yaml +++ /dev/null @@ -1,304 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- range $key, $val := .Values.deploymentLabels }} - {{ $key }}: "{{ $val }}" -{{- end }} -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - {{- if ne .Values.revision "" }} - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - {{- else }} - istio: pilot - {{- end }} - template: - metadata: - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - sidecar.istio.io/inject: "false" - operator.istio.io/component: "Pilot" - {{- if ne .Values.revision "" }} - istio: istiod - {{- else }} - istio: pilot - {{- end }} - {{- range $key, $val := .Values.podLabels }} - {{ $key }}: "{{ $val }}" - {{- end }} - istio.io/dataplane-mode: none - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 8 }} - annotations: - prometheus.io/port: "15014" - prometheus.io/scrape: "true" - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- with .Values.affinity }} - affinity: -{{- toYaml . | nindent 8 }} -{{- end }} - tolerations: - - key: cni.istio.io/not-ready - operator: "Exists" -{{- with .Values.tolerations }} -{{- toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{- toYaml . | nindent 8 }} -{{- end }} - serviceAccountName: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- with .Values.initContainers }} - initContainers: - {{- tpl (toYaml .) $ | nindent 8 }} -{{- end }} - containers: - - name: discovery -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "pilot" }}:{{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}}" -{{- end }} -{{- if .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} -{{- end }} - args: - - "discovery" - - --monitoringAddr=:15014 -{{- if .Values.global.logging.level }} - - --log_output_level={{ .Values.global.logging.level }} -{{- end}} -{{- if .Values.global.logAsJson }} - - --log_as_json -{{- end }} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.taint.namespace }} - - --cniNamespace={{ .Values.taint.namespace }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" -{{- if .Values.extraContainerArgs }} - {{- with .Values.extraContainerArgs }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- end }} - ports: - - containerPort: 8080 - protocol: TCP - name: http-debug - - containerPort: 15010 - protocol: TCP - name: grpc-xds - - containerPort: 15012 - protocol: TCP - name: tls-xds - - containerPort: 15017 - protocol: TCP - name: https-webhooks - - containerPort: 15014 - protocol: TCP - name: http-monitoring - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 1 - periodSeconds: 3 - timeoutSeconds: 5 - env: - - name: REVISION - value: "{{ .Values.revision | default `default` }}" - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.serviceAccountName - - name: KUBECONFIG - value: /var/run/secrets/remote/config - # If you explicitly told us where ztunnel lives, use that. - # Otherwise, assume it lives in our namespace - # Also, check for an explicit ENV override (legacy approach) and prefer that - # if present - {{ $ztTrustedNS := or .Values.trustedZtunnelNamespace .Release.Namespace }} - {{ $ztTrustedName := or .Values.trustedZtunnelName "ztunnel" }} - {{- if not .Values.env.CA_TRUSTED_NODE_ACCOUNTS }} - - name: CA_TRUSTED_NODE_ACCOUNTS - value: "{{ $ztTrustedNS }}/{{ $ztTrustedName }}" - {{- end }} - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - {{- with .Values.envVarFrom }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} -# If externalIstiod is set via Values.Global, then enable the pilot env variable. However, if it's set via Values.pilot.env, then -# don't set it here to avoid duplication. -# TODO (nshankar13): Move from Helm chart to code: https://github.com/istio/istio/issues/52449 -{{- if and .Values.global.externalIstiod (not (and .Values.env .Values.env.EXTERNAL_ISTIOD)) }} - - name: EXTERNAL_ISTIOD - value: "{{ .Values.global.externalIstiod }}" -{{- end }} - - name: PILOT_ENABLE_ANALYSIS - value: "{{ .Values.global.istiod.enableAnalysis }}" - - name: CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - divisor: "1" - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - divisor: "1" - - name: PLATFORM - value: "{{ coalesce .Values.global.platform .Values.platform }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - volumeMounts: - - name: istio-token - mountPath: /var/run/secrets/tokens - readOnly: true - - name: local-certs - mountPath: /var/run/secrets/istio-dns - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - - name: istio-kubeconfig - mountPath: /var/run/secrets/remote - readOnly: true - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts - {{- end }} - - name: istio-csr-dns-cert - mountPath: /var/run/secrets/istiod/tls - readOnly: true - - name: istio-csr-ca-configmap - mountPath: /var/run/secrets/istiod/ca - readOnly: true - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 10 }} - {{- end }} - volumes: - # Technically not needed on this pod - but it helps debugging/testing SDS - # Should be removed after everything works. - - emptyDir: - medium: Memory - name: local-certs - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ .Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - # Optional: user-generated root - - name: cacerts - secret: - secretName: cacerts - optional: true - - name: istio-kubeconfig - secret: - secretName: istio-kubeconfig - optional: true - # Optional: istio-csr dns pilot certs - - name: istio-csr-dns-cert - secret: - secretName: istiod-tls - optional: true - - name: istio-csr-ca-configmap - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - optional: true - {{- else }} - configMap: - name: istio-ca-root-cert - defaultMode: 420 - optional: true - {{- end }} - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} - ---- -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.26.2/charts/istiod/templates/gateway-class-configmap.yaml deleted file mode 100644 index 6b23d716a..000000000 --- a/resources/v1.26.2/charts/istiod/templates/gateway-class-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ range $key, $value := .Values.gatewayClasses }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-{{ $.Values.revision | default "default" }}-gatewayclass-{{$key}} - namespace: {{ $.Release.Namespace }} - labels: - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - gateway.istio.io/defaults-for-class: {{$key|quote}} - {{- include "istio.labels" $ | nindent 4 }} -data: -{{ range $kind, $overlay := $value }} - {{$kind}}: | -{{$overlay|toYaml|trim|indent 4}} -{{ end }} ---- -{{ end }} diff --git a/resources/v1.26.2/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.26.2/charts/istiod/templates/istiod-injector-configmap.yaml deleted file mode 100644 index 171aff886..000000000 --- a/resources/v1.26.2/charts/istiod/templates/istiod-injector-configmap.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: -{{/* Scope the values to just top level fields used in the template, to reduce the size. */}} - values: |- -{{ $vals := pick .Values "global" "sidecarInjectorWebhook" "revision" -}} -{{ $pilotVals := pick .Values "cni" "env" -}} -{{ $vals = set $vals "pilot" $pilotVals -}} -{{ $gatewayVals := pick .Values.gateways "securityContext" "seccompProfile" -}} -{{ $vals = set $vals "gateways" $gatewayVals -}} -{{ $vals | toPrettyJson | indent 4 }} - - # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching - # and istiod webhook functionality. - # - # New fields should not use Values - it is a 'primary' config object, users should be able - # to fine tune it or use it with kube-inject. - config: |- - # defaultTemplates defines the default template to use for pods that do not explicitly specify a template - {{- if .Values.sidecarInjectorWebhook.defaultTemplates }} - defaultTemplates: -{{- range .Values.sidecarInjectorWebhook.defaultTemplates}} - - {{ . }} -{{- end }} - {{- else }} - defaultTemplates: [sidecar] - {{- end }} - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": {{ $val | quote }} - {{- end }} - {{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template - which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined". - This should make it obvious that their installation is broken. - */}} - template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }} - templates: -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }} - sidecar: | -{{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }} - gateway: | -{{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }} - grpc-simple: | -{{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }} - grpc-agent: | -{{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "waypoint") }} - waypoint: | -{{ .Files.Get "files/waypoint.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "kube-gateway") }} - kube-gateway: | -{{ .Files.Get "files/kube-gateway.yaml" | trim | indent 8 }} -{{- end }} -{{- with .Values.sidecarInjectorWebhook.templates }} -{{ toYaml . | trim | indent 6 }} -{{- end }} - -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.26.2/charts/istiod/templates/mutatingwebhook.yaml deleted file mode 100644 index 22160f70a..000000000 --- a/resources/v1.26.2/charts/istiod/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- /* Core defines the common configuration used by all webhook segments */}} -{{/* Copy just what we need to avoid expensive deepCopy */}} -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "caBundle" .Values.istiodRemote.injectionCABundle - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - {{- if .caBundle }} - caBundle: "{{ .caBundle }}" - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- /* Installed for each revision - not installed for cluster resources ( cluster roles, bindings, crds) */}} -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq .Release.Namespace "istio-system"}} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- else }} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -{{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- /* Set up the selectors. First section is for revision, rest is for "default" revision */}} - -{{- /* Case 1: namespace selector matches, and object doesn't disable */}} -{{- /* Note: if both revision and legacy selector, we give precedence to the legacy one */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: No namespace selector, but object selects our revision (and doesn't disable) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - -{{- /* Webhooks for default revision */}} -{{- if (eq .Values.revision "") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if .Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.26.2/charts/istiod/templates/poddisruptionbudget.yaml deleted file mode 100644 index 1eacf16e6..000000000 --- a/resources/v1.26.2/charts/istiod/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - istio: pilot - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - minAvailable: 1 - selector: - matchLabels: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - istio: pilot - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.26.2/charts/istiod/templates/reader-clusterrole.yaml deleted file mode 100644 index 4707c7e9f..000000000 --- a/resources/v1.26.2/charts/istiod/templates/reader-clusterrole.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: - - "config.istio.io" - - "security.istio.io" - - "networking.istio.io" - - "authentication.istio.io" - - "rbac.istio.io" - - "telemetry.istio.io" - - "extensions.istio.io" - resources: ["*"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - # TODO(keithmattix): See if we can conditionally give permission to read secrets and configmaps iff externalIstiod - # is enabled. Best I can tell, these two resources are only needed for configuring proxy TLS (i.e. CA certs). - resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets", "configmaps"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] - resources: ["gateways"] - verbs: ["get", "watch", "list"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] -{{- if .Values.istiodRemote.enabled }} - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] -{{- end}} diff --git a/resources/v1.26.2/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.26.2/charts/istiod/templates/reader-clusterrolebinding.yaml deleted file mode 100644 index aea9f01f7..000000000 --- a/resources/v1.26.2/charts/istiod/templates/reader-clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} diff --git a/resources/v1.26.2/charts/istiod/templates/remote-istiod-endpoints.yaml b/resources/v1.26.2/charts/istiod/templates/remote-istiod-endpoints.yaml deleted file mode 100644 index a6de571da..000000000 --- a/resources/v1.26.2/charts/istiod/templates/remote-istiod-endpoints.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.istiodRemote.enabled }} -# if the remotePilotAddress is an IP addr -{{- if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 15017 - name: tcp-webhook - protocol: TCP ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.26.2/charts/istiod/templates/remote-istiod-service.yaml deleted file mode 100644 index d3f872f74..000000000 --- a/resources/v1.26.2/charts/istiod/templates/remote-istiod-service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 443 - targetPort: 15017 - name: tcp-webhook - protocol: TCP - {{- if and .Values.global.remotePilotAddress (not (regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress)) }} - # if the remotePilotAddress is not an IP addr, we use ExternalName - type: ExternalName - externalName: {{ .Values.global.remotePilotAddress }} - {{- end }} -{{- if .Values.global.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy }} -{{- end }} -{{- if .Values.global.ipFamilies }} - ipFamilies: -{{- range .Values.global.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/revision-tags.yaml b/resources/v1.26.2/charts/istiod/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.2/charts/istiod/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/role.yaml b/resources/v1.26.2/charts/istiod/templates/role.yaml deleted file mode 100644 index 10d89e8d1..000000000 --- a/resources/v1.26.2/charts/istiod/templates/role.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: -# permissions to verify the webhook is ready and rejecting -# invalid config. We use --server-dry-run so no config is persisted. -- apiGroups: ["networking.istio.io"] - verbs: ["create"] - resources: ["gateways"] - -# For storing CA secret -- apiGroups: [""] - resources: ["secrets"] - # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config - verbs: ["create", "get", "watch", "list", "update", "delete"] - -# For status controller, so it can delete the distribution report configmap -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["delete"] - -# For gateway deployment controller -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "update", "patch", "create"] -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/rolebinding.yaml b/resources/v1.26.2/charts/istiod/templates/rolebinding.yaml deleted file mode 100644 index a42f4ec44..000000000 --- a/resources/v1.26.2/charts/istiod/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/service.yaml b/resources/v1.26.2/charts/istiod/templates/service.yaml deleted file mode 100644 index 30d5b8912..000000000 --- a/resources/v1.26.2/charts/istiod/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.serviceAnnotations }} - annotations: -{{ toYaml .Values.serviceAnnotations | indent 4 }} - {{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: istiod - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15010 - name: grpc-xds # plaintext - protocol: TCP - - port: 15012 - name: https-dns # mTLS with k8s-signed cert - protocol: TCP - - port: 443 - name: https-webhook # validation and injection - targetPort: 15017 - protocol: TCP - - port: 15014 - name: http-monitoring # prometheus stats - protocol: TCP - selector: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - # Label used by the 'default' service. For versioned deployments we match with app and version. - # This avoids default deployment picking the canary - istio: pilot - {{- end }} - {{- if .Values.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.ipFamilyPolicy }} - {{- end }} - {{- if .Values.ipFamilies }} - ipFamilies: - {{- range .Values.ipFamilies }} - - {{ . }} - {{- end }} - {{- end }} ---- -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/serviceaccount.yaml b/resources/v1.26.2/charts/istiod/templates/serviceaccount.yaml deleted file mode 100644 index a673a4d07..000000000 --- a/resources/v1.26.2/charts/istiod/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} - {{- if .Values.serviceAccountAnnotations }} - annotations: -{{- toYaml .Values.serviceAccountAnnotations | nindent 4 }} - {{- end }} -{{- end }} ---- diff --git a/resources/v1.26.2/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.26.2/charts/istiod/templates/validatingadmissionpolicy.yaml deleted file mode 100644 index d36eef68e..000000000 --- a/resources/v1.26.2/charts/istiod/templates/validatingadmissionpolicy.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.experimental.stableValidationPolicy }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-policy-binding{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" -spec: - policyName: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - validationActions: [Deny] -{{- end }} -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.26.2/charts/istiod/templates/validatingwebhookconfiguration.yaml deleted file mode 100644 index fb28836a0..000000000 --- a/resources/v1.26.2/charts/istiod/templates/validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.global.configValidation }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-validator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - # Webhook handling per-revision validation. Mostly here so we can determine whether webhooks - # are rejecting invalid configs on a per-revision basis. - - name: rev.validation.istio.io - clientConfig: - # Should change from base but cannot for API compat - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.2/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.26.2/charts/istiod/templates/zzy_descope_legacy.yaml deleted file mode 100644 index ae8fced29..000000000 --- a/resources/v1.26.2/charts/istiod/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.pilot` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "pilot") }} \ No newline at end of file diff --git a/resources/v1.26.2/charts/istiod/templates/zzz_profile.yaml b/resources/v1.26.2/charts/istiod/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.2/charts/istiod/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.2/charts/istiod/values.yaml b/resources/v1.26.2/charts/istiod/values.yaml deleted file mode 100644 index 1e5d15773..000000000 --- a/resources/v1.26.2/charts/istiod/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.2 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.2/charts/revisiontags/Chart.yaml b/resources/v1.26.2/charts/revisiontags/Chart.yaml deleted file mode 100644 index 18f873799..000000000 --- a/resources/v1.26.2/charts/revisiontags/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.2 -description: Helm chart for istio revision tags -name: revisiontags -sources: -- https://github.com/istio-ecosystem/sail-operator -version: 0.1.0 - diff --git a/resources/v1.26.2/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.26.2/charts/revisiontags/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.2/charts/revisiontags/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.2/charts/revisiontags/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.2/charts/revisiontags/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.2/charts/revisiontags/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/revisiontags/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.2/charts/revisiontags/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.2/charts/revisiontags/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.2/charts/revisiontags/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.2/charts/revisiontags/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/revisiontags/files/profile-demo.yaml b/resources/v1.26.2/charts/revisiontags/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.2/charts/revisiontags/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.2/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.26.2/charts/revisiontags/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.2/charts/revisiontags/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.2/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.26.2/charts/revisiontags/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.2/charts/revisiontags/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.2/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.26.2/charts/revisiontags/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.2/charts/revisiontags/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.2/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.26.2/charts/revisiontags/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.2/charts/revisiontags/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.2/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.26.2/charts/revisiontags/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.2/charts/revisiontags/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.2/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.26.2/charts/revisiontags/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.2/charts/revisiontags/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.2/charts/revisiontags/files/profile-preview.yaml b/resources/v1.26.2/charts/revisiontags/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.2/charts/revisiontags/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.2/charts/revisiontags/files/profile-remote.yaml b/resources/v1.26.2/charts/revisiontags/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.2/charts/revisiontags/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.2/charts/revisiontags/files/profile-stable.yaml b/resources/v1.26.2/charts/revisiontags/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.2/charts/revisiontags/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.2/charts/revisiontags/templates/revision-tags.yaml b/resources/v1.26.2/charts/revisiontags/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.2/charts/revisiontags/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.2/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.26.2/charts/revisiontags/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.2/charts/revisiontags/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.2/charts/revisiontags/values.yaml b/resources/v1.26.2/charts/revisiontags/values.yaml deleted file mode 100644 index 1e5d15773..000000000 --- a/resources/v1.26.2/charts/revisiontags/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.2 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.2/charts/ztunnel/Chart.yaml b/resources/v1.26.2/charts/ztunnel/Chart.yaml deleted file mode 100644 index c29b478eb..000000000 --- a/resources/v1.26.2/charts/ztunnel/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.2 -description: Helm chart for istio ztunnel components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-ztunnel -- istio -name: ztunnel -sources: -- https://github.com/istio/istio -version: 1.26.2 diff --git a/resources/v1.26.2/charts/ztunnel/README.md b/resources/v1.26.2/charts/ztunnel/README.md deleted file mode 100644 index ffe0b94fe..000000000 --- a/resources/v1.26.2/charts/ztunnel/README.md +++ /dev/null @@ -1,50 +0,0 @@ -# Istio Ztunnel Helm Chart - -This chart installs an Istio ztunnel. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart: - -```console -helm install ztunnel istio/ztunnel -``` - -## Uninstalling the Chart - -To uninstall/delete the chart: - -```console -helm delete ztunnel -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/ztunnel -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.2/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.26.2/charts/ztunnel/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.2/charts/ztunnel/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.2/charts/ztunnel/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.2/charts/ztunnel/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.2/charts/ztunnel/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/ztunnel/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.2/charts/ztunnel/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.2/charts/ztunnel/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.2/charts/ztunnel/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.2/charts/ztunnel/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.2/charts/ztunnel/files/profile-demo.yaml b/resources/v1.26.2/charts/ztunnel/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.2/charts/ztunnel/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.2/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.26.2/charts/ztunnel/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.2/charts/ztunnel/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.2/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.26.2/charts/ztunnel/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.2/charts/ztunnel/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.2/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.26.2/charts/ztunnel/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.2/charts/ztunnel/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.2/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.26.2/charts/ztunnel/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.2/charts/ztunnel/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.2/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.26.2/charts/ztunnel/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.2/charts/ztunnel/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.2/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.26.2/charts/ztunnel/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.2/charts/ztunnel/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.2/charts/ztunnel/files/profile-preview.yaml b/resources/v1.26.2/charts/ztunnel/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.2/charts/ztunnel/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.2/charts/ztunnel/files/profile-remote.yaml b/resources/v1.26.2/charts/ztunnel/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.2/charts/ztunnel/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.2/charts/ztunnel/files/profile-stable.yaml b/resources/v1.26.2/charts/ztunnel/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.2/charts/ztunnel/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.2/charts/ztunnel/templates/NOTES.txt b/resources/v1.26.2/charts/ztunnel/templates/NOTES.txt deleted file mode 100644 index 244f59db0..000000000 --- a/resources/v1.26.2/charts/ztunnel/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -ztunnel successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.2/charts/ztunnel/templates/_helpers.tpl b/resources/v1.26.2/charts/ztunnel/templates/_helpers.tpl deleted file mode 100644 index 46a7a0b79..000000000 --- a/resources/v1.26.2/charts/ztunnel/templates/_helpers.tpl +++ /dev/null @@ -1 +0,0 @@ -{{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }} diff --git a/resources/v1.26.2/charts/ztunnel/templates/daemonset.yaml b/resources/v1.26.2/charts/ztunnel/templates/daemonset.yaml deleted file mode 100644 index 720970c97..000000000 --- a/resources/v1.26.2/charts/ztunnel/templates/daemonset.yaml +++ /dev/null @@ -1,205 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -spec: - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - app: ztunnel - template: - metadata: - labels: - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app: ztunnel - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 8}} -{{ with .Values.podLabels -}}{{ toYaml . | indent 8 }}{{ end }} - annotations: - sidecar.istio.io/inject: "false" -{{- if .Values.revision }} - istio.io/rev: {{ .Values.revision }} -{{- end }} -{{ with .Values.podAnnotations -}}{{ toYaml . | indent 8 }}{{ end }} - spec: - nodeSelector: - kubernetes.io/os: linux -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | trim | indent 8 }} -{{- end }} - serviceAccountName: {{ include "ztunnel.release-name" . }} - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - containers: - - name: istio-proxy -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub }}/{{ .Values.image | default "ztunnel" }}:{{ .Values.tag }}{{with (.Values.variant )}}-{{.}}{{end}}" -{{- end }} - ports: - - containerPort: 15020 - name: ztunnel-stats - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 10 }} -{{- end }} -{{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} -{{- end }} - securityContext: - # K8S docs are clear that CAP_SYS_ADMIN *or* privileged: true - # both force this to `true`: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - # But there is a K8S validation bug that doesn't propery catch this: https://github.com/kubernetes/kubernetes/issues/119568 - allowPrivilegeEscalation: true - privileged: false - capabilities: - drop: - - ALL - add: # See https://man7.org/linux/man-pages/man7/capabilities.7.html - - NET_ADMIN # Required for TPROXY and setsockopt - - SYS_ADMIN # Required for `setns` - doing things in other netns - - NET_RAW # Required for RAW/PACKET sockets, TPROXY - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: false - runAsUser: 0 -{{- if .Values.seLinuxOptions }} - seLinuxOptions: -{{ toYaml .Values.seLinuxOptions | trim | indent 12 }} -{{- end }} - readinessProbe: - httpGet: - port: 15021 - path: /healthz/ready - args: - - proxy - - ztunnel - env: - - name: CA_ADDRESS - {{- if .Values.caAddress }} - value: {{ .Values.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - - name: XDS_ADDRESS - {{- if .Values.xdsAddress }} - value: {{ .Values.xdsAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - {{- if .Values.logAsJson }} - - name: LOG_FORMAT - value: json - {{- end}} - - name: RUST_LOG - value: {{ .Values.logLevel | quote }} - - name: RUST_BACKTRACE - value: "1" - - name: ISTIO_META_CLUSTER_ID - value: {{ .Values.multiCluster.clusterName | default "Kubernetes" }} - - name: INPOD_ENABLED - value: "true" - - name: TERMINATION_GRACE_PERIOD_SECONDS - value: "{{ .Values.terminationGracePeriodSeconds }}" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.meshConfig.defaultConfig.proxyMetadata }} - {{- range $key, $value := .Values.meshConfig.defaultConfig.proxyMetadata}} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- with .Values.env }} - {{- range $key, $val := . }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - volumeMounts: - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - - mountPath: /tmp - name: tmp - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 8 }} - {{- end }} - priorityClassName: system-node-critical - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - volumes: - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: istio-ca - - name: istiod-ca-cert - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate # ideally this would be a socket, but istio-cni may not have started yet. - # pprof needs a writable /tmp, and we don't have that thanks to `readOnlyRootFilesystem: true`, so mount one - - name: tmp - emptyDir: {} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} diff --git a/resources/v1.26.2/charts/ztunnel/templates/rbac.yaml b/resources/v1.26.2/charts/ztunnel/templates/rbac.yaml deleted file mode 100644 index 0a8138c9a..000000000 --- a/resources/v1.26.2/charts/ztunnel/templates/rbac.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount - {{- with .Values.imagePullSecrets }} -imagePullSecrets: - {{- range . }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} ---- -{{- if (eq (.Values.platform | default "") "openshift") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ztunnel.release-name" . }} -subjects: -- kind: ServiceAccount - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} -{{- end }} ---- diff --git a/resources/v1.26.2/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.26.2/charts/ztunnel/templates/resourcequota.yaml deleted file mode 100644 index a1c0e5496..000000000 --- a/resources/v1.26.2/charts/ztunnel/templates/resourcequota.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.2/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.26.2/charts/ztunnel/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.2/charts/ztunnel/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.2/charts/ztunnel/values.yaml b/resources/v1.26.2/charts/ztunnel/values.yaml deleted file mode 100644 index 083ef99a4..000000000 --- a/resources/v1.26.2/charts/ztunnel/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Hub to pull from. Image will be `Hub/Image:Tag-Variant` - hub: gcr.io/istio-release - # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.26.2 - # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. - variant: "" - - # Image name to pull from. Image will be `Hub/Image:Tag-Variant` - # If Image contains a "/", it will replace the entire `image` in the pod. - image: ztunnel - - # resourceName, if set, will override the naming of resources. If not set, will default to 'ztunnel'. - # If you set this, you MUST also set `trustedZtunnelName` in the `istiod` chart. - resourceName: "" - - # Labels to apply to all top level resources - labels: {} - # Annotations to apply to all top level resources - annotations: {} - - # Additional volumeMounts to the ztunnel container - volumeMounts: [] - - # Additional volumes to the ztunnel pod - volumes: [] - - # Annotations added to each pod. The default annotations are required for scraping prometheus (in most environments). - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - - # Additional labels to apply on the pod level - podLabels: {} - - # Pod resource configuration - resources: - requests: - cpu: 200m - # Ztunnel memory scales with the size of the cluster and traffic load - # While there are many factors, this is enough for ~200k pod cluster or 100k concurrently open connections. - memory: 512Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # List of secret names to add to the service account as image pull secrets - imagePullSecrets: [] - - # A `key: value` mapping of environment variables to add to the pod - env: {} - - # Override for the pod imagePullPolicy - imagePullPolicy: "" - - # Settings for multicluster - multiCluster: - # The name of the cluster we are installing in. Note this is a user-defined name, which must be consistent - # with Istiod configuration. - clusterName: "" - - # meshConfig defines runtime configuration of components. - # For ztunnel, only defaultConfig is used, but this is nested under `meshConfig` for consistency with other - # components. - # TODO: https://github.com/istio/istio/issues/43248 - meshConfig: - defaultConfig: - proxyMetadata: {} - - # This value defines: - # 1. how many seconds kube waits for ztunnel pod to gracefully exit before forcibly terminating it (this value) - # 2. how many seconds ztunnel waits to drain its own connections (this value - 1 sec) - # Default K8S value is 30 seconds - terminationGracePeriodSeconds: 30 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set explicitly. - revision: "" - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - caAddress: "" - - # The customized XDS address to retrieve configuration. - # This should include the port - 15012 for Istiod. TLS will be used with the certificates in "istiod-ca-cert" secret. - # By default, it is istiod.istio-system.svc:15012 if revision is not set, or istiod-..svc:15012 - xdsAddress: "" - - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set. - istioNamespace: istio-system - - # Configuration log level of ztunnel binary, default is info. - # Valid values are: trace, debug, info, warn, error - logLevel: info - - # To output all logs in json format - logAsJson: false - - # Set to `type: RuntimeDefault` to use the default profile if available. - seLinuxOptions: {} - # TODO Ambient inpod - for OpenShift, set to the following to get writable sockets in hostmounts to work, eventually consider CSI driver instead - #seLinuxOptions: - # type: spc_t - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 diff --git a/resources/v1.26.2/cni-1.26.2.tgz.etag b/resources/v1.26.2/cni-1.26.2.tgz.etag deleted file mode 100644 index 9336f28ce..000000000 --- a/resources/v1.26.2/cni-1.26.2.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -6a1e3638459b0ccd728ccd1290ac4d08 diff --git a/resources/v1.26.2/commit b/resources/v1.26.2/commit deleted file mode 100644 index c7c3f3333..000000000 --- a/resources/v1.26.2/commit +++ /dev/null @@ -1 +0,0 @@ -1.26.2 diff --git a/resources/v1.26.2/gateway-1.26.2.tgz.etag b/resources/v1.26.2/gateway-1.26.2.tgz.etag deleted file mode 100644 index ffabbd402..000000000 --- a/resources/v1.26.2/gateway-1.26.2.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -5042518b301385c622777b6320af8353 diff --git a/resources/v1.26.2/istiod-1.26.2.tgz.etag b/resources/v1.26.2/istiod-1.26.2.tgz.etag deleted file mode 100644 index 3dd028a3b..000000000 --- a/resources/v1.26.2/istiod-1.26.2.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -d9164c8af092b8063dfdb906a04ea616 diff --git a/resources/v1.26.2/profiles/ambient.yaml b/resources/v1.26.2/profiles/ambient.yaml deleted file mode 100644 index 71ea784a8..000000000 --- a/resources/v1.26.2/profiles/ambient.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient diff --git a/resources/v1.26.2/profiles/default.yaml b/resources/v1.26.2/profiles/default.yaml deleted file mode 100644 index 8f1ef1967..000000000 --- a/resources/v1.26.2/profiles/default.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - # Most default values come from the helm chart's values.yaml - # Below are the things that differ - values: - defaultRevision: "" - global: - istioNamespace: istio-system - configValidation: true - ztunnel: - resourceName: ztunnel diff --git a/resources/v1.26.2/profiles/demo.yaml b/resources/v1.26.2/profiles/demo.yaml deleted file mode 100644 index 53c4b4163..000000000 --- a/resources/v1.26.2/profiles/demo.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: demo diff --git a/resources/v1.26.2/profiles/empty.yaml b/resources/v1.26.2/profiles/empty.yaml deleted file mode 100644 index 4477cb1fe..000000000 --- a/resources/v1.26.2/profiles/empty.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# The empty profile has everything disabled -# This is useful as a base for custom user configuration -apiVersion: sailoperator.io/v1 -kind: Istio -spec: {} diff --git a/resources/v1.26.2/profiles/openshift-ambient.yaml b/resources/v1.26.2/profiles/openshift-ambient.yaml deleted file mode 100644 index 76edf00cd..000000000 --- a/resources/v1.26.2/profiles/openshift-ambient.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient - global: - platform: openshift diff --git a/resources/v1.26.2/profiles/openshift.yaml b/resources/v1.26.2/profiles/openshift.yaml deleted file mode 100644 index 41492660f..000000000 --- a/resources/v1.26.2/profiles/openshift.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - global: - platform: openshift diff --git a/resources/v1.26.2/profiles/preview.yaml b/resources/v1.26.2/profiles/preview.yaml deleted file mode 100644 index 59d545c84..000000000 --- a/resources/v1.26.2/profiles/preview.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: preview diff --git a/resources/v1.26.2/profiles/remote.yaml b/resources/v1.26.2/profiles/remote.yaml deleted file mode 100644 index 54c65c8ba..000000000 --- a/resources/v1.26.2/profiles/remote.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The remote profile is used to configure a mesh cluster without a locally deployed control plane. -# Only the injector mutating webhook configuration is installed. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: remote diff --git a/resources/v1.26.2/profiles/stable.yaml b/resources/v1.26.2/profiles/stable.yaml deleted file mode 100644 index 285feba24..000000000 --- a/resources/v1.26.2/profiles/stable.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: stable diff --git a/resources/v1.26.2/ztunnel-1.26.2.tgz.etag b/resources/v1.26.2/ztunnel-1.26.2.tgz.etag deleted file mode 100644 index fff63211f..000000000 --- a/resources/v1.26.2/ztunnel-1.26.2.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -282d12037814d741670f8086f58cafbd diff --git a/resources/v1.26.3/base-1.26.3.tgz.etag b/resources/v1.26.3/base-1.26.3.tgz.etag deleted file mode 100644 index 7d52316c5..000000000 --- a/resources/v1.26.3/base-1.26.3.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -f52e18fdcdcb7b0596d98c37523854e7 diff --git a/resources/v1.26.3/charts/base/Chart.yaml b/resources/v1.26.3/charts/base/Chart.yaml deleted file mode 100644 index 40c008921..000000000 --- a/resources/v1.26.3/charts/base/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.3 -description: Helm chart for deploying Istio cluster resources and CRDs -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -name: base -sources: -- https://github.com/istio/istio -version: 1.26.3 diff --git a/resources/v1.26.3/charts/base/README.md b/resources/v1.26.3/charts/base/README.md deleted file mode 100644 index ae8f6d5b0..000000000 --- a/resources/v1.26.3/charts/base/README.md +++ /dev/null @@ -1,35 +0,0 @@ -# Istio base Helm Chart - -This chart installs resources shared by all Istio revisions. This includes Istio CRDs. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-base`: - -```console -kubectl create namespace istio-system -helm install istio-base istio/base -n istio-system -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.3/charts/base/files/profile-ambient.yaml b/resources/v1.26.3/charts/base/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.3/charts/base/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.3/charts/base/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.3/charts/base/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.3/charts/base/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/base/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.3/charts/base/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.3/charts/base/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.3/charts/base/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.3/charts/base/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/base/files/profile-demo.yaml b/resources/v1.26.3/charts/base/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.3/charts/base/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.3/charts/base/files/profile-platform-gke.yaml b/resources/v1.26.3/charts/base/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.3/charts/base/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.3/charts/base/files/profile-platform-k3d.yaml b/resources/v1.26.3/charts/base/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.3/charts/base/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.3/charts/base/files/profile-platform-k3s.yaml b/resources/v1.26.3/charts/base/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.3/charts/base/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.3/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.26.3/charts/base/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.3/charts/base/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.3/charts/base/files/profile-platform-minikube.yaml b/resources/v1.26.3/charts/base/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.3/charts/base/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.3/charts/base/files/profile-platform-openshift.yaml b/resources/v1.26.3/charts/base/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.3/charts/base/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.3/charts/base/files/profile-preview.yaml b/resources/v1.26.3/charts/base/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.3/charts/base/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.3/charts/base/files/profile-remote.yaml b/resources/v1.26.3/charts/base/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.3/charts/base/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.3/charts/base/files/profile-stable.yaml b/resources/v1.26.3/charts/base/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.3/charts/base/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.3/charts/base/templates/NOTES.txt b/resources/v1.26.3/charts/base/templates/NOTES.txt deleted file mode 100644 index f12616f57..000000000 --- a/resources/v1.26.3/charts/base/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -Istio base successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.3/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.26.3/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml deleted file mode 100644 index 2616b09c9..000000000 --- a/resources/v1.26.3/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if and .Values.experimental.stableValidationPolicy (not (eq .Values.defaultRevision "")) }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-default-policy.istio.io" - labels: - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision }} - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-default-policy-binding.istio.io" -spec: - policyName: "stable-channel-default-policy.istio.io" - validationActions: [Deny] -{{- end }} diff --git a/resources/v1.26.3/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.26.3/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml deleted file mode 100644 index 8cb76fd77..000000000 --- a/resources/v1.26.3/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if not (eq .Values.defaultRevision "") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istiod-default-validator - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - - name: validation.istio.io - clientConfig: - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - {{- if (eq .Values.defaultRevision "default") }} - name: istiod - {{- else }} - name: istiod-{{ .Values.defaultRevision }} - {{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] -{{- end }} diff --git a/resources/v1.26.3/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.26.3/charts/base/templates/reader-serviceaccount.yaml deleted file mode 100644 index ba829a6bf..000000000 --- a/resources/v1.26.3/charts/base/templates/reader-serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# This singleton service account aggregates reader permissions for the revisions in a given cluster -# ATM this is a singleton per cluster with Istio installed, and is not revisioned. It maybe should be, -# as otherwise compromising the token for this SA would give you access to *every* installed revision. -# Should be used for remote secret creation. -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.3/charts/base/templates/zzz_profile.yaml b/resources/v1.26.3/charts/base/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.3/charts/base/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.3/charts/base/values.yaml b/resources/v1.26.3/charts/base/values.yaml deleted file mode 100644 index d18296f00..000000000 --- a/resources/v1.26.3/charts/base/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - global: - - # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - - # Used to locate istiod. - istioNamespace: istio-system - base: - # A list of CRDs to exclude. Requires `enableCRDTemplates` to be true. - # Example: `excludedCRDs: ["envoyfilters.networking.istio.io"]`. - # Note: when installing with `istioctl`, `enableIstioConfigCRDs=false` must also be set. - excludedCRDs: [] - # Helm (as of V3) does not support upgrading CRDs, because it is not universally - # safe for them to support this. - # Istio as a project enforces certain backwards-compat guarantees that allow us - # to safely upgrade CRDs in spite of this, so we default to self-managing CRDs - # as standard K8S resources in Helm, and disable Helm's CRD management. See also: - # https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts - enableCRDTemplates: true - - # Validation webhook configuration url - # For example: https://$remotePilotAddress:15017/validate - validationURL: "" - # Validation webhook caBundle value. Useful when running pilot with a well known cert - validationCABundle: "" - - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - defaultRevision: "default" - experimental: - stableValidationPolicy: false diff --git a/resources/v1.26.3/charts/cni/Chart.yaml b/resources/v1.26.3/charts/cni/Chart.yaml deleted file mode 100644 index 8e4c5f64c..000000000 --- a/resources/v1.26.3/charts/cni/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.3 -description: Helm chart for istio-cni components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-cni -- istio -name: cni -sources: -- https://github.com/istio/istio -version: 1.26.3 diff --git a/resources/v1.26.3/charts/cni/README.md b/resources/v1.26.3/charts/cni/README.md deleted file mode 100644 index a8b78d5bd..000000000 --- a/resources/v1.26.3/charts/cni/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# Istio CNI Helm Chart - -This chart installs the Istio CNI Plugin. See the [CNI installation guide](https://istio.io/latest/docs/setup/additional-setup/cni/) -for more information. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-cni`: - -```console -helm install istio-cni istio/cni -n kube-system -``` - -Installation in `kube-system` is recommended to ensure the [`system-node-critical`](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) -`priorityClassName` can be used. You can install in other namespace only on K8S clusters that allow -'system-node-critical' outside of kube-system. - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istio-cni -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Ambient - -To enable ambient, you can use the ambient profile: `--set profile=ambient`. - -#### Calico - -For Calico, you must also modify the settings to allow source spoofing: - -- if deployed by operator, `kubectl patch felixconfigurations default --type='json' -p='[{"op": "add", "path": "/spec/workloadSourceSpoofing", "value": "Any"}]'` -- if deployed by manifest, add env `FELIX_WORKLOADSOURCESPOOFING` with value `Any` in `spec.template.spec.containers.env` for daemonset `calico-node`. (This will allow PODs with specified annotation to skip the rpf check. ) - -### GKE notes - -On GKE, 'kube-system' is required. - -If using `helm template`, `--set cni.cniBinDir=/home/kubernetes/bin` is required - with `helm install` -it is auto-detected. diff --git a/resources/v1.26.3/charts/cni/files/profile-ambient.yaml b/resources/v1.26.3/charts/cni/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.3/charts/cni/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.3/charts/cni/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.3/charts/cni/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.3/charts/cni/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/cni/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.3/charts/cni/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.3/charts/cni/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.3/charts/cni/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.3/charts/cni/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/cni/files/profile-demo.yaml b/resources/v1.26.3/charts/cni/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.3/charts/cni/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.3/charts/cni/files/profile-platform-gke.yaml b/resources/v1.26.3/charts/cni/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.3/charts/cni/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.3/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.26.3/charts/cni/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.3/charts/cni/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.3/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.26.3/charts/cni/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.3/charts/cni/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.3/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.26.3/charts/cni/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.3/charts/cni/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.3/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.26.3/charts/cni/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.3/charts/cni/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.3/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.26.3/charts/cni/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.3/charts/cni/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.3/charts/cni/files/profile-preview.yaml b/resources/v1.26.3/charts/cni/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.3/charts/cni/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.3/charts/cni/files/profile-remote.yaml b/resources/v1.26.3/charts/cni/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.3/charts/cni/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.3/charts/cni/files/profile-stable.yaml b/resources/v1.26.3/charts/cni/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.3/charts/cni/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.3/charts/cni/templates/NOTES.txt b/resources/v1.26.3/charts/cni/templates/NOTES.txt deleted file mode 100644 index fb35525b9..000000000 --- a/resources/v1.26.3/charts/cni/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -"{{ .Release.Name }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.3/charts/cni/templates/_helpers.tpl b/resources/v1.26.3/charts/cni/templates/_helpers.tpl deleted file mode 100644 index 73cc17b2f..000000000 --- a/resources/v1.26.3/charts/cni/templates/_helpers.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{- define "name" -}} - istio-cni -{{- end }} - - -{{- define "istio-tag" -}} - {{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}} -{{- end }} diff --git a/resources/v1.26.3/charts/cni/templates/clusterrole.yaml b/resources/v1.26.3/charts/cni/templates/clusterrole.yaml deleted file mode 100644 index 1779e0bb1..000000000 --- a/resources/v1.26.3/charts/cni/templates/clusterrole.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -- apiGroups: [""] - resources: ["pods","nodes","namespaces"] - verbs: ["get", "list", "watch"] -{{- if (eq ((coalesce .Values.platform .Values.global.platform) | default "") "openshift") }} -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -{{- end }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-repair-role - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["watch", "get", "list"] -{{- if .Values.repair.repairPods }} -{{- /* No privileges needed*/}} -{{- else if .Values.repair.deletePods }} - - apiGroups: [""] - resources: ["pods"] - verbs: ["delete"] -{{- else if .Values.repair.labelPods }} - - apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -{{- end }} -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-ambient - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -- apiGroups: ["apps"] - resources: ["daemonsets"] - resourceNames: ["{{ template "name" . }}-node"] - verbs: ["get"] -{{- end }} diff --git a/resources/v1.26.3/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.26.3/charts/cni/templates/clusterrolebinding.yaml deleted file mode 100644 index 42fedab1f..000000000 --- a/resources/v1.26.3/charts/cni/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-repair-rolebinding - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-repair-role -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-ambient - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-ambient -{{- end }} diff --git a/resources/v1.26.3/charts/cni/templates/configmap-cni.yaml b/resources/v1.26.3/charts/cni/templates/configmap-cni.yaml deleted file mode 100644 index 3deb2cb5a..000000000 --- a/resources/v1.26.3/charts/cni/templates/configmap-cni.yaml +++ /dev/null @@ -1,35 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "name" . }}-config - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -data: - CURRENT_AGENT_VERSION: {{ .Values.tag | default .Values.global.tag | quote }} - AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} - AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | quote }} - AMBIENT_IPV6: {{ .Values.ambient.ipv6 | quote }} - AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | quote }} - {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values - CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. - {{- end }} - CHAINED_CNI_PLUGIN: {{ .Values.chained | quote }} - EXCLUDE_NAMESPACES: "{{ range $idx, $ns := .Values.excludeNamespaces }}{{ if $idx }},{{ end }}{{ $ns }}{{ end }}" - REPAIR_ENABLED: {{ .Values.repair.enabled | quote }} - REPAIR_LABEL_PODS: {{ .Values.repair.labelPods | quote }} - REPAIR_DELETE_PODS: {{ .Values.repair.deletePods | quote }} - REPAIR_REPAIR_PODS: {{ .Values.repair.repairPods | quote }} - REPAIR_INIT_CONTAINER_NAME: {{ .Values.repair.initContainerName | quote }} - REPAIR_BROKEN_POD_LABEL_KEY: {{ .Values.repair.brokenPodLabelKey | quote }} - REPAIR_BROKEN_POD_LABEL_VALUE: {{ .Values.repair.brokenPodLabelValue | quote }} - {{- with .Values.env }} - {{- range $key, $val := . }} - {{ $key }}: "{{ $val }}" - {{- end }} - {{- end }} diff --git a/resources/v1.26.3/charts/cni/templates/daemonset.yaml b/resources/v1.26.3/charts/cni/templates/daemonset.yaml deleted file mode 100644 index cdccd3654..000000000 --- a/resources/v1.26.3/charts/cni/templates/daemonset.yaml +++ /dev/null @@ -1,245 +0,0 @@ -# This manifest installs the Istio install-cni container, as well -# as the Istio CNI plugin and config on -# each master and worker node in a Kubernetes cluster. -# -# $detectedBinDir exists to support a GKE-specific platform override, -# and is deprecated in favor of using the explicit `gke` platform profile. -{{- $detectedBinDir := (.Capabilities.KubeVersion.GitVersion | contains "-gke") | ternary - "/home/kubernetes/bin" - "/opt/cni/bin" -}} -{{- if .Values.cniBinDir }} -{{ $detectedBinDir = .Values.cniBinDir }} -{{- end }} -kind: DaemonSet -apiVersion: apps/v1 -metadata: - # Note that this is templated but evaluates to a fixed name - # which the CNI plugin may fall back onto in some failsafe scenarios. - # if this name is changed, CNI plugin logic that checks for this name - # format should also be updated. - name: {{ template "name" . }}-node - namespace: {{ .Release.Namespace }} - labels: - k8s-app: {{ template "name" . }}-node - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - k8s-app: {{ template "name" . }}-node - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - k8s-app: {{ template "name" . }}-node - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 8 }} - annotations: - sidecar.istio.io/inject: "false" - # Add Prometheus Scrape annotations - prometheus.io/scrape: 'true' - prometheus.io/port: "15014" - prometheus.io/path: '/metrics' - # Add AppArmor annotation - # This is required to avoid conflicts with AppArmor profiles which block certain - # privileged pod capabilities. - # Required for Kubernetes 1.29 which does not support setting appArmorProfile in the - # securityContext which is otherwise preferred. - container.apparmor.security.beta.kubernetes.io/install-cni: unconfined - # Custom annotations - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet -{{- end }} - nodeSelector: - kubernetes.io/os: linux - # Can be configured to allow for excluding istio-cni from being scheduled on specified nodes - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - tolerations: - # Make sure istio-cni-node gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: {{ template "name" . }} - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 5 - containers: - # This container installs the Istio CNI binaries - # and CNI network config file on each node. - - name: install-cni -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "install-cni" }}:{{ template "istio-tag" . }}" -{{- end }} -{{- if or .Values.pullPolicy .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.imagePullPolicy }} -{{- end }} - ports: - - containerPort: 15014 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8000 - securityContext: - privileged: false - runAsGroup: 0 - runAsUser: 0 - runAsNonRoot: false - # Both ambient and sidecar repair mode require elevated node privileges to function. - # But we don't need _everything_ in `privileged`, so explicitly set it to false and - # add capabilities based on feature. - capabilities: - drop: - - ALL - add: - # CAP_NET_ADMIN is required to allow ipset and route table access - - NET_ADMIN - # CAP_NET_RAW is required to allow iptables mutation of the `nat` table - - NET_RAW - # CAP_SYS_PTRACE is required for repair and ambient mode to describe - # the pod's network namespace. - - SYS_PTRACE - # CAP_SYS_ADMIN is required for both ambient and repair, in order to open - # network namespaces in `/proc` to obtain descriptors for entering pod network - # namespaces. There does not appear to be a more granular capability for this. - - SYS_ADMIN - # While we run as a 'root' (UID/GID 0), since we drop all capabilities we lose - # the typical ability to read/write to folders owned by others. - # This can cause problems if the hostPath mounts we use, which we require write access into, - # are owned by non-root. DAC_OVERRIDE bypasses these and gives us write access into any folder. - - DAC_OVERRIDE -{{- if .Values.seLinuxOptions }} -{{ with (merge .Values.seLinuxOptions (dict "type" "spc_t")) }} - seLinuxOptions: -{{ toYaml . | trim | indent 14 }} -{{- end }} -{{- end }} -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - command: ["install-cni"] - args: - {{- if or .Values.logging.level .Values.global.logging.level }} - - --log_output_level={{ coalesce .Values.logging.level .Values.global.logging.level }} - {{- end}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end}} - envFrom: - - configMapRef: - name: {{ template "name" . }}-config - env: - - name: REPAIR_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: REPAIR_RUN_AS_DAEMON - value: "true" - - name: REPAIR_SIDECAR_ANNOTATION - value: "sidecar.istio.io/status" - {{- if not (and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace) }} - - name: ALLOW_SWITCH_TO_HOST_NS - value: "true" - {{- end }} - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - mountPath: /host/proc - name: cni-host-procfs - readOnly: true - {{- end }} - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - - mountPath: /var/run/istio-cni - name: cni-socket-dir - {{- if .Values.ambient.enabled }} - - mountPath: /host/var/run/netns - mountPropagation: HostToContainer - name: cni-netns-dir - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - {{ end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - volumes: - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: {{ $detectedBinDir }} - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - name: cni-host-procfs - hostPath: - path: /proc - type: Directory - {{- end }} - {{- if .Values.ambient.enabled }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate - {{- end }} - - name: cni-net-dir - hostPath: - path: {{ .Values.cniConfDir }} - # Used for UDS sockets for logging, ambient eventing - - name: cni-socket-dir - hostPath: - path: /var/run/istio-cni - - name: cni-netns-dir - hostPath: - path: {{ .Values.cniNetnsDir }} - type: DirectoryOrCreate # DirectoryOrCreate instead of Directory for the following reason - CNI may not bind mount this until a non-hostnetwork pod is scheduled on the node, - # and we don't want to block CNI agent pod creation on waiting for the first non-hostnetwork pod. - # Once the CNI does mount this, it will get populated and we're good. diff --git a/resources/v1.26.3/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.26.3/charts/cni/templates/network-attachment-definition.yaml deleted file mode 100644 index 86a2eb7c0..000000000 --- a/resources/v1.26.3/charts/cni/templates/network-attachment-definition.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if eq .Values.provider "multus" }} -apiVersion: k8s.cni.cncf.io/v1 -kind: NetworkAttachmentDefinition -metadata: - name: {{ template "name" . }} - namespace: default - labels: - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.3/charts/cni/templates/resourcequota.yaml b/resources/v1.26.3/charts/cni/templates/resourcequota.yaml deleted file mode 100644 index 9a6d61ff9..000000000 --- a/resources/v1.26.3/charts/cni/templates/resourcequota.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ template "name" . }}-resource-quota - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.3/charts/cni/templates/serviceaccount.yaml b/resources/v1.26.3/charts/cni/templates/serviceaccount.yaml deleted file mode 100644 index 3193d7b74..000000000 --- a/resources/v1.26.3/charts/cni/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.3/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.26.3/charts/cni/templates/zzy_descope_legacy.yaml deleted file mode 100644 index a9584ac29..000000000 --- a/resources/v1.26.3/charts/cni/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.cni` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "cni") }} \ No newline at end of file diff --git a/resources/v1.26.3/charts/cni/templates/zzz_profile.yaml b/resources/v1.26.3/charts/cni/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.3/charts/cni/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.3/charts/cni/values.yaml b/resources/v1.26.3/charts/cni/values.yaml deleted file mode 100644 index 75e405a2b..000000000 --- a/resources/v1.26.3/charts/cni/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - hub: "" - tag: "" - variant: "" - image: install-cni - pullPolicy: "" - - # Same as `global.logging.level`, but will override it if set - logging: - level: "" - - # Configuration file to insert istio-cni plugin configuration - # by default this will be the first file found in the cni-conf-dir - # Example - # cniConfFileName: 10-calico.conflist - - # CNI-and-platform specific path defaults. - # These may need to be set to platform-specific values, consult - # overrides for your platform in `manifests/helm-profiles/platform-*.yaml` - cniBinDir: /opt/cni/bin - cniConfDir: /etc/cni/net.d - cniConfFileName: "" - cniNetnsDir: "/var/run/netns" - - excludeNamespaces: - - kube-system - - # Allows user to set custom affinity for the DaemonSet - affinity: {} - - # Custom annotations on pod level, if you need them - podAnnotations: {} - - # Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")? - # Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case - chained: true - - # Custom configuration happens based on the CNI provider. - # Possible values: "default", "multus" - provider: "default" - - # Configure ambient settings - ambient: - # If enabled, ambient redirection will be enabled - enabled: false - # Set ambient config dir path: defaults to /etc/ambient-config - configDir: "" - # If enabled, and ambient is enabled, DNS redirection will be enabled - dnsCapture: true - # If enabled, and ambient is enabled, enables ipv6 support - ipv6: true - # If enabled, and ambient is enabled, the CNI agent will reconcile incompatible iptables rules and chains at startup. - # This will eventually be enabled by default - reconcileIptablesOnStartup: false - # If enabled, and ambient is enabled, the CNI agent will always share the network namespace of the host node it is running on - shareHostNetworkNamespace: false - - - repair: - enabled: true - hub: "" - tag: "" - - # Repair controller has 3 modes. Pick which one meets your use cases. Note only one may be used. - # This defines the action the controller will take when a pod is detected as broken. - - # labelPods will label all pods with =. - # This is only capable of identifying broken pods; the user is responsible for fixing them (generally, by deleting them). - # Note this gives the DaemonSet a relatively high privilege, as modifying pod metadata/status can have wider impacts. - labelPods: false - # deletePods will delete any broken pod. These will then be rescheduled, hopefully onto a node that is fully ready. - # Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod. - deletePods: false - # repairPods will dynamically repair any broken pod by setting up the pod networking configuration even after it has started. - # Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. - # This requires no RBAC privilege, but does require `securityContext.privileged/CAP_SYS_ADMIN`. - repairPods: true - - initContainerName: "istio-validation" - - brokenPodLabelKey: "cni.istio.io/uninitialized" - brokenPodLabelValue: "true" - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # SELinux options to set in the istio-cni-node pods. You may need to set this to `type: spc_t` for some platforms. - seLinuxOptions: {} - - resources: - requests: - cpu: 100m - memory: 100Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # For Helm compatibility. - ownerName: "" - - global: - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - - # Default tag for Istio images. - tag: 1.26.3 - - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # change cni scope level to control logging out of istio-cni-node DaemonSet - logging: - level: info - - logAsJson: false - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Default resources allocated - defaultResources: - requests: - cpu: 100m - memory: 100Mi - - # A `key: value` mapping of environment variables to add to the pod - env: {} diff --git a/resources/v1.26.3/charts/gateway/Chart.yaml b/resources/v1.26.3/charts/gateway/Chart.yaml deleted file mode 100644 index 688bcd659..000000000 --- a/resources/v1.26.3/charts/gateway/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.3 -description: Helm chart for deploying Istio gateways -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- gateways -name: gateway -sources: -- https://github.com/istio/istio -type: application -version: 1.26.3 diff --git a/resources/v1.26.3/charts/gateway/README.md b/resources/v1.26.3/charts/gateway/README.md deleted file mode 100644 index 5c064d165..000000000 --- a/resources/v1.26.3/charts/gateway/README.md +++ /dev/null @@ -1,170 +0,0 @@ -# Istio Gateway Helm Chart - -This chart installs an Istio gateway deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-ingressgateway`: - -```console -helm install istio-ingressgateway istio/gateway -``` - -## Uninstalling the Chart - -To uninstall/delete the `istio-ingressgateway` deployment: - -```console -helm delete istio-ingressgateway -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/gateway -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### OpenShift - -When deploying the gateway in an OpenShift cluster, use the `openshift` profile to override the default values, for example: - -```console -helm install istio-ingressgateway istio/gateway --set profile=openshift -``` - -### `image: auto` Information - -The image used by the chart, `auto`, may be unintuitive. -This exists because the pod spec will be automatically populated at runtime, using the same mechanism as [Sidecar Injection](istio.io/latest/docs/setup/additional-setup/sidecar-injection). -This allows the same configurations and lifecycle to apply to gateways as sidecars. - -Note: this does mean that the namespace the gateway is deployed in must not have the `istio-injection=disabled` label. -See [Controlling the injection policy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) for more info. - -### Examples - -#### Egress Gateway - -Deploying a Gateway to be used as an [Egress Gateway](https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/): - -```yaml -service: - # Egress gateways do not need an external LoadBalancer IP - type: ClusterIP -``` - -#### Multi-network/VM Gateway - -Deploying a Gateway to be used as a [Multi-network Gateway](https://istio.io/latest/docs/setup/install/multicluster/) for network `network-1`: - -```yaml -networkGateway: network-1 -``` - -### Migrating from other installation methods - -Installations from other installation methods (such as istioctl, Istio Operator, other helm charts, etc) can be migrated to use the new Helm charts -following the guidance below. -If you are able to, a clean installation is simpler. However, this often requires an external IP migration which can be challenging. - -WARNING: when installing over an existing deployment, the two deployments will be merged together by Helm, which may lead to unexpected results. - -#### Legacy Gateway Helm charts - -Istio historically offered two different charts - `manifests/charts/gateways/istio-ingress` and `manifests/charts/gateways/istio-egress`. -These are replaced by this chart. -While not required, it is recommended all new users use this chart, and existing users migrate when possible. - -This chart has the following benefits and differences: -* Designed with Helm best practices in mind (standardized values options, values schema, values are not all nested under `gateways.istio-ingressgateway.*`, release name and namespace taken into account, etc). -* Utilizes Gateway injection, simplifying upgrades, allowing gateways to run in any namespace, and avoiding repeating config for sidecars and gateways. -* Published to official Istio Helm repository. -* Single chart for all gateways (Ingress, Egress, East West). - -#### General concerns - -For a smooth migration, the resource names and `Deployment.spec.selector` labels must match. - -If you install with `helm install istio-gateway istio/gateway`, resources will be named `istio-gateway` and the `selector` labels set to: - -```yaml -app: istio-gateway -istio: gateway # the release name with leading istio- prefix stripped -``` - -If your existing installation doesn't follow these names, you can override them. For example, if you have resources named `my-custom-gateway` with `selector` labels -`foo=bar,istio=ingressgateway`: - -```yaml -name: my-custom-gateway # Override the name to match existing resources -labels: - app: "" # Unset default app selector label - istio: ingressgateway # override default istio selector label - foo: bar # Add the existing custom selector label -``` - -#### Migrating an existing Helm release - -An existing helm release can be `helm upgrade`d to this chart by using the same release name. For example, if a previous -installation was done like: - -```console -helm install istio-ingress manifests/charts/gateways/istio-ingress -n istio-system -``` - -It could be upgraded with - -```console -helm upgrade istio-ingress manifests/charts/gateway -n istio-system --set name=istio-ingressgateway --set labels.app=istio-ingressgateway --set labels.istio=ingressgateway -``` - -Note the name and labels are overridden to match the names of the existing installation. - -Warning: the helm charts here default to using port 80 and 443, while the old charts used 8080 and 8443. -If you have AuthorizationPolicies that reference port these ports, you should update them during this process, -or customize the ports to match the old defaults. -See the [security advisory](https://istio.io/latest/news/security/istio-security-2021-002/) for more information. - -#### Other migrations - -If you see errors like `rendered manifests contain a resource that already exists` during installation, you may need to forcibly take ownership. - -The script below can handle this for you. Replace `RELEASE` and `NAMESPACE` with the name and namespace of the release: - -```console -KINDS=(service deployment) -RELEASE=istio-ingressgateway -NAMESPACE=istio-system -for KIND in "${KINDS[@]}"; do - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-name=$RELEASE - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-namespace=$NAMESPACE - kubectl --namespace $NAMESPACE --overwrite=true label $KIND $RELEASE app.kubernetes.io/managed-by=Helm -done -``` - -You may ignore errors about resources not being found. diff --git a/resources/v1.26.3/charts/gateway/files/profile-ambient.yaml b/resources/v1.26.3/charts/gateway/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.3/charts/gateway/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.3/charts/gateway/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.3/charts/gateway/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.3/charts/gateway/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/gateway/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.3/charts/gateway/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.3/charts/gateway/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.3/charts/gateway/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.3/charts/gateway/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/gateway/files/profile-demo.yaml b/resources/v1.26.3/charts/gateway/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.3/charts/gateway/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.3/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.26.3/charts/gateway/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.3/charts/gateway/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.3/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.26.3/charts/gateway/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.3/charts/gateway/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.3/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.26.3/charts/gateway/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.3/charts/gateway/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.3/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.26.3/charts/gateway/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.3/charts/gateway/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.3/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.26.3/charts/gateway/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.3/charts/gateway/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.3/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.26.3/charts/gateway/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.3/charts/gateway/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.3/charts/gateway/files/profile-preview.yaml b/resources/v1.26.3/charts/gateway/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.3/charts/gateway/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.3/charts/gateway/files/profile-remote.yaml b/resources/v1.26.3/charts/gateway/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.3/charts/gateway/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.3/charts/gateway/files/profile-stable.yaml b/resources/v1.26.3/charts/gateway/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.3/charts/gateway/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.3/charts/gateway/templates/NOTES.txt b/resources/v1.26.3/charts/gateway/templates/NOTES.txt deleted file mode 100644 index fd0142911..000000000 --- a/resources/v1.26.3/charts/gateway/templates/NOTES.txt +++ /dev/null @@ -1,9 +0,0 @@ -"{{ include "gateway.name" . }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: - * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ - * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ diff --git a/resources/v1.26.3/charts/gateway/templates/_helpers.tpl b/resources/v1.26.3/charts/gateway/templates/_helpers.tpl deleted file mode 100644 index e5a0a9b3c..000000000 --- a/resources/v1.26.3/charts/gateway/templates/_helpers.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{- define "gateway.name" -}} -{{- if eq .Release.Name "RELEASE-NAME" -}} - {{- .Values.name | default "istio-ingressgateway" -}} -{{- else -}} - {{- .Values.name | default .Release.Name | default "istio-ingressgateway" -}} -{{- end -}} -{{- end }} - -{{- define "gateway.labels" -}} -{{ include "gateway.selectorLabels" . }} -{{- range $key, $val := .Values.labels }} -{{- if and (ne $key "app") (ne $key "istio") }} -{{ $key | quote }}: {{ $val | quote }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "gateway.selectorLabels" -}} -app: {{ (.Values.labels.app | quote) | default (include "gateway.name" .) }} -istio: {{ (.Values.labels.istio | quote) | default (include "gateway.name" . | trimPrefix "istio-") }} -{{- end }} - -{{/* -Keep sidecar injection labels together -https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy -*/}} -{{- define "gateway.sidecarInjectionLabels" -}} -sidecar.istio.io/inject: "true" -{{- with .Values.revision }} -istio.io/rev: {{ . | quote }} -{{- end }} -{{- end }} - -{{- define "gateway.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- .Values.serviceAccount.name | default (include "gateway.name" .) }} -{{- else }} -{{- .Values.serviceAccount.name | default "default" }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.3/charts/gateway/templates/deployment.yaml b/resources/v1.26.3/charts/gateway/templates/deployment.yaml deleted file mode 100644 index d83ff3b49..000000000 --- a/resources/v1.26.3/charts/gateway/templates/deployment.yaml +++ /dev/null @@ -1,131 +0,0 @@ -apiVersion: apps/v1 -kind: {{ .Values.kind | default "Deployment" }} -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - {{- if and (hasKey .Values "replicaCount") (ne .Values.replicaCount nil) }} - replicas: {{ .Values.replicaCount }} - {{- end }} - {{- end }} - {{- with .Values.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.minReadySeconds }} - minReadySeconds: {{ . }} - {{- end }} - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "gateway.sidecarInjectionLabels" . | nindent 8 }} - {{- include "gateway.selectorLabels" . | nindent 8 }} - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 8}} - {{- range $key, $val := .Values.labels }} - {{- if and (ne $key "app") (ne $key "istio") }} - {{ $key | quote }}: {{ $val | quote }} - {{- end }} - {{- end }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "gateway.serviceAccountName" . }} - securityContext: - {{- if .Values.securityContext }} - {{- toYaml .Values.securityContext | nindent 8 }} - {{- else }} - # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326 - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - {{- with .Values.volumes }} - volumes: - {{ toYaml . | nindent 8 }} - {{- end }} - containers: - - name: istio-proxy - # "auto" will be populated at runtime by the mutating webhook. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#customizing-injection - image: auto - {{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} - {{- end }} - securityContext: - {{- if .Values.containerSecurityContext }} - {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- else }} - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - {{- if not (eq (.Values.platform | default "") "openshift") }} - runAsUser: 1337 - runAsGroup: 1337 - {{- end }} - runAsNonRoot: true - {{- end }} - env: - {{- with .Values.networkGateway }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: "{{.}}" - {{- end }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} - {{- with .Values.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} diff --git a/resources/v1.26.3/charts/gateway/templates/hpa.yaml b/resources/v1.26.3/charts/gateway/templates/hpa.yaml deleted file mode 100644 index 64ecb6a4c..000000000 --- a/resources/v1.26.3/charts/gateway/templates/hpa.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if and (.Values.autoscaling.enabled) (eq .Values.kind "Deployment") }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: {{ .Values.kind | default "Deployment" }} - name: {{ include "gateway.name" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaling.autoscaleBehavior | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.3/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.26.3/charts/gateway/templates/poddisruptionbudget.yaml deleted file mode 100644 index b0155cdf0..000000000 --- a/resources/v1.26.3/charts/gateway/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} -spec: - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - {{- with .Values.podDisruptionBudget }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.3/charts/gateway/templates/role.yaml b/resources/v1.26.3/charts/gateway/templates/role.yaml deleted file mode 100644 index 3d1607963..000000000 --- a/resources/v1.26.3/charts/gateway/templates/role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/*Set up roles for Istio Gateway. Not required for gateway-api*/}} -{{- if .Values.rbac.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "gateway.serviceAccountName" . }} -subjects: -- kind: ServiceAccount - name: {{ include "gateway.serviceAccountName" . }} -{{- end }} diff --git a/resources/v1.26.3/charts/gateway/templates/service.yaml b/resources/v1.26.3/charts/gateway/templates/service.yaml deleted file mode 100644 index 3e28418f7..000000000 --- a/resources/v1.26.3/charts/gateway/templates/service.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if not (eq .Values.service.type "None") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - annotations: - {{- merge (deepCopy .Values.service.annotations) .Values.annotations | toYaml | nindent 4 }} -spec: -{{- with .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ . }}" -{{- end }} -{{- if eq .Values.service.type "LoadBalancer" }} - {{- if hasKey .Values.service "allocateLoadBalancerNodePorts" }} - allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }} - {{- end }} - {{- if hasKey .Values.service "loadBalancerClass" }} - loadBalancerClass: {{ .Values.service.loadBalancerClass }} - {{- end }} -{{- end }} -{{- if .Values.service.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} -{{- end }} -{{- if .Values.service.ipFamilies }} - ipFamilies: -{{- range .Values.service.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} -{{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: "{{ . }}" -{{- end }} - type: {{ .Values.service.type }} - ports: -{{- if .Values.networkGateway }} - - name: status-port - port: 15021 - targetPort: 15021 - - name: tls - port: 15443 - targetPort: 15443 - - name: tls-istiod - port: 15012 - targetPort: 15012 - - name: tls-webhook - port: 15017 - targetPort: 15017 -{{- else }} -{{ .Values.service.ports | toYaml | indent 4 }} -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: {{- range .Values.service.externalIPs }} - - {{.}} - {{- end }} -{{- end }} - selector: - {{- include "gateway.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.3/charts/gateway/templates/serviceaccount.yaml b/resources/v1.26.3/charts/gateway/templates/serviceaccount.yaml deleted file mode 100644 index c88afeadd..000000000 --- a/resources/v1.26.3/charts/gateway/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.3/charts/gateway/templates/zzz_profile.yaml b/resources/v1.26.3/charts/gateway/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.3/charts/gateway/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.3/charts/gateway/values.schema.json b/resources/v1.26.3/charts/gateway/values.schema.json deleted file mode 100644 index 3fdaa2730..000000000 --- a/resources/v1.26.3/charts/gateway/values.schema.json +++ /dev/null @@ -1,330 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "$defs": { - "values": { - "type": "object", - "properties": { - "global": { - "type": "object" - }, - "affinity": { - "type": "object" - }, - "securityContext": { - "type": [ - "object", - "null" - ] - }, - "containerSecurityContext": { - "type": [ - "object", - "null" - ] - }, - "kind": { - "type": "string", - "enum": [ - "Deployment", - "DaemonSet" - ] - }, - "annotations": { - "additionalProperties": { - "type": [ - "string", - "integer" - ] - }, - "type": "object" - }, - "autoscaling": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxReplicas": { - "type": "integer" - }, - "minReplicas": { - "type": "integer" - }, - "targetCPUUtilizationPercentage": { - "type": "integer" - } - } - }, - "env": { - "type": "object" - }, - "strategy": { - "type": "object" - }, - "minReadySeconds": { - "type": [ - "null", - "integer" - ] - }, - "readinessProbe": { - "type": [ - "null", - "object" - ] - }, - "labels": { - "type": "object" - }, - "name": { - "type": "string" - }, - "nodeSelector": { - "type": "object" - }, - "podAnnotations": { - "type": "object", - "properties": { - "inject.istio.io/templates": { - "type": "string" - }, - "prometheus.io/path": { - "type": "string" - }, - "prometheus.io/port": { - "type": "string" - }, - "prometheus.io/scrape": { - "type": "string" - } - } - }, - "replicaCount": { - "type": [ - "integer", - "null" - ] - }, - "resources": { - "type": "object", - "properties": { - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - }, - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - } - } - }, - "revision": { - "type": "string" - }, - "compatibilityVersion": { - "type": "string" - }, - "runAsRoot": { - "type": "boolean" - }, - "unprivilegedPort": { - "type": [ - "string", - "boolean" - ], - "enum": [ - true, - false, - "auto" - ] - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "loadBalancerIP": { - "type": "string" - }, - "loadBalancerSourceRanges": { - "type": "array" - }, - "ipFamilies": { - "items": { - "type": "string", - "enum": [ - "IPv4", - "IPv6" - ] - } - }, - "ipFamilyPolicy": { - "type": "string", - "enum": [ - "", - "SingleStack", - "PreferDualStack", - "RequireDualStack" - ] - }, - "ports": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "protocol": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - }, - "type": { - "type": "string" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "name": { - "type": "string" - }, - "create": { - "type": "boolean" - } - } - }, - "rbac": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "tolerations": { - "type": "array" - }, - "topologySpreadConstraints": { - "type": "array" - }, - "networkGateway": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string", - "enum": [ - "", - "Always", - "IfNotPresent", - "Never" - ] - }, - "imagePullSecrets": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - } - } - }, - "podDisruptionBudget": { - "type": "object", - "properties": { - "minAvailable": { - "type": [ - "integer", - "string" - ] - }, - "maxUnavailable": { - "type": [ - "integer", - "string" - ] - }, - "unhealthyPodEvictionPolicy": { - "type": "string", - "enum": [ - "", - "IfHealthyBudget", - "AlwaysAllow" - ] - } - } - }, - "terminationGracePeriodSeconds": { - "type": "number" - }, - "volumes": { - "type": "array", - "items": { - "type": "object" - } - }, - "volumeMounts": { - "type": "array", - "items": { - "type": "object" - } - }, - "priorityClassName": { - "type": "string" - }, - "_internal_defaults_do_not_set": { - "type": "object" - } - }, - "additionalProperties": false - } - }, - "defaults": { - "$ref": "#/$defs/values" - }, - "$ref": "#/$defs/values" -} diff --git a/resources/v1.26.3/charts/gateway/values.yaml b/resources/v1.26.3/charts/gateway/values.yaml deleted file mode 100644 index 4e65676ba..000000000 --- a/resources/v1.26.3/charts/gateway/values.yaml +++ /dev/null @@ -1,170 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Name allows overriding the release name. Generally this should not be set - name: "" - # revision declares which revision this gateway is a part of - revision: "" - - # Controls the spec.replicas setting for the Gateway deployment if set. - # Otherwise defaults to Kubernetes Deployment default (1). - replicaCount: - - kind: Deployment - - rbac: - # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed - # when using http://gateway-api.org/. - enabled: true - - serviceAccount: - # If set, a service account will be created. Otherwise, the default is used - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set, the release name is used - name: "" - - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - prometheus.io/path: "/stats/prometheus" - inject.istio.io/templates: "gateway" - sidecar.istio.io/inject: "true" - - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - containerSecurityContext: {} - - service: - # Type of service. Set to "None" to disable the service entirely - type: LoadBalancer - ports: - - name: status-port - port: 15021 - protocol: TCP - targetPort: 15021 - - name: http2 - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - annotations: {} - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalTrafficPolicy: "" - externalIPs: [] - ipFamilyPolicy: "" - ipFamilies: [] - ## Whether to automatically allocate NodePorts (only for LoadBalancers). - # allocateLoadBalancerNodePorts: false - ## Set LoadBalancer class (only for LoadBalancers). - # loadBalancerClass: "" - - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: {} - autoscaleBehavior: {} - - # Pod environment variables - env: {} - - # Deployment Update strategy - strategy: {} - - # Sets the Deployment minReadySeconds value - minReadySeconds: - - # Optionally configure a custom readinessProbe. By default the control plane - # automatically injects the readinessProbe. If you wish to override that - # behavior, you may define your own readinessProbe here. - readinessProbe: {} - - # Labels to apply to all resources - labels: - # By default, don't enroll gateways into the ambient dataplane - "istio.io/dataplane-mode": none - - # Annotations to apply to all resources - annotations: {} - - nodeSelector: {} - - tolerations: [] - - topologySpreadConstraints: [] - - affinity: {} - - # If specified, the gateway will act as a network gateway for the given network. - networkGateway: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent - imagePullPolicy: "" - - imagePullSecrets: [] - - # This value is used to configure a Kubernetes PodDisruptionBudget for the gateway. - # - # By default, the `podDisruptionBudget` is disabled (set to `{}`), - # which means that no PodDisruptionBudget resource will be created. - # - # To enable the PodDisruptionBudget, configure it by specifying the - # `minAvailable` or `maxUnavailable`. For example, to set the - # minimum number of available replicas to 1, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # - # Or, to allow a maximum of 1 unavailable replica, you can set: - # - # podDisruptionBudget: - # maxUnavailable: 1 - # - # You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`. - # For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # unhealthyPodEvictionPolicy: AlwaysAllow - # - # To disable the PodDisruptionBudget, you can leave it as an empty object `{}`: - # - # podDisruptionBudget: {} - # - podDisruptionBudget: {} - - # Sets the per-pod terminationGracePeriodSeconds setting. - terminationGracePeriodSeconds: 30 - - # A list of `Volumes` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumes: [] - - # A list of `VolumeMounts` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumeMounts: [] - - # Configure this to a higher priority class in order to make sure your Istio gateway pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" diff --git a/resources/v1.26.3/charts/istiod/Chart.yaml b/resources/v1.26.3/charts/istiod/Chart.yaml deleted file mode 100644 index 2e6749b0d..000000000 --- a/resources/v1.26.3/charts/istiod/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.3 -description: Helm chart for istio control plane -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- istiod -- istio-discovery -name: istiod -sources: -- https://github.com/istio/istio -version: 1.26.3 diff --git a/resources/v1.26.3/charts/istiod/README.md b/resources/v1.26.3/charts/istiod/README.md deleted file mode 100644 index ddbfbc8fe..000000000 --- a/resources/v1.26.3/charts/istiod/README.md +++ /dev/null @@ -1,73 +0,0 @@ -# Istiod Helm Chart - -This chart installs an Istiod deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -Before installing, ensure CRDs are installed in the cluster (from the `istio/base` chart). - -To install the chart with the release name `istiod`: - -```console -kubectl create namespace istio-system -helm install istiod istio/istiod --namespace istio-system -``` - -## Uninstalling the Chart - -To uninstall/delete the `istiod` deployment: - -```console -helm delete istiod --namespace istio-system -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istiod -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Examples - -#### Configuring mesh configuration settings - -Any [Mesh Config](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/) options can be configured like below: - -```yaml -meshConfig: - accessLogFile: /dev/stdout -``` - -#### Revisions - -Control plane revisions allow deploying multiple versions of the control plane in the same cluster. -This allows safe [canary upgrades](https://istio.io/latest/docs/setup/upgrade/canary/) - -```yaml -revision: my-revision-name -``` diff --git a/resources/v1.26.3/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.26.3/charts/istiod/files/gateway-injection-template.yaml deleted file mode 100644 index 7d23f15f9..000000000 --- a/resources/v1.26.3/charts/istiod/files/gateway-injection-template.yaml +++ /dev/null @@ -1,261 +0,0 @@ -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: - istio.io/rev: {{ .Revision | default "default" | quote }} - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}" - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}" - {{- end }} - {{- end }} -spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 4 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- end }} - securityContext: - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.3/charts/istiod/files/grpc-agent.yaml b/resources/v1.26.3/charts/istiod/files/grpc-agent.yaml deleted file mode 100644 index dda3aeaa9..000000000 --- a/resources/v1.26.3/charts/istiod/files/grpc-agent.yaml +++ /dev/null @@ -1,318 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - {{/* security.istio.io/tlsMode: istio must be set by user, if gRPC is using mTLS initialization code. We can't set it automatically. */}} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} - sidecar.istio.io/rewriteAppHTTPProbers: "false", - } -spec: - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15020 - protocol: TCP - name: mesh-metrics - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - - --url=http://localhost:15020/healthz/ready - env: - - name: ISTIO_META_GENERATOR - value: grpc - - name: OUTPUT_CERTS - value: /var/lib/istio/data - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - # grpc uses xds:/// to resolve – no need to resolve VIP - - name: ISTIO_META_DNS_CAPTURE - value: "false" - - name: DISABLE_ENVOY - value: "true" - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15020 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} -{{- range $index, $container := .Spec.Containers }} -{{ if not (eq $container.Name "istio-proxy") }} - - name: {{ $container.Name }} - env: - - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" - value: "true" - - name: "GRPC_XDS_BOOTSTRAP" - value: "/etc/istio/proxy/grpc-bootstrap.json" - volumeMounts: - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - {{- if eq $.Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} -{{- end }} -{{- end }} - volumes: - - emptyDir: - name: workload-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-xds - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.3/charts/istiod/files/grpc-simple.yaml b/resources/v1.26.3/charts/istiod/files/grpc-simple.yaml deleted file mode 100644 index 9ba0c7a46..000000000 --- a/resources/v1.26.3/charts/istiod/files/grpc-simple.yaml +++ /dev/null @@ -1,65 +0,0 @@ -metadata: - annotations: - sidecar.istio.io/rewriteAppHTTPProbers: "false" -spec: - initContainers: - - name: grpc-bootstrap-init - image: busybox:1.28 - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - env: - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_NAMESPACE - value: | - {{ .Values.global.istioNamespace }} - command: - - sh - - "-c" - - |- - NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local" - SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010" - echo ' - { - "xds_servers": [ - { - "server_uri": "'${SERVER_URI}'", - "channel_creds": [{"type": "insecure"}], - "server_features" : ["xds_v3"] - } - ], - "node": { - "id": "'${NODE_ID}'", - "metadata": { - "GENERATOR": "grpc" - } - } - }' > /var/lib/grpc/data/bootstrap.json - containers: - {{- range $index, $container := .Spec.Containers }} - - name: {{ $container.Name }} - env: - - name: GRPC_XDS_BOOTSTRAP - value: /var/lib/grpc/data/bootstrap.json - - name: GRPC_GO_LOG_VERBOSITY_LEVEL - value: "99" - - name: GRPC_GO_LOG_SEVERITY_LEVEL - value: info - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - {{- end }} - volumes: - - name: grpc-io-proxyless-bootstrap - emptyDir: {} diff --git a/resources/v1.26.3/charts/istiod/files/injection-template.yaml b/resources/v1.26.3/charts/istiod/files/injection-template.yaml deleted file mode 100644 index 657e5ee09..000000000 --- a/resources/v1.26.3/charts/istiod/files/injection-template.yaml +++ /dev/null @@ -1,532 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{ $nativeSidecar := (or (and (not (isset .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`)) (eq (env "ENABLE_NATIVE_SIDECARS" "false") "true")) (eq (index .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`) "true")) }} -{{ $tproxy := (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio" | quote }} - {{- if eq (index .ProxyConfig.ProxyMetadata "ISTIO_META_ENABLE_HBONE") "true" }} - networking.istio.io/tunnel: {{ index .ObjectMeta.Labels `networking.istio.io/tunnel` | default "http" | quote }} - {{- end }} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | trunc 63 | trimSuffix "-" | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} -{{- if .Values.pilot.cni.enabled }} - {{- if eq .Values.pilot.cni.provider "multus" }} - k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `default/istio-cni` }}', - {{- end }} - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}", - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} - traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}", - {{- end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}istio.io/reroute-virtual-interfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}traffic.sidecar.istio.io/excludeInterfaces: "{{.}}",{{ end }} -{{- end }} - } -spec: - {{- $holdProxy := and - (or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts) - (not $nativeSidecar) }} - {{- $noInitContainer := and - (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE`) - (not $nativeSidecar) }} - {{ if $noInitContainer }} - initContainers: [] - {{ else -}} - initContainers: - {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} - {{ if .Values.pilot.cni.enabled -}} - - name: istio-validation - {{ else -}} - - name: istio-init - {{ end -}} - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - args: - - istio-iptables - - "-p" - - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }} - - "-z" - - {{ .MeshConfig.ProxyInboundListenPort | default "15006" | quote }} - - "-u" - - {{ if $tproxy }} "1337" {{ else }} {{ .ProxyUID | default "1337" | quote }} {{ end }} - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}" - - "-d" - {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} - - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{- else }} - - "15090,15021" - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} - - "-q" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" - {{ end -}} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`) -}} - - "-c" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}" - {{ end -}} - - "--log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}" - {{ if .Values.global.logAsJson -}} - - "--log_as_json" - {{ end -}} - {{ if .Values.pilot.cni.enabled -}} - - "--run-validation" - - "--skip-rule-apply" - {{ else if .Values.global.proxy_init.forceApplyIptables -}} - - "--force-apply" - {{ end -}} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{- if .ProxyConfig.ProxyMetadata }} - env: - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: - {{- if not .Values.pilot.cni.enabled }} - add: - - NET_ADMIN - - NET_RAW - {{- end }} - drop: - - ALL - {{- if not .Values.pilot.cni.enabled }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - readOnlyRootFilesystem: true - runAsGroup: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyGID | default "1337" }} {{ end }} - runAsUser: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyUID | default "1337" }} {{ end }} - runAsNonRoot: true - {{- end }} - {{ end -}} - {{ end -}} - {{ if not $nativeSidecar }} - containers: - {{ end }} - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{ if $nativeSidecar }}restartPolicy: Always{{end}} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- else if $holdProxy }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - {{- else if $nativeSidecar }} - {{- /* preStop is called when the pod starts shutdown. Initialize drain. We will get SIGTERM once applications are torn down. */}} - lifecycle: - preStop: - exec: - command: - - pilot-agent - - request - - --debug-port={{(annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort)}} - - POST - - drain - {{- end }} - env: - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- with (index .ObjectMeta.Labels `service.istio.io/workload-name` | default .DeploymentMeta.Name) }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ . }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - {{ if .Values.global.proxy.startupProbe.enabled }} - startupProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: 0 - periodSeconds: 1 - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.startupProbe.failureThreshold }} - {{ end }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }} - allowPrivilegeEscalation: true - capabilities: - add: - - NET_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: true - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: false - runAsUser: 0 - {{- else }} - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - add: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - - NET_ADMIN - {{- end }} - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} - - NET_BIND_SERVICE - {{- end }} - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: true - {{ if or ($tproxy) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - runAsNonRoot: false - runAsUser: 0 - runAsGroup: 1337 - {{- else -}} - runAsNonRoot: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} - volumes: - - emptyDir: - name: workload-socket - - emptyDir: - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.3/charts/istiod/files/kube-gateway.yaml b/resources/v1.26.3/charts/istiod/files/kube-gateway.yaml deleted file mode 100644 index 447ecae83..000000000 --- a/resources/v1.26.3/charts/istiod/files/kube-gateway.yaml +++ /dev/null @@ -1,401 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": {{.Name}} - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 8 }} - spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 8 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- if .Values.gateways.seccompProfile }} - seccompProfile: - {{- toYaml .Values.gateways.seccompProfile | nindent 10 }} - {{- end }} - {{- end }} - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{- if .Values.global.proxy.resources }} - resources: - {{- toYaml .Values.global.proxy.resources | nindent 10 }} - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - securityContext: - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: true - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }} - {{- end }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: "[]" - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName .ClusterID }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- with (valueOrDefault (index .InfrastructureLabels "topology.istio.io/network") .Values.global.network) }} - - name: ISTIO_META_NETWORK - value: {{.|quote}} - {{- end }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName|quote}} - - name: ISTIO_META_OWNER - value: "kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}}" - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- with (index .InfrastructureLabels "topology.istio.io/network") }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: {{.|quote}} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq ((.Values.pilot).env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: {{.UID}} -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": {{.Name}} - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.3/charts/istiod/files/profile-ambient.yaml b/resources/v1.26.3/charts/istiod/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.3/charts/istiod/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.3/charts/istiod/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.3/charts/istiod/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.3/charts/istiod/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/istiod/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.3/charts/istiod/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.3/charts/istiod/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.3/charts/istiod/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.3/charts/istiod/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/istiod/files/profile-demo.yaml b/resources/v1.26.3/charts/istiod/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.3/charts/istiod/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.3/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.26.3/charts/istiod/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.3/charts/istiod/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.3/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.26.3/charts/istiod/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.3/charts/istiod/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.3/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.26.3/charts/istiod/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.3/charts/istiod/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.3/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.26.3/charts/istiod/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.3/charts/istiod/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.3/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.26.3/charts/istiod/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.3/charts/istiod/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.3/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.26.3/charts/istiod/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.3/charts/istiod/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.3/charts/istiod/files/profile-preview.yaml b/resources/v1.26.3/charts/istiod/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.3/charts/istiod/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.3/charts/istiod/files/profile-remote.yaml b/resources/v1.26.3/charts/istiod/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.3/charts/istiod/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.3/charts/istiod/files/profile-stable.yaml b/resources/v1.26.3/charts/istiod/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.3/charts/istiod/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.3/charts/istiod/files/waypoint.yaml b/resources/v1.26.3/charts/istiod/files/waypoint.yaml deleted file mode 100644 index 421cabeae..000000000 --- a/resources/v1.26.3/charts/istiod/files/waypoint.yaml +++ /dev/null @@ -1,396 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": "{{.Name}}" - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "istio.io/dataplane-mode" "none" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 8}} - spec: - {{- if .Values.global.waypoint.affinity }} - affinity: - {{- toYaml .Values.global.waypoint.affinity | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml .Values.global.waypoint.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.nodeSelector }} - nodeSelector: - {{- toYaml .Values.global.waypoint.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.tolerations }} - tolerations: - {{- toYaml .Values.global.waypoint.tolerations | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 2 - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - args: - - proxy - - waypoint - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - {{.ServiceAccount}}.$(POD_NAMESPACE) - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - env: - - name: ISTIO_META_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - {{- if .ProxyConfig.ProxyMetadata }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - {{- $network := valueOrDefault (index .InfrastructureLabels `topology.istio.io/network`) .Values.global.network }} - {{- if $network }} - - name: ISTIO_META_NETWORK - value: "{{ $network }}" - {{- end }} - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName}} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if .Values.global.waypoint.resources }} - resources: - {{- toYaml .Values.global.waypoint.resources | nindent 10 }} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - privileged: false - {{- if not (eq .Values.global.platform "openshift") }} - runAsGroup: 1337 - runAsUser: 1337 - {{- end }} - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.gateways.seccompProfile }} - seccompProfile: -{{- toYaml .Values.gateways.seccompProfile | nindent 12 }} -{{- end }} - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: - medium: Memory - name: go-proxy-envoy - - emptyDir: {} - name: istio-data - - emptyDir: {} - name: go-proxy-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap - (strdict "networking.istio.io/traffic-distribution" "PreferClose") - (omit .InfrastructureAnnotations - "kubectl.kubernetes.io/last-applied-configuration" - "gateway.istio.io/name-override" - "gateway.istio.io/service-account" - "gateway.istio.io/controller-version" - ) | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": "{{.Name}}" - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.3/charts/istiod/templates/NOTES.txt b/resources/v1.26.3/charts/istiod/templates/NOTES.txt deleted file mode 100644 index 0d07ea7f4..000000000 --- a/resources/v1.26.3/charts/istiod/templates/NOTES.txt +++ /dev/null @@ -1,82 +0,0 @@ -"istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: -{{- $profile := default "" .Values.profile }} -{{- if (eq $profile "ambient") }} - * Get started with ambient: https://istio.io/latest/docs/ops/ambient/getting-started/ - * Review ambient's architecture: https://istio.io/latest/docs/ops/ambient/architecture/ -{{- else }} - * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/ - * Try out our tasks to get started on common configurations: - * https://istio.io/latest/docs/tasks/traffic-management - * https://istio.io/latest/docs/tasks/security/ - * https://istio.io/latest/docs/tasks/policy-enforcement/ -{{- end }} - * Review the list of actively supported releases, CVE publications and our hardening guide: - * https://istio.io/latest/docs/releases/supported-releases/ - * https://istio.io/latest/news/security/ - * https://istio.io/latest/docs/ops/best-practices/security/ - -For further documentation see https://istio.io website - -{{- - $deps := dict - "global.outboundTrafficPolicy" "meshConfig.outboundTrafficPolicy" - "global.certificates" "meshConfig.certificates" - "global.localityLbSetting" "meshConfig.localityLbSetting" - "global.policyCheckFailOpen" "meshConfig.policyCheckFailOpen" - "global.enableTracing" "meshConfig.enableTracing" - "global.proxy.accessLogFormat" "meshConfig.accessLogFormat" - "global.proxy.accessLogFile" "meshConfig.accessLogFile" - "global.proxy.concurrency" "meshConfig.defaultConfig.concurrency" - "global.proxy.envoyAccessLogService" "meshConfig.defaultConfig.envoyAccessLogService" - "global.proxy.envoyAccessLogService.enabled" "meshConfig.enableEnvoyAccessLogService" - "global.proxy.envoyMetricsService" "meshConfig.defaultConfig.envoyMetricsService" - "global.proxy.protocolDetectionTimeout" "meshConfig.protocolDetectionTimeout" - "global.proxy.holdApplicationUntilProxyStarts" "meshConfig.defaultConfig.holdApplicationUntilProxyStarts" - "pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" - "global.mtls.enabled" "the PeerAuthentication resource" - "global.mtls.auto" "meshConfig.enableAutoMtls" - "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address" - "global.tracer.lightstep.accessToken" "meshConfig.defaultConfig.tracing.lightstep.accessToken" - "global.tracer.zipkin.address" "meshConfig.defaultConfig.tracing.zipkin.address" - "global.tracer.datadog.address" "meshConfig.defaultConfig.tracing.datadog.address" - "global.meshExpansion.enabled" "Gateway and other Istio networking resources, such as in samples/multicluster/" - "istiocoredns.enabled" "the in-proxy DNS capturing (ISTIO_META_DNS_CAPTURE)" -}} -{{- range $dep, $replace := $deps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -WARNING: {{$dep|quote}} is deprecated; use {{$replace|quote}} instead. -{{- end }} -{{- end }} -{{- - $failDeps := dict - "telemetry.v2.prometheus.configOverride" - "telemetry.v2.stackdriver.configOverride" - "telemetry.v2.stackdriver.disableOutbound" - "telemetry.v2.stackdriver.outboundAccessLogging" - "global.tracer.stackdriver.debug" "meshConfig.defaultConfig.tracing.stackdriver.debug" - "global.tracer.stackdriver.maxNumberOfAttributes" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" - "global.tracer.stackdriver.maxNumberOfAnnotations" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" - "global.tracer.stackdriver.maxNumberOfMessageEvents" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" - "meshConfig.defaultConfig.tracing.stackdriver.debug" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" "Istio supported tracers" -}} -{{- range $dep, $replace := $failDeps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -{{fail (print $dep " is removed")}} -{{- end }} -{{- end }} -{{- if eq $.Values.global.pilotCertProvider "kubernetes" }} -{{- fail "pilotCertProvider=kubernetes is not supported" }} -{{- end }} \ No newline at end of file diff --git a/resources/v1.26.3/charts/istiod/templates/_helpers.tpl b/resources/v1.26.3/charts/istiod/templates/_helpers.tpl deleted file mode 100644 index 042c92538..000000000 --- a/resources/v1.26.3/charts/istiod/templates/_helpers.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* Default Prometheus is enabled if its enabled and there are no config overrides set */}} -{{ define "default-prometheus" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.prometheus.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. Default metrics are enabled if SD is enabled */}} -{{ define "default-sd-metrics" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. */}} -{{ define "default-sd-logs" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/autoscale.yaml b/resources/v1.26.3/charts/istiod/templates/autoscale.yaml deleted file mode 100644 index 09cd6258c..000000000 --- a/resources/v1.26.3/charts/istiod/templates/autoscale.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.cpu.targetAverageUtilization }} - {{- if .Values.memory.targetAverageUtilization }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.memory.targetAverageUtilization }} - {{- end }} - {{- if .Values.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaleBehavior | nindent 4 }} - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/clusterrole.yaml b/resources/v1.26.3/charts/istiod/templates/clusterrole.yaml deleted file mode 100644 index d4d79d00f..000000000 --- a/resources/v1.26.3/charts/istiod/templates/clusterrole.yaml +++ /dev/null @@ -1,206 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - # sidecar injection controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - # configuration validation webhook controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] - - # istio configuration - # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) - # please proceed with caution - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["get", "watch", "list"] - resources: ["*"] -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["update", "patch"] - resources: - - authorizationpolicies/status - - destinationrules/status - - envoyfilters/status - - gateways/status - - peerauthentications/status - - proxyconfigs/status - - requestauthentications/status - - serviceentries/status - - sidecars/status - - telemetries/status - - virtualservices/status - - wasmplugins/status - - workloadentries/status - - workloadgroups/status -{{- end }} - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries/status", "serviceentries/status" ] - - apiGroups: ["security.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "authorizationpolicies/status" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services/status" ] - - # auto-detect installed CRD definitions - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - # discovery and routing - - apiGroups: [""] - resources: ["pods", "nodes", "services", "namespaces", "endpoints"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - -{{- if .Values.taint.enabled }} - - apiGroups: [""] - resources: ["nodes"] - verbs: ["patch"] -{{- end }} - - # ingress controller -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] -{{- end}} - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses", "ingressclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] - - # required for CA's namespace controller - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - # Istiod and bootstrap. -{{- $omitCertProvidersForClusterRole := list "istiod" "custom" "none"}} -{{- if or .Values.env.EXTERNAL_CA (not (has .Values.global.pilotCertProvider $omitCertProvidersForClusterRole)) }} - - apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete", "watch"] - - apiGroups: ["certificates.k8s.io"] - resources: - - "signers" - resourceNames: -{{- range .Values.global.certSigners }} - - {{ . | quote }} -{{- end }} - verbs: ["approve"] -{{- end}} -{{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - - apiGroups: ["certificates.k8s.io"] - resources: ["clustertrustbundles"] - verbs: ["update", "create", "delete", "list", "watch", "get"] - - apiGroups: ["certificates.k8s.io"] - resources: ["signers"] - resourceNames: ["istio.io/istiod-ca"] - verbs: ["attest"] -{{- end }} - - # Used by Istiod to verify the JWT tokens - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - # Used by Istiod to verify gateway SDS - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] - - # Use for Kubernetes Service APIs - - apiGroups: ["gateway.networking.k8s.io", "gateway.networking.x-k8s.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] - - apiGroups: ["gateway.networking.x-k8s.io"] - resources: - - xbackendtrafficpolicies/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: - - backendtlspolicies/status - - gatewayclasses/status - - gateways/status - - grpcroutes/status - - httproutes/status - - referencegrants/status - - tcproutes/status - - tlsroutes/status - - udproutes/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: ["gatewayclasses"] - verbs: ["create", "update", "patch", "delete"] - - # Needed for multicluster secret reading, possibly ingress certs in the future - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] - - # Used for MCS serviceexport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: [ "get", "watch", "list", "create", "delete"] - - # Used for MCS serviceimport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "watch", "list"] ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: ["apps"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "deployments" ] - - apiGroups: ["autoscaling"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "horizontalpodautoscalers" ] - - apiGroups: ["policy"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "poddisruptionbudgets" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "serviceaccounts"] -{{- end }} -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.26.3/charts/istiod/templates/clusterrolebinding.yaml deleted file mode 100644 index 10781b407..000000000 --- a/resources/v1.26.3/charts/istiod/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.26.3/charts/istiod/templates/configmap-jwks.yaml deleted file mode 100644 index 3505d2822..000000000 --- a/resources/v1.26.3/charts/istiod/templates/configmap-jwks.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/configmap-values.yaml b/resources/v1.26.3/charts/istiod/templates/configmap-values.yaml deleted file mode 100644 index 75e6e0bcc..000000000 --- a/resources/v1.26.3/charts/istiod/templates/configmap-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: values{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - annotations: - kubernetes.io/description: This ConfigMap contains the Helm values used during chart rendering. This ConfigMap is rendered for debugging purposes and external tooling; modifying these values has no effect. - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - original-values: |- -{{ .Values._original | toPrettyJson | indent 4 }} -{{- $_ := unset $.Values "_original" }} - merged-values: |- -{{ .Values | toPrettyJson | indent 4 }} diff --git a/resources/v1.26.3/charts/istiod/templates/configmap.yaml b/resources/v1.26.3/charts/istiod/templates/configmap.yaml deleted file mode 100644 index 3098d300f..000000000 --- a/resources/v1.26.3/charts/istiod/templates/configmap.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- define "mesh" }} - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: "cluster.local" - - # The namespace to treat as the administrative root namespace for Istio configuration. - # When processing a leaf namespace Istio will search for declarations in that namespace first - # and if none are found it will search in the root namespace. Any matching declaration found in the root namespace - # is processed as if it were declared in the leaf namespace. - rootNamespace: {{ .Values.meshConfig.rootNamespace | default .Values.global.istioNamespace }} - - {{ $prom := include "default-prometheus" . | eq "true" }} - {{ $sdMetrics := include "default-sd-metrics" . | eq "true" }} - {{ $sdLogs := include "default-sd-logs" . | eq "true" }} - {{- if or $prom $sdMetrics $sdLogs }} - defaultProviders: - {{- if or $prom $sdMetrics }} - metrics: - {{ if $prom }}- prometheus{{ end }} - {{ if and $sdMetrics $sdLogs }}- stackdriver{{ end }} - {{- end }} - {{- if and $sdMetrics $sdLogs }} - accessLogging: - - stackdriver - {{- end }} - {{- end }} - - defaultConfig: - {{- if .Values.global.meshID }} - meshId: "{{ .Values.global.meshID }}" - {{- end }} - {{- with (.Values.global.proxy.variant | default .Values.global.variant) }} - image: - imageType: {{. | quote}} - {{- end }} - {{- if not (eq .Values.global.proxy.tracer "none") }} - tracing: - {{- if eq .Values.global.proxy.tracer "lightstep" }} - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - zipkin: - # Address of the Zipkin collector - address: {{ ((.Values.global.tracer).zipkin).address | default (print "zipkin." .Values.global.istioNamespace ":9411") }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - datadog: - # Address of the Datadog Agent - address: {{ ((.Values.global.tracer).datadog).address | default "$(HOST_IP):8126" }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - stackdriver: - # enables trace output to stdout. - debug: {{ (($.Values.global.tracer).stackdriver).debug | default "false" }} - # The global default max number of attributes per span. - maxNumberOfAttributes: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAttributes | default "200" }} - # The global default max number of annotation events per span. - maxNumberOfAnnotations: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAnnotations | default "200" }} - # The global default max number of message events per span. - maxNumberOfMessageEvents: {{ (($.Values.global.tracer).stackdriver).maxNumberOfMessageEvents | default "200" }} - {{- end }} - {{- end }} - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ printf "istiod.%s.svc" .Release.Namespace }}:15012 - {{- else }} - discoveryAddress: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{.Release.Namespace}}.svc:15012 - {{- end }} -{{- end }} - -{{/* We take the mesh config above, defined with individual values.yaml, and merge with .Values.meshConfig */}} -{{/* The intent here is that meshConfig.foo becomes the API, rather than re-inventing the API in values.yaml */}} -{{- $originalMesh := include "mesh" . | fromYaml }} -{{- $mesh := mergeOverwrite $originalMesh .Values.meshConfig }} - -{{- if .Values.configMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} - - mesh: |- -{{- if .Values.meshConfig }} -{{ $mesh | toYaml | indent 4 }} -{{- else }} -{{- include "mesh" . }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/deployment.yaml b/resources/v1.26.3/charts/istiod/templates/deployment.yaml deleted file mode 100644 index 73917d860..000000000 --- a/resources/v1.26.3/charts/istiod/templates/deployment.yaml +++ /dev/null @@ -1,304 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- range $key, $val := .Values.deploymentLabels }} - {{ $key }}: "{{ $val }}" -{{- end }} -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - {{- if ne .Values.revision "" }} - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - {{- else }} - istio: pilot - {{- end }} - template: - metadata: - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - sidecar.istio.io/inject: "false" - operator.istio.io/component: "Pilot" - {{- if ne .Values.revision "" }} - istio: istiod - {{- else }} - istio: pilot - {{- end }} - {{- range $key, $val := .Values.podLabels }} - {{ $key }}: "{{ $val }}" - {{- end }} - istio.io/dataplane-mode: none - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 8 }} - annotations: - prometheus.io/port: "15014" - prometheus.io/scrape: "true" - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- with .Values.affinity }} - affinity: -{{- toYaml . | nindent 8 }} -{{- end }} - tolerations: - - key: cni.istio.io/not-ready - operator: "Exists" -{{- with .Values.tolerations }} -{{- toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{- toYaml . | nindent 8 }} -{{- end }} - serviceAccountName: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- with .Values.initContainers }} - initContainers: - {{- tpl (toYaml .) $ | nindent 8 }} -{{- end }} - containers: - - name: discovery -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "pilot" }}:{{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}}" -{{- end }} -{{- if .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} -{{- end }} - args: - - "discovery" - - --monitoringAddr=:15014 -{{- if .Values.global.logging.level }} - - --log_output_level={{ .Values.global.logging.level }} -{{- end}} -{{- if .Values.global.logAsJson }} - - --log_as_json -{{- end }} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.taint.namespace }} - - --cniNamespace={{ .Values.taint.namespace }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" -{{- if .Values.extraContainerArgs }} - {{- with .Values.extraContainerArgs }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- end }} - ports: - - containerPort: 8080 - protocol: TCP - name: http-debug - - containerPort: 15010 - protocol: TCP - name: grpc-xds - - containerPort: 15012 - protocol: TCP - name: tls-xds - - containerPort: 15017 - protocol: TCP - name: https-webhooks - - containerPort: 15014 - protocol: TCP - name: http-monitoring - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 1 - periodSeconds: 3 - timeoutSeconds: 5 - env: - - name: REVISION - value: "{{ .Values.revision | default `default` }}" - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.serviceAccountName - - name: KUBECONFIG - value: /var/run/secrets/remote/config - # If you explicitly told us where ztunnel lives, use that. - # Otherwise, assume it lives in our namespace - # Also, check for an explicit ENV override (legacy approach) and prefer that - # if present - {{ $ztTrustedNS := or .Values.trustedZtunnelNamespace .Release.Namespace }} - {{ $ztTrustedName := or .Values.trustedZtunnelName "ztunnel" }} - {{- if not .Values.env.CA_TRUSTED_NODE_ACCOUNTS }} - - name: CA_TRUSTED_NODE_ACCOUNTS - value: "{{ $ztTrustedNS }}/{{ $ztTrustedName }}" - {{- end }} - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - {{- with .Values.envVarFrom }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} -# If externalIstiod is set via Values.Global, then enable the pilot env variable. However, if it's set via Values.pilot.env, then -# don't set it here to avoid duplication. -# TODO (nshankar13): Move from Helm chart to code: https://github.com/istio/istio/issues/52449 -{{- if and .Values.global.externalIstiod (not (and .Values.env .Values.env.EXTERNAL_ISTIOD)) }} - - name: EXTERNAL_ISTIOD - value: "{{ .Values.global.externalIstiod }}" -{{- end }} - - name: PILOT_ENABLE_ANALYSIS - value: "{{ .Values.global.istiod.enableAnalysis }}" - - name: CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - divisor: "1" - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - divisor: "1" - - name: PLATFORM - value: "{{ coalesce .Values.global.platform .Values.platform }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - volumeMounts: - - name: istio-token - mountPath: /var/run/secrets/tokens - readOnly: true - - name: local-certs - mountPath: /var/run/secrets/istio-dns - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - - name: istio-kubeconfig - mountPath: /var/run/secrets/remote - readOnly: true - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts - {{- end }} - - name: istio-csr-dns-cert - mountPath: /var/run/secrets/istiod/tls - readOnly: true - - name: istio-csr-ca-configmap - mountPath: /var/run/secrets/istiod/ca - readOnly: true - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 10 }} - {{- end }} - volumes: - # Technically not needed on this pod - but it helps debugging/testing SDS - # Should be removed after everything works. - - emptyDir: - medium: Memory - name: local-certs - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ .Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - # Optional: user-generated root - - name: cacerts - secret: - secretName: cacerts - optional: true - - name: istio-kubeconfig - secret: - secretName: istio-kubeconfig - optional: true - # Optional: istio-csr dns pilot certs - - name: istio-csr-dns-cert - secret: - secretName: istiod-tls - optional: true - - name: istio-csr-ca-configmap - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - optional: true - {{- else }} - configMap: - name: istio-ca-root-cert - defaultMode: 420 - optional: true - {{- end }} - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} - ---- -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.26.3/charts/istiod/templates/gateway-class-configmap.yaml deleted file mode 100644 index 6b23d716a..000000000 --- a/resources/v1.26.3/charts/istiod/templates/gateway-class-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ range $key, $value := .Values.gatewayClasses }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-{{ $.Values.revision | default "default" }}-gatewayclass-{{$key}} - namespace: {{ $.Release.Namespace }} - labels: - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - gateway.istio.io/defaults-for-class: {{$key|quote}} - {{- include "istio.labels" $ | nindent 4 }} -data: -{{ range $kind, $overlay := $value }} - {{$kind}}: | -{{$overlay|toYaml|trim|indent 4}} -{{ end }} ---- -{{ end }} diff --git a/resources/v1.26.3/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.26.3/charts/istiod/templates/istiod-injector-configmap.yaml deleted file mode 100644 index 171aff886..000000000 --- a/resources/v1.26.3/charts/istiod/templates/istiod-injector-configmap.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: -{{/* Scope the values to just top level fields used in the template, to reduce the size. */}} - values: |- -{{ $vals := pick .Values "global" "sidecarInjectorWebhook" "revision" -}} -{{ $pilotVals := pick .Values "cni" "env" -}} -{{ $vals = set $vals "pilot" $pilotVals -}} -{{ $gatewayVals := pick .Values.gateways "securityContext" "seccompProfile" -}} -{{ $vals = set $vals "gateways" $gatewayVals -}} -{{ $vals | toPrettyJson | indent 4 }} - - # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching - # and istiod webhook functionality. - # - # New fields should not use Values - it is a 'primary' config object, users should be able - # to fine tune it or use it with kube-inject. - config: |- - # defaultTemplates defines the default template to use for pods that do not explicitly specify a template - {{- if .Values.sidecarInjectorWebhook.defaultTemplates }} - defaultTemplates: -{{- range .Values.sidecarInjectorWebhook.defaultTemplates}} - - {{ . }} -{{- end }} - {{- else }} - defaultTemplates: [sidecar] - {{- end }} - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": {{ $val | quote }} - {{- end }} - {{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template - which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined". - This should make it obvious that their installation is broken. - */}} - template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }} - templates: -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }} - sidecar: | -{{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }} - gateway: | -{{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }} - grpc-simple: | -{{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }} - grpc-agent: | -{{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "waypoint") }} - waypoint: | -{{ .Files.Get "files/waypoint.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "kube-gateway") }} - kube-gateway: | -{{ .Files.Get "files/kube-gateway.yaml" | trim | indent 8 }} -{{- end }} -{{- with .Values.sidecarInjectorWebhook.templates }} -{{ toYaml . | trim | indent 6 }} -{{- end }} - -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.26.3/charts/istiod/templates/mutatingwebhook.yaml deleted file mode 100644 index 22160f70a..000000000 --- a/resources/v1.26.3/charts/istiod/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- /* Core defines the common configuration used by all webhook segments */}} -{{/* Copy just what we need to avoid expensive deepCopy */}} -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "caBundle" .Values.istiodRemote.injectionCABundle - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - {{- if .caBundle }} - caBundle: "{{ .caBundle }}" - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- /* Installed for each revision - not installed for cluster resources ( cluster roles, bindings, crds) */}} -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq .Release.Namespace "istio-system"}} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- else }} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -{{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- /* Set up the selectors. First section is for revision, rest is for "default" revision */}} - -{{- /* Case 1: namespace selector matches, and object doesn't disable */}} -{{- /* Note: if both revision and legacy selector, we give precedence to the legacy one */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: No namespace selector, but object selects our revision (and doesn't disable) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - -{{- /* Webhooks for default revision */}} -{{- if (eq .Values.revision "") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if .Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.26.3/charts/istiod/templates/poddisruptionbudget.yaml deleted file mode 100644 index 1eacf16e6..000000000 --- a/resources/v1.26.3/charts/istiod/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - istio: pilot - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - minAvailable: 1 - selector: - matchLabels: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - istio: pilot - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.26.3/charts/istiod/templates/reader-clusterrole.yaml deleted file mode 100644 index 4707c7e9f..000000000 --- a/resources/v1.26.3/charts/istiod/templates/reader-clusterrole.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: - - "config.istio.io" - - "security.istio.io" - - "networking.istio.io" - - "authentication.istio.io" - - "rbac.istio.io" - - "telemetry.istio.io" - - "extensions.istio.io" - resources: ["*"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - # TODO(keithmattix): See if we can conditionally give permission to read secrets and configmaps iff externalIstiod - # is enabled. Best I can tell, these two resources are only needed for configuring proxy TLS (i.e. CA certs). - resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets", "configmaps"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] - resources: ["gateways"] - verbs: ["get", "watch", "list"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] -{{- if .Values.istiodRemote.enabled }} - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] -{{- end}} diff --git a/resources/v1.26.3/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.26.3/charts/istiod/templates/reader-clusterrolebinding.yaml deleted file mode 100644 index aea9f01f7..000000000 --- a/resources/v1.26.3/charts/istiod/templates/reader-clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} diff --git a/resources/v1.26.3/charts/istiod/templates/remote-istiod-endpoints.yaml b/resources/v1.26.3/charts/istiod/templates/remote-istiod-endpoints.yaml deleted file mode 100644 index a6de571da..000000000 --- a/resources/v1.26.3/charts/istiod/templates/remote-istiod-endpoints.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.istiodRemote.enabled }} -# if the remotePilotAddress is an IP addr -{{- if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 15017 - name: tcp-webhook - protocol: TCP ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.26.3/charts/istiod/templates/remote-istiod-service.yaml deleted file mode 100644 index d3f872f74..000000000 --- a/resources/v1.26.3/charts/istiod/templates/remote-istiod-service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 443 - targetPort: 15017 - name: tcp-webhook - protocol: TCP - {{- if and .Values.global.remotePilotAddress (not (regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress)) }} - # if the remotePilotAddress is not an IP addr, we use ExternalName - type: ExternalName - externalName: {{ .Values.global.remotePilotAddress }} - {{- end }} -{{- if .Values.global.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy }} -{{- end }} -{{- if .Values.global.ipFamilies }} - ipFamilies: -{{- range .Values.global.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/revision-tags.yaml b/resources/v1.26.3/charts/istiod/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.3/charts/istiod/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/role.yaml b/resources/v1.26.3/charts/istiod/templates/role.yaml deleted file mode 100644 index 10d89e8d1..000000000 --- a/resources/v1.26.3/charts/istiod/templates/role.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: -# permissions to verify the webhook is ready and rejecting -# invalid config. We use --server-dry-run so no config is persisted. -- apiGroups: ["networking.istio.io"] - verbs: ["create"] - resources: ["gateways"] - -# For storing CA secret -- apiGroups: [""] - resources: ["secrets"] - # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config - verbs: ["create", "get", "watch", "list", "update", "delete"] - -# For status controller, so it can delete the distribution report configmap -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["delete"] - -# For gateway deployment controller -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "update", "patch", "create"] -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/rolebinding.yaml b/resources/v1.26.3/charts/istiod/templates/rolebinding.yaml deleted file mode 100644 index a42f4ec44..000000000 --- a/resources/v1.26.3/charts/istiod/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/service.yaml b/resources/v1.26.3/charts/istiod/templates/service.yaml deleted file mode 100644 index 30d5b8912..000000000 --- a/resources/v1.26.3/charts/istiod/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.serviceAnnotations }} - annotations: -{{ toYaml .Values.serviceAnnotations | indent 4 }} - {{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: istiod - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15010 - name: grpc-xds # plaintext - protocol: TCP - - port: 15012 - name: https-dns # mTLS with k8s-signed cert - protocol: TCP - - port: 443 - name: https-webhook # validation and injection - targetPort: 15017 - protocol: TCP - - port: 15014 - name: http-monitoring # prometheus stats - protocol: TCP - selector: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - # Label used by the 'default' service. For versioned deployments we match with app and version. - # This avoids default deployment picking the canary - istio: pilot - {{- end }} - {{- if .Values.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.ipFamilyPolicy }} - {{- end }} - {{- if .Values.ipFamilies }} - ipFamilies: - {{- range .Values.ipFamilies }} - - {{ . }} - {{- end }} - {{- end }} ---- -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/serviceaccount.yaml b/resources/v1.26.3/charts/istiod/templates/serviceaccount.yaml deleted file mode 100644 index a673a4d07..000000000 --- a/resources/v1.26.3/charts/istiod/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} - {{- if .Values.serviceAccountAnnotations }} - annotations: -{{- toYaml .Values.serviceAccountAnnotations | nindent 4 }} - {{- end }} -{{- end }} ---- diff --git a/resources/v1.26.3/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.26.3/charts/istiod/templates/validatingadmissionpolicy.yaml deleted file mode 100644 index d36eef68e..000000000 --- a/resources/v1.26.3/charts/istiod/templates/validatingadmissionpolicy.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.experimental.stableValidationPolicy }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-policy-binding{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" -spec: - policyName: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - validationActions: [Deny] -{{- end }} -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.26.3/charts/istiod/templates/validatingwebhookconfiguration.yaml deleted file mode 100644 index fb28836a0..000000000 --- a/resources/v1.26.3/charts/istiod/templates/validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.global.configValidation }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-validator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - # Webhook handling per-revision validation. Mostly here so we can determine whether webhooks - # are rejecting invalid configs on a per-revision basis. - - name: rev.validation.istio.io - clientConfig: - # Should change from base but cannot for API compat - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.3/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.26.3/charts/istiod/templates/zzy_descope_legacy.yaml deleted file mode 100644 index ae8fced29..000000000 --- a/resources/v1.26.3/charts/istiod/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.pilot` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "pilot") }} \ No newline at end of file diff --git a/resources/v1.26.3/charts/istiod/templates/zzz_profile.yaml b/resources/v1.26.3/charts/istiod/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.3/charts/istiod/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.3/charts/istiod/values.yaml b/resources/v1.26.3/charts/istiod/values.yaml deleted file mode 100644 index 0357641c1..000000000 --- a/resources/v1.26.3/charts/istiod/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.3 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.3/charts/revisiontags/Chart.yaml b/resources/v1.26.3/charts/revisiontags/Chart.yaml deleted file mode 100644 index 93f38eebe..000000000 --- a/resources/v1.26.3/charts/revisiontags/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.3 -description: Helm chart for istio revision tags -name: revisiontags -sources: -- https://github.com/istio-ecosystem/sail-operator -version: 0.1.0 - diff --git a/resources/v1.26.3/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.26.3/charts/revisiontags/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.3/charts/revisiontags/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.3/charts/revisiontags/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.3/charts/revisiontags/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.3/charts/revisiontags/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/revisiontags/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.3/charts/revisiontags/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.3/charts/revisiontags/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.3/charts/revisiontags/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.3/charts/revisiontags/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/revisiontags/files/profile-demo.yaml b/resources/v1.26.3/charts/revisiontags/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.3/charts/revisiontags/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.3/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.26.3/charts/revisiontags/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.3/charts/revisiontags/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.3/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.26.3/charts/revisiontags/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.3/charts/revisiontags/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.3/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.26.3/charts/revisiontags/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.3/charts/revisiontags/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.3/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.26.3/charts/revisiontags/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.3/charts/revisiontags/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.3/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.26.3/charts/revisiontags/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.3/charts/revisiontags/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.3/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.26.3/charts/revisiontags/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.3/charts/revisiontags/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.3/charts/revisiontags/files/profile-preview.yaml b/resources/v1.26.3/charts/revisiontags/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.3/charts/revisiontags/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.3/charts/revisiontags/files/profile-remote.yaml b/resources/v1.26.3/charts/revisiontags/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.3/charts/revisiontags/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.3/charts/revisiontags/files/profile-stable.yaml b/resources/v1.26.3/charts/revisiontags/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.3/charts/revisiontags/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.3/charts/revisiontags/templates/revision-tags.yaml b/resources/v1.26.3/charts/revisiontags/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.3/charts/revisiontags/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.3/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.26.3/charts/revisiontags/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.3/charts/revisiontags/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.3/charts/revisiontags/values.yaml b/resources/v1.26.3/charts/revisiontags/values.yaml deleted file mode 100644 index 0357641c1..000000000 --- a/resources/v1.26.3/charts/revisiontags/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.3 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.3/charts/ztunnel/Chart.yaml b/resources/v1.26.3/charts/ztunnel/Chart.yaml deleted file mode 100644 index 488c3f4aa..000000000 --- a/resources/v1.26.3/charts/ztunnel/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.3 -description: Helm chart for istio ztunnel components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-ztunnel -- istio -name: ztunnel -sources: -- https://github.com/istio/istio -version: 1.26.3 diff --git a/resources/v1.26.3/charts/ztunnel/README.md b/resources/v1.26.3/charts/ztunnel/README.md deleted file mode 100644 index ffe0b94fe..000000000 --- a/resources/v1.26.3/charts/ztunnel/README.md +++ /dev/null @@ -1,50 +0,0 @@ -# Istio Ztunnel Helm Chart - -This chart installs an Istio ztunnel. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart: - -```console -helm install ztunnel istio/ztunnel -``` - -## Uninstalling the Chart - -To uninstall/delete the chart: - -```console -helm delete ztunnel -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/ztunnel -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.3/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.26.3/charts/ztunnel/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.3/charts/ztunnel/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.3/charts/ztunnel/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.3/charts/ztunnel/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.3/charts/ztunnel/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/ztunnel/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.3/charts/ztunnel/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.3/charts/ztunnel/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.3/charts/ztunnel/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.3/charts/ztunnel/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.3/charts/ztunnel/files/profile-demo.yaml b/resources/v1.26.3/charts/ztunnel/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.3/charts/ztunnel/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.3/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.26.3/charts/ztunnel/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.3/charts/ztunnel/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.3/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.26.3/charts/ztunnel/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.3/charts/ztunnel/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.3/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.26.3/charts/ztunnel/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.3/charts/ztunnel/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.3/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.26.3/charts/ztunnel/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.3/charts/ztunnel/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.3/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.26.3/charts/ztunnel/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.3/charts/ztunnel/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.3/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.26.3/charts/ztunnel/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.3/charts/ztunnel/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.3/charts/ztunnel/files/profile-preview.yaml b/resources/v1.26.3/charts/ztunnel/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.3/charts/ztunnel/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.3/charts/ztunnel/files/profile-remote.yaml b/resources/v1.26.3/charts/ztunnel/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.3/charts/ztunnel/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.3/charts/ztunnel/files/profile-stable.yaml b/resources/v1.26.3/charts/ztunnel/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.3/charts/ztunnel/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.3/charts/ztunnel/templates/NOTES.txt b/resources/v1.26.3/charts/ztunnel/templates/NOTES.txt deleted file mode 100644 index 244f59db0..000000000 --- a/resources/v1.26.3/charts/ztunnel/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -ztunnel successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.3/charts/ztunnel/templates/_helpers.tpl b/resources/v1.26.3/charts/ztunnel/templates/_helpers.tpl deleted file mode 100644 index 46a7a0b79..000000000 --- a/resources/v1.26.3/charts/ztunnel/templates/_helpers.tpl +++ /dev/null @@ -1 +0,0 @@ -{{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }} diff --git a/resources/v1.26.3/charts/ztunnel/templates/daemonset.yaml b/resources/v1.26.3/charts/ztunnel/templates/daemonset.yaml deleted file mode 100644 index 720970c97..000000000 --- a/resources/v1.26.3/charts/ztunnel/templates/daemonset.yaml +++ /dev/null @@ -1,205 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -spec: - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - app: ztunnel - template: - metadata: - labels: - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app: ztunnel - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 8}} -{{ with .Values.podLabels -}}{{ toYaml . | indent 8 }}{{ end }} - annotations: - sidecar.istio.io/inject: "false" -{{- if .Values.revision }} - istio.io/rev: {{ .Values.revision }} -{{- end }} -{{ with .Values.podAnnotations -}}{{ toYaml . | indent 8 }}{{ end }} - spec: - nodeSelector: - kubernetes.io/os: linux -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | trim | indent 8 }} -{{- end }} - serviceAccountName: {{ include "ztunnel.release-name" . }} - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - containers: - - name: istio-proxy -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub }}/{{ .Values.image | default "ztunnel" }}:{{ .Values.tag }}{{with (.Values.variant )}}-{{.}}{{end}}" -{{- end }} - ports: - - containerPort: 15020 - name: ztunnel-stats - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 10 }} -{{- end }} -{{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} -{{- end }} - securityContext: - # K8S docs are clear that CAP_SYS_ADMIN *or* privileged: true - # both force this to `true`: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - # But there is a K8S validation bug that doesn't propery catch this: https://github.com/kubernetes/kubernetes/issues/119568 - allowPrivilegeEscalation: true - privileged: false - capabilities: - drop: - - ALL - add: # See https://man7.org/linux/man-pages/man7/capabilities.7.html - - NET_ADMIN # Required for TPROXY and setsockopt - - SYS_ADMIN # Required for `setns` - doing things in other netns - - NET_RAW # Required for RAW/PACKET sockets, TPROXY - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: false - runAsUser: 0 -{{- if .Values.seLinuxOptions }} - seLinuxOptions: -{{ toYaml .Values.seLinuxOptions | trim | indent 12 }} -{{- end }} - readinessProbe: - httpGet: - port: 15021 - path: /healthz/ready - args: - - proxy - - ztunnel - env: - - name: CA_ADDRESS - {{- if .Values.caAddress }} - value: {{ .Values.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - - name: XDS_ADDRESS - {{- if .Values.xdsAddress }} - value: {{ .Values.xdsAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - {{- if .Values.logAsJson }} - - name: LOG_FORMAT - value: json - {{- end}} - - name: RUST_LOG - value: {{ .Values.logLevel | quote }} - - name: RUST_BACKTRACE - value: "1" - - name: ISTIO_META_CLUSTER_ID - value: {{ .Values.multiCluster.clusterName | default "Kubernetes" }} - - name: INPOD_ENABLED - value: "true" - - name: TERMINATION_GRACE_PERIOD_SECONDS - value: "{{ .Values.terminationGracePeriodSeconds }}" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.meshConfig.defaultConfig.proxyMetadata }} - {{- range $key, $value := .Values.meshConfig.defaultConfig.proxyMetadata}} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- with .Values.env }} - {{- range $key, $val := . }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - volumeMounts: - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - - mountPath: /tmp - name: tmp - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 8 }} - {{- end }} - priorityClassName: system-node-critical - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - volumes: - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: istio-ca - - name: istiod-ca-cert - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate # ideally this would be a socket, but istio-cni may not have started yet. - # pprof needs a writable /tmp, and we don't have that thanks to `readOnlyRootFilesystem: true`, so mount one - - name: tmp - emptyDir: {} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} diff --git a/resources/v1.26.3/charts/ztunnel/templates/rbac.yaml b/resources/v1.26.3/charts/ztunnel/templates/rbac.yaml deleted file mode 100644 index 0a8138c9a..000000000 --- a/resources/v1.26.3/charts/ztunnel/templates/rbac.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount - {{- with .Values.imagePullSecrets }} -imagePullSecrets: - {{- range . }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} ---- -{{- if (eq (.Values.platform | default "") "openshift") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ztunnel.release-name" . }} -subjects: -- kind: ServiceAccount - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} -{{- end }} ---- diff --git a/resources/v1.26.3/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.26.3/charts/ztunnel/templates/resourcequota.yaml deleted file mode 100644 index a1c0e5496..000000000 --- a/resources/v1.26.3/charts/ztunnel/templates/resourcequota.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.3/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.26.3/charts/ztunnel/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.3/charts/ztunnel/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.3/charts/ztunnel/values.yaml b/resources/v1.26.3/charts/ztunnel/values.yaml deleted file mode 100644 index 18ab47fd4..000000000 --- a/resources/v1.26.3/charts/ztunnel/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Hub to pull from. Image will be `Hub/Image:Tag-Variant` - hub: gcr.io/istio-release - # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.26.3 - # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. - variant: "" - - # Image name to pull from. Image will be `Hub/Image:Tag-Variant` - # If Image contains a "/", it will replace the entire `image` in the pod. - image: ztunnel - - # resourceName, if set, will override the naming of resources. If not set, will default to 'ztunnel'. - # If you set this, you MUST also set `trustedZtunnelName` in the `istiod` chart. - resourceName: "" - - # Labels to apply to all top level resources - labels: {} - # Annotations to apply to all top level resources - annotations: {} - - # Additional volumeMounts to the ztunnel container - volumeMounts: [] - - # Additional volumes to the ztunnel pod - volumes: [] - - # Annotations added to each pod. The default annotations are required for scraping prometheus (in most environments). - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - - # Additional labels to apply on the pod level - podLabels: {} - - # Pod resource configuration - resources: - requests: - cpu: 200m - # Ztunnel memory scales with the size of the cluster and traffic load - # While there are many factors, this is enough for ~200k pod cluster or 100k concurrently open connections. - memory: 512Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # List of secret names to add to the service account as image pull secrets - imagePullSecrets: [] - - # A `key: value` mapping of environment variables to add to the pod - env: {} - - # Override for the pod imagePullPolicy - imagePullPolicy: "" - - # Settings for multicluster - multiCluster: - # The name of the cluster we are installing in. Note this is a user-defined name, which must be consistent - # with Istiod configuration. - clusterName: "" - - # meshConfig defines runtime configuration of components. - # For ztunnel, only defaultConfig is used, but this is nested under `meshConfig` for consistency with other - # components. - # TODO: https://github.com/istio/istio/issues/43248 - meshConfig: - defaultConfig: - proxyMetadata: {} - - # This value defines: - # 1. how many seconds kube waits for ztunnel pod to gracefully exit before forcibly terminating it (this value) - # 2. how many seconds ztunnel waits to drain its own connections (this value - 1 sec) - # Default K8S value is 30 seconds - terminationGracePeriodSeconds: 30 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set explicitly. - revision: "" - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - caAddress: "" - - # The customized XDS address to retrieve configuration. - # This should include the port - 15012 for Istiod. TLS will be used with the certificates in "istiod-ca-cert" secret. - # By default, it is istiod.istio-system.svc:15012 if revision is not set, or istiod-..svc:15012 - xdsAddress: "" - - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set. - istioNamespace: istio-system - - # Configuration log level of ztunnel binary, default is info. - # Valid values are: trace, debug, info, warn, error - logLevel: info - - # To output all logs in json format - logAsJson: false - - # Set to `type: RuntimeDefault` to use the default profile if available. - seLinuxOptions: {} - # TODO Ambient inpod - for OpenShift, set to the following to get writable sockets in hostmounts to work, eventually consider CSI driver instead - #seLinuxOptions: - # type: spc_t - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 diff --git a/resources/v1.26.3/cni-1.26.3.tgz.etag b/resources/v1.26.3/cni-1.26.3.tgz.etag deleted file mode 100644 index 93d031561..000000000 --- a/resources/v1.26.3/cni-1.26.3.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -7276c7e990fecebf64e82768de83515b diff --git a/resources/v1.26.3/commit b/resources/v1.26.3/commit deleted file mode 100644 index f8f738140..000000000 --- a/resources/v1.26.3/commit +++ /dev/null @@ -1 +0,0 @@ -1.26.3 diff --git a/resources/v1.26.3/gateway-1.26.3.tgz.etag b/resources/v1.26.3/gateway-1.26.3.tgz.etag deleted file mode 100644 index 24768eb87..000000000 --- a/resources/v1.26.3/gateway-1.26.3.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -9e16732209d0fabdd2fb5e06e145936b diff --git a/resources/v1.26.3/istiod-1.26.3.tgz.etag b/resources/v1.26.3/istiod-1.26.3.tgz.etag deleted file mode 100644 index ca347b1ab..000000000 --- a/resources/v1.26.3/istiod-1.26.3.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -c8477602b00277bca7a498821d678132 diff --git a/resources/v1.26.3/profiles/ambient.yaml b/resources/v1.26.3/profiles/ambient.yaml deleted file mode 100644 index 71ea784a8..000000000 --- a/resources/v1.26.3/profiles/ambient.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient diff --git a/resources/v1.26.3/profiles/default.yaml b/resources/v1.26.3/profiles/default.yaml deleted file mode 100644 index 8f1ef1967..000000000 --- a/resources/v1.26.3/profiles/default.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - # Most default values come from the helm chart's values.yaml - # Below are the things that differ - values: - defaultRevision: "" - global: - istioNamespace: istio-system - configValidation: true - ztunnel: - resourceName: ztunnel diff --git a/resources/v1.26.3/profiles/demo.yaml b/resources/v1.26.3/profiles/demo.yaml deleted file mode 100644 index 53c4b4163..000000000 --- a/resources/v1.26.3/profiles/demo.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: demo diff --git a/resources/v1.26.3/profiles/empty.yaml b/resources/v1.26.3/profiles/empty.yaml deleted file mode 100644 index 4477cb1fe..000000000 --- a/resources/v1.26.3/profiles/empty.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# The empty profile has everything disabled -# This is useful as a base for custom user configuration -apiVersion: sailoperator.io/v1 -kind: Istio -spec: {} diff --git a/resources/v1.26.3/profiles/openshift-ambient.yaml b/resources/v1.26.3/profiles/openshift-ambient.yaml deleted file mode 100644 index 76edf00cd..000000000 --- a/resources/v1.26.3/profiles/openshift-ambient.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient - global: - platform: openshift diff --git a/resources/v1.26.3/profiles/openshift.yaml b/resources/v1.26.3/profiles/openshift.yaml deleted file mode 100644 index 41492660f..000000000 --- a/resources/v1.26.3/profiles/openshift.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - global: - platform: openshift diff --git a/resources/v1.26.3/profiles/preview.yaml b/resources/v1.26.3/profiles/preview.yaml deleted file mode 100644 index 59d545c84..000000000 --- a/resources/v1.26.3/profiles/preview.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: preview diff --git a/resources/v1.26.3/profiles/remote.yaml b/resources/v1.26.3/profiles/remote.yaml deleted file mode 100644 index 54c65c8ba..000000000 --- a/resources/v1.26.3/profiles/remote.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The remote profile is used to configure a mesh cluster without a locally deployed control plane. -# Only the injector mutating webhook configuration is installed. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: remote diff --git a/resources/v1.26.3/profiles/stable.yaml b/resources/v1.26.3/profiles/stable.yaml deleted file mode 100644 index 285feba24..000000000 --- a/resources/v1.26.3/profiles/stable.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: stable diff --git a/resources/v1.26.3/ztunnel-1.26.3.tgz.etag b/resources/v1.26.3/ztunnel-1.26.3.tgz.etag deleted file mode 100644 index 3507bebb0..000000000 --- a/resources/v1.26.3/ztunnel-1.26.3.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -4c13ab04680542117349cb31ce55e2d8 diff --git a/resources/v1.26.4/base-1.26.4.tgz.etag b/resources/v1.26.4/base-1.26.4.tgz.etag deleted file mode 100644 index f84d5674d..000000000 --- a/resources/v1.26.4/base-1.26.4.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -4fb7c799700054cda9126aba2fc0da17 diff --git a/resources/v1.26.4/charts/base/Chart.yaml b/resources/v1.26.4/charts/base/Chart.yaml deleted file mode 100644 index a816e88a0..000000000 --- a/resources/v1.26.4/charts/base/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.4 -description: Helm chart for deploying Istio cluster resources and CRDs -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -name: base -sources: -- https://github.com/istio/istio -version: 1.26.4 diff --git a/resources/v1.26.4/charts/base/README.md b/resources/v1.26.4/charts/base/README.md deleted file mode 100644 index ae8f6d5b0..000000000 --- a/resources/v1.26.4/charts/base/README.md +++ /dev/null @@ -1,35 +0,0 @@ -# Istio base Helm Chart - -This chart installs resources shared by all Istio revisions. This includes Istio CRDs. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-base`: - -```console -kubectl create namespace istio-system -helm install istio-base istio/base -n istio-system -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.4/charts/base/files/profile-ambient.yaml b/resources/v1.26.4/charts/base/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.4/charts/base/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.4/charts/base/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.4/charts/base/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.4/charts/base/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/base/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.4/charts/base/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.4/charts/base/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.4/charts/base/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.4/charts/base/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/base/files/profile-demo.yaml b/resources/v1.26.4/charts/base/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.4/charts/base/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.4/charts/base/files/profile-platform-gke.yaml b/resources/v1.26.4/charts/base/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.4/charts/base/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.4/charts/base/files/profile-platform-k3d.yaml b/resources/v1.26.4/charts/base/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.4/charts/base/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.4/charts/base/files/profile-platform-k3s.yaml b/resources/v1.26.4/charts/base/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.4/charts/base/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.4/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.26.4/charts/base/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.4/charts/base/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.4/charts/base/files/profile-platform-minikube.yaml b/resources/v1.26.4/charts/base/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.4/charts/base/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.4/charts/base/files/profile-platform-openshift.yaml b/resources/v1.26.4/charts/base/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.4/charts/base/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.4/charts/base/files/profile-preview.yaml b/resources/v1.26.4/charts/base/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.4/charts/base/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.4/charts/base/files/profile-remote.yaml b/resources/v1.26.4/charts/base/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.4/charts/base/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.4/charts/base/files/profile-stable.yaml b/resources/v1.26.4/charts/base/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.4/charts/base/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.4/charts/base/templates/NOTES.txt b/resources/v1.26.4/charts/base/templates/NOTES.txt deleted file mode 100644 index f12616f57..000000000 --- a/resources/v1.26.4/charts/base/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -Istio base successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.26.4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml deleted file mode 100644 index 2616b09c9..000000000 --- a/resources/v1.26.4/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if and .Values.experimental.stableValidationPolicy (not (eq .Values.defaultRevision "")) }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-default-policy.istio.io" - labels: - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision }} - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-default-policy-binding.istio.io" -spec: - policyName: "stable-channel-default-policy.istio.io" - validationActions: [Deny] -{{- end }} diff --git a/resources/v1.26.4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.26.4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml deleted file mode 100644 index 8cb76fd77..000000000 --- a/resources/v1.26.4/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if not (eq .Values.defaultRevision "") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istiod-default-validator - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - - name: validation.istio.io - clientConfig: - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - {{- if (eq .Values.defaultRevision "default") }} - name: istiod - {{- else }} - name: istiod-{{ .Values.defaultRevision }} - {{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] -{{- end }} diff --git a/resources/v1.26.4/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.26.4/charts/base/templates/reader-serviceaccount.yaml deleted file mode 100644 index ba829a6bf..000000000 --- a/resources/v1.26.4/charts/base/templates/reader-serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# This singleton service account aggregates reader permissions for the revisions in a given cluster -# ATM this is a singleton per cluster with Istio installed, and is not revisioned. It maybe should be, -# as otherwise compromising the token for this SA would give you access to *every* installed revision. -# Should be used for remote secret creation. -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.4/charts/base/templates/zzz_profile.yaml b/resources/v1.26.4/charts/base/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.4/charts/base/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.4/charts/base/values.yaml b/resources/v1.26.4/charts/base/values.yaml deleted file mode 100644 index d18296f00..000000000 --- a/resources/v1.26.4/charts/base/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - global: - - # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - - # Used to locate istiod. - istioNamespace: istio-system - base: - # A list of CRDs to exclude. Requires `enableCRDTemplates` to be true. - # Example: `excludedCRDs: ["envoyfilters.networking.istio.io"]`. - # Note: when installing with `istioctl`, `enableIstioConfigCRDs=false` must also be set. - excludedCRDs: [] - # Helm (as of V3) does not support upgrading CRDs, because it is not universally - # safe for them to support this. - # Istio as a project enforces certain backwards-compat guarantees that allow us - # to safely upgrade CRDs in spite of this, so we default to self-managing CRDs - # as standard K8S resources in Helm, and disable Helm's CRD management. See also: - # https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts - enableCRDTemplates: true - - # Validation webhook configuration url - # For example: https://$remotePilotAddress:15017/validate - validationURL: "" - # Validation webhook caBundle value. Useful when running pilot with a well known cert - validationCABundle: "" - - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - defaultRevision: "default" - experimental: - stableValidationPolicy: false diff --git a/resources/v1.26.4/charts/cni/Chart.yaml b/resources/v1.26.4/charts/cni/Chart.yaml deleted file mode 100644 index 97d726e84..000000000 --- a/resources/v1.26.4/charts/cni/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.4 -description: Helm chart for istio-cni components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-cni -- istio -name: cni -sources: -- https://github.com/istio/istio -version: 1.26.4 diff --git a/resources/v1.26.4/charts/cni/README.md b/resources/v1.26.4/charts/cni/README.md deleted file mode 100644 index a8b78d5bd..000000000 --- a/resources/v1.26.4/charts/cni/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# Istio CNI Helm Chart - -This chart installs the Istio CNI Plugin. See the [CNI installation guide](https://istio.io/latest/docs/setup/additional-setup/cni/) -for more information. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-cni`: - -```console -helm install istio-cni istio/cni -n kube-system -``` - -Installation in `kube-system` is recommended to ensure the [`system-node-critical`](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) -`priorityClassName` can be used. You can install in other namespace only on K8S clusters that allow -'system-node-critical' outside of kube-system. - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istio-cni -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Ambient - -To enable ambient, you can use the ambient profile: `--set profile=ambient`. - -#### Calico - -For Calico, you must also modify the settings to allow source spoofing: - -- if deployed by operator, `kubectl patch felixconfigurations default --type='json' -p='[{"op": "add", "path": "/spec/workloadSourceSpoofing", "value": "Any"}]'` -- if deployed by manifest, add env `FELIX_WORKLOADSOURCESPOOFING` with value `Any` in `spec.template.spec.containers.env` for daemonset `calico-node`. (This will allow PODs with specified annotation to skip the rpf check. ) - -### GKE notes - -On GKE, 'kube-system' is required. - -If using `helm template`, `--set cni.cniBinDir=/home/kubernetes/bin` is required - with `helm install` -it is auto-detected. diff --git a/resources/v1.26.4/charts/cni/files/profile-ambient.yaml b/resources/v1.26.4/charts/cni/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.4/charts/cni/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.4/charts/cni/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.4/charts/cni/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.4/charts/cni/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/cni/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.4/charts/cni/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.4/charts/cni/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.4/charts/cni/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.4/charts/cni/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/cni/files/profile-demo.yaml b/resources/v1.26.4/charts/cni/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.4/charts/cni/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.4/charts/cni/files/profile-platform-gke.yaml b/resources/v1.26.4/charts/cni/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.4/charts/cni/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.4/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.26.4/charts/cni/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.4/charts/cni/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.4/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.26.4/charts/cni/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.4/charts/cni/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.4/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.26.4/charts/cni/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.4/charts/cni/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.4/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.26.4/charts/cni/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.4/charts/cni/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.4/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.26.4/charts/cni/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.4/charts/cni/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.4/charts/cni/files/profile-preview.yaml b/resources/v1.26.4/charts/cni/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.4/charts/cni/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.4/charts/cni/files/profile-remote.yaml b/resources/v1.26.4/charts/cni/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.4/charts/cni/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.4/charts/cni/files/profile-stable.yaml b/resources/v1.26.4/charts/cni/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.4/charts/cni/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.4/charts/cni/templates/NOTES.txt b/resources/v1.26.4/charts/cni/templates/NOTES.txt deleted file mode 100644 index fb35525b9..000000000 --- a/resources/v1.26.4/charts/cni/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -"{{ .Release.Name }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.4/charts/cni/templates/_helpers.tpl b/resources/v1.26.4/charts/cni/templates/_helpers.tpl deleted file mode 100644 index 73cc17b2f..000000000 --- a/resources/v1.26.4/charts/cni/templates/_helpers.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{- define "name" -}} - istio-cni -{{- end }} - - -{{- define "istio-tag" -}} - {{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}} -{{- end }} diff --git a/resources/v1.26.4/charts/cni/templates/clusterrole.yaml b/resources/v1.26.4/charts/cni/templates/clusterrole.yaml deleted file mode 100644 index 1779e0bb1..000000000 --- a/resources/v1.26.4/charts/cni/templates/clusterrole.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -- apiGroups: [""] - resources: ["pods","nodes","namespaces"] - verbs: ["get", "list", "watch"] -{{- if (eq ((coalesce .Values.platform .Values.global.platform) | default "") "openshift") }} -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -{{- end }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-repair-role - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["watch", "get", "list"] -{{- if .Values.repair.repairPods }} -{{- /* No privileges needed*/}} -{{- else if .Values.repair.deletePods }} - - apiGroups: [""] - resources: ["pods"] - verbs: ["delete"] -{{- else if .Values.repair.labelPods }} - - apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -{{- end }} -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-ambient - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -- apiGroups: ["apps"] - resources: ["daemonsets"] - resourceNames: ["{{ template "name" . }}-node"] - verbs: ["get"] -{{- end }} diff --git a/resources/v1.26.4/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.26.4/charts/cni/templates/clusterrolebinding.yaml deleted file mode 100644 index 42fedab1f..000000000 --- a/resources/v1.26.4/charts/cni/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-repair-rolebinding - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-repair-role -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-ambient - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-ambient -{{- end }} diff --git a/resources/v1.26.4/charts/cni/templates/configmap-cni.yaml b/resources/v1.26.4/charts/cni/templates/configmap-cni.yaml deleted file mode 100644 index 3deb2cb5a..000000000 --- a/resources/v1.26.4/charts/cni/templates/configmap-cni.yaml +++ /dev/null @@ -1,35 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "name" . }}-config - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -data: - CURRENT_AGENT_VERSION: {{ .Values.tag | default .Values.global.tag | quote }} - AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} - AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | quote }} - AMBIENT_IPV6: {{ .Values.ambient.ipv6 | quote }} - AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | quote }} - {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values - CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. - {{- end }} - CHAINED_CNI_PLUGIN: {{ .Values.chained | quote }} - EXCLUDE_NAMESPACES: "{{ range $idx, $ns := .Values.excludeNamespaces }}{{ if $idx }},{{ end }}{{ $ns }}{{ end }}" - REPAIR_ENABLED: {{ .Values.repair.enabled | quote }} - REPAIR_LABEL_PODS: {{ .Values.repair.labelPods | quote }} - REPAIR_DELETE_PODS: {{ .Values.repair.deletePods | quote }} - REPAIR_REPAIR_PODS: {{ .Values.repair.repairPods | quote }} - REPAIR_INIT_CONTAINER_NAME: {{ .Values.repair.initContainerName | quote }} - REPAIR_BROKEN_POD_LABEL_KEY: {{ .Values.repair.brokenPodLabelKey | quote }} - REPAIR_BROKEN_POD_LABEL_VALUE: {{ .Values.repair.brokenPodLabelValue | quote }} - {{- with .Values.env }} - {{- range $key, $val := . }} - {{ $key }}: "{{ $val }}" - {{- end }} - {{- end }} diff --git a/resources/v1.26.4/charts/cni/templates/daemonset.yaml b/resources/v1.26.4/charts/cni/templates/daemonset.yaml deleted file mode 100644 index cdccd3654..000000000 --- a/resources/v1.26.4/charts/cni/templates/daemonset.yaml +++ /dev/null @@ -1,245 +0,0 @@ -# This manifest installs the Istio install-cni container, as well -# as the Istio CNI plugin and config on -# each master and worker node in a Kubernetes cluster. -# -# $detectedBinDir exists to support a GKE-specific platform override, -# and is deprecated in favor of using the explicit `gke` platform profile. -{{- $detectedBinDir := (.Capabilities.KubeVersion.GitVersion | contains "-gke") | ternary - "/home/kubernetes/bin" - "/opt/cni/bin" -}} -{{- if .Values.cniBinDir }} -{{ $detectedBinDir = .Values.cniBinDir }} -{{- end }} -kind: DaemonSet -apiVersion: apps/v1 -metadata: - # Note that this is templated but evaluates to a fixed name - # which the CNI plugin may fall back onto in some failsafe scenarios. - # if this name is changed, CNI plugin logic that checks for this name - # format should also be updated. - name: {{ template "name" . }}-node - namespace: {{ .Release.Namespace }} - labels: - k8s-app: {{ template "name" . }}-node - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - k8s-app: {{ template "name" . }}-node - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - k8s-app: {{ template "name" . }}-node - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 8 }} - annotations: - sidecar.istio.io/inject: "false" - # Add Prometheus Scrape annotations - prometheus.io/scrape: 'true' - prometheus.io/port: "15014" - prometheus.io/path: '/metrics' - # Add AppArmor annotation - # This is required to avoid conflicts with AppArmor profiles which block certain - # privileged pod capabilities. - # Required for Kubernetes 1.29 which does not support setting appArmorProfile in the - # securityContext which is otherwise preferred. - container.apparmor.security.beta.kubernetes.io/install-cni: unconfined - # Custom annotations - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet -{{- end }} - nodeSelector: - kubernetes.io/os: linux - # Can be configured to allow for excluding istio-cni from being scheduled on specified nodes - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - tolerations: - # Make sure istio-cni-node gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: {{ template "name" . }} - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 5 - containers: - # This container installs the Istio CNI binaries - # and CNI network config file on each node. - - name: install-cni -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "install-cni" }}:{{ template "istio-tag" . }}" -{{- end }} -{{- if or .Values.pullPolicy .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.imagePullPolicy }} -{{- end }} - ports: - - containerPort: 15014 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8000 - securityContext: - privileged: false - runAsGroup: 0 - runAsUser: 0 - runAsNonRoot: false - # Both ambient and sidecar repair mode require elevated node privileges to function. - # But we don't need _everything_ in `privileged`, so explicitly set it to false and - # add capabilities based on feature. - capabilities: - drop: - - ALL - add: - # CAP_NET_ADMIN is required to allow ipset and route table access - - NET_ADMIN - # CAP_NET_RAW is required to allow iptables mutation of the `nat` table - - NET_RAW - # CAP_SYS_PTRACE is required for repair and ambient mode to describe - # the pod's network namespace. - - SYS_PTRACE - # CAP_SYS_ADMIN is required for both ambient and repair, in order to open - # network namespaces in `/proc` to obtain descriptors for entering pod network - # namespaces. There does not appear to be a more granular capability for this. - - SYS_ADMIN - # While we run as a 'root' (UID/GID 0), since we drop all capabilities we lose - # the typical ability to read/write to folders owned by others. - # This can cause problems if the hostPath mounts we use, which we require write access into, - # are owned by non-root. DAC_OVERRIDE bypasses these and gives us write access into any folder. - - DAC_OVERRIDE -{{- if .Values.seLinuxOptions }} -{{ with (merge .Values.seLinuxOptions (dict "type" "spc_t")) }} - seLinuxOptions: -{{ toYaml . | trim | indent 14 }} -{{- end }} -{{- end }} -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - command: ["install-cni"] - args: - {{- if or .Values.logging.level .Values.global.logging.level }} - - --log_output_level={{ coalesce .Values.logging.level .Values.global.logging.level }} - {{- end}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end}} - envFrom: - - configMapRef: - name: {{ template "name" . }}-config - env: - - name: REPAIR_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: REPAIR_RUN_AS_DAEMON - value: "true" - - name: REPAIR_SIDECAR_ANNOTATION - value: "sidecar.istio.io/status" - {{- if not (and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace) }} - - name: ALLOW_SWITCH_TO_HOST_NS - value: "true" - {{- end }} - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - mountPath: /host/proc - name: cni-host-procfs - readOnly: true - {{- end }} - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - - mountPath: /var/run/istio-cni - name: cni-socket-dir - {{- if .Values.ambient.enabled }} - - mountPath: /host/var/run/netns - mountPropagation: HostToContainer - name: cni-netns-dir - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - {{ end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - volumes: - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: {{ $detectedBinDir }} - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - name: cni-host-procfs - hostPath: - path: /proc - type: Directory - {{- end }} - {{- if .Values.ambient.enabled }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate - {{- end }} - - name: cni-net-dir - hostPath: - path: {{ .Values.cniConfDir }} - # Used for UDS sockets for logging, ambient eventing - - name: cni-socket-dir - hostPath: - path: /var/run/istio-cni - - name: cni-netns-dir - hostPath: - path: {{ .Values.cniNetnsDir }} - type: DirectoryOrCreate # DirectoryOrCreate instead of Directory for the following reason - CNI may not bind mount this until a non-hostnetwork pod is scheduled on the node, - # and we don't want to block CNI agent pod creation on waiting for the first non-hostnetwork pod. - # Once the CNI does mount this, it will get populated and we're good. diff --git a/resources/v1.26.4/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.26.4/charts/cni/templates/network-attachment-definition.yaml deleted file mode 100644 index 86a2eb7c0..000000000 --- a/resources/v1.26.4/charts/cni/templates/network-attachment-definition.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if eq .Values.provider "multus" }} -apiVersion: k8s.cni.cncf.io/v1 -kind: NetworkAttachmentDefinition -metadata: - name: {{ template "name" . }} - namespace: default - labels: - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.4/charts/cni/templates/resourcequota.yaml b/resources/v1.26.4/charts/cni/templates/resourcequota.yaml deleted file mode 100644 index 9a6d61ff9..000000000 --- a/resources/v1.26.4/charts/cni/templates/resourcequota.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ template "name" . }}-resource-quota - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.4/charts/cni/templates/serviceaccount.yaml b/resources/v1.26.4/charts/cni/templates/serviceaccount.yaml deleted file mode 100644 index 3193d7b74..000000000 --- a/resources/v1.26.4/charts/cni/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.4/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.26.4/charts/cni/templates/zzy_descope_legacy.yaml deleted file mode 100644 index a9584ac29..000000000 --- a/resources/v1.26.4/charts/cni/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.cni` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "cni") }} \ No newline at end of file diff --git a/resources/v1.26.4/charts/cni/templates/zzz_profile.yaml b/resources/v1.26.4/charts/cni/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.4/charts/cni/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.4/charts/cni/values.yaml b/resources/v1.26.4/charts/cni/values.yaml deleted file mode 100644 index e05e90fcd..000000000 --- a/resources/v1.26.4/charts/cni/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - hub: "" - tag: "" - variant: "" - image: install-cni - pullPolicy: "" - - # Same as `global.logging.level`, but will override it if set - logging: - level: "" - - # Configuration file to insert istio-cni plugin configuration - # by default this will be the first file found in the cni-conf-dir - # Example - # cniConfFileName: 10-calico.conflist - - # CNI-and-platform specific path defaults. - # These may need to be set to platform-specific values, consult - # overrides for your platform in `manifests/helm-profiles/platform-*.yaml` - cniBinDir: /opt/cni/bin - cniConfDir: /etc/cni/net.d - cniConfFileName: "" - cniNetnsDir: "/var/run/netns" - - excludeNamespaces: - - kube-system - - # Allows user to set custom affinity for the DaemonSet - affinity: {} - - # Custom annotations on pod level, if you need them - podAnnotations: {} - - # Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")? - # Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case - chained: true - - # Custom configuration happens based on the CNI provider. - # Possible values: "default", "multus" - provider: "default" - - # Configure ambient settings - ambient: - # If enabled, ambient redirection will be enabled - enabled: false - # Set ambient config dir path: defaults to /etc/ambient-config - configDir: "" - # If enabled, and ambient is enabled, DNS redirection will be enabled - dnsCapture: true - # If enabled, and ambient is enabled, enables ipv6 support - ipv6: true - # If enabled, and ambient is enabled, the CNI agent will reconcile incompatible iptables rules and chains at startup. - # This will eventually be enabled by default - reconcileIptablesOnStartup: false - # If enabled, and ambient is enabled, the CNI agent will always share the network namespace of the host node it is running on - shareHostNetworkNamespace: false - - - repair: - enabled: true - hub: "" - tag: "" - - # Repair controller has 3 modes. Pick which one meets your use cases. Note only one may be used. - # This defines the action the controller will take when a pod is detected as broken. - - # labelPods will label all pods with =. - # This is only capable of identifying broken pods; the user is responsible for fixing them (generally, by deleting them). - # Note this gives the DaemonSet a relatively high privilege, as modifying pod metadata/status can have wider impacts. - labelPods: false - # deletePods will delete any broken pod. These will then be rescheduled, hopefully onto a node that is fully ready. - # Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod. - deletePods: false - # repairPods will dynamically repair any broken pod by setting up the pod networking configuration even after it has started. - # Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. - # This requires no RBAC privilege, but does require `securityContext.privileged/CAP_SYS_ADMIN`. - repairPods: true - - initContainerName: "istio-validation" - - brokenPodLabelKey: "cni.istio.io/uninitialized" - brokenPodLabelValue: "true" - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # SELinux options to set in the istio-cni-node pods. You may need to set this to `type: spc_t` for some platforms. - seLinuxOptions: {} - - resources: - requests: - cpu: 100m - memory: 100Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # For Helm compatibility. - ownerName: "" - - global: - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - - # Default tag for Istio images. - tag: 1.26.4 - - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # change cni scope level to control logging out of istio-cni-node DaemonSet - logging: - level: info - - logAsJson: false - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Default resources allocated - defaultResources: - requests: - cpu: 100m - memory: 100Mi - - # A `key: value` mapping of environment variables to add to the pod - env: {} diff --git a/resources/v1.26.4/charts/gateway/Chart.yaml b/resources/v1.26.4/charts/gateway/Chart.yaml deleted file mode 100644 index 847bd28fd..000000000 --- a/resources/v1.26.4/charts/gateway/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.4 -description: Helm chart for deploying Istio gateways -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- gateways -name: gateway -sources: -- https://github.com/istio/istio -type: application -version: 1.26.4 diff --git a/resources/v1.26.4/charts/gateway/README.md b/resources/v1.26.4/charts/gateway/README.md deleted file mode 100644 index 5c064d165..000000000 --- a/resources/v1.26.4/charts/gateway/README.md +++ /dev/null @@ -1,170 +0,0 @@ -# Istio Gateway Helm Chart - -This chart installs an Istio gateway deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-ingressgateway`: - -```console -helm install istio-ingressgateway istio/gateway -``` - -## Uninstalling the Chart - -To uninstall/delete the `istio-ingressgateway` deployment: - -```console -helm delete istio-ingressgateway -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/gateway -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### OpenShift - -When deploying the gateway in an OpenShift cluster, use the `openshift` profile to override the default values, for example: - -```console -helm install istio-ingressgateway istio/gateway --set profile=openshift -``` - -### `image: auto` Information - -The image used by the chart, `auto`, may be unintuitive. -This exists because the pod spec will be automatically populated at runtime, using the same mechanism as [Sidecar Injection](istio.io/latest/docs/setup/additional-setup/sidecar-injection). -This allows the same configurations and lifecycle to apply to gateways as sidecars. - -Note: this does mean that the namespace the gateway is deployed in must not have the `istio-injection=disabled` label. -See [Controlling the injection policy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) for more info. - -### Examples - -#### Egress Gateway - -Deploying a Gateway to be used as an [Egress Gateway](https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/): - -```yaml -service: - # Egress gateways do not need an external LoadBalancer IP - type: ClusterIP -``` - -#### Multi-network/VM Gateway - -Deploying a Gateway to be used as a [Multi-network Gateway](https://istio.io/latest/docs/setup/install/multicluster/) for network `network-1`: - -```yaml -networkGateway: network-1 -``` - -### Migrating from other installation methods - -Installations from other installation methods (such as istioctl, Istio Operator, other helm charts, etc) can be migrated to use the new Helm charts -following the guidance below. -If you are able to, a clean installation is simpler. However, this often requires an external IP migration which can be challenging. - -WARNING: when installing over an existing deployment, the two deployments will be merged together by Helm, which may lead to unexpected results. - -#### Legacy Gateway Helm charts - -Istio historically offered two different charts - `manifests/charts/gateways/istio-ingress` and `manifests/charts/gateways/istio-egress`. -These are replaced by this chart. -While not required, it is recommended all new users use this chart, and existing users migrate when possible. - -This chart has the following benefits and differences: -* Designed with Helm best practices in mind (standardized values options, values schema, values are not all nested under `gateways.istio-ingressgateway.*`, release name and namespace taken into account, etc). -* Utilizes Gateway injection, simplifying upgrades, allowing gateways to run in any namespace, and avoiding repeating config for sidecars and gateways. -* Published to official Istio Helm repository. -* Single chart for all gateways (Ingress, Egress, East West). - -#### General concerns - -For a smooth migration, the resource names and `Deployment.spec.selector` labels must match. - -If you install with `helm install istio-gateway istio/gateway`, resources will be named `istio-gateway` and the `selector` labels set to: - -```yaml -app: istio-gateway -istio: gateway # the release name with leading istio- prefix stripped -``` - -If your existing installation doesn't follow these names, you can override them. For example, if you have resources named `my-custom-gateway` with `selector` labels -`foo=bar,istio=ingressgateway`: - -```yaml -name: my-custom-gateway # Override the name to match existing resources -labels: - app: "" # Unset default app selector label - istio: ingressgateway # override default istio selector label - foo: bar # Add the existing custom selector label -``` - -#### Migrating an existing Helm release - -An existing helm release can be `helm upgrade`d to this chart by using the same release name. For example, if a previous -installation was done like: - -```console -helm install istio-ingress manifests/charts/gateways/istio-ingress -n istio-system -``` - -It could be upgraded with - -```console -helm upgrade istio-ingress manifests/charts/gateway -n istio-system --set name=istio-ingressgateway --set labels.app=istio-ingressgateway --set labels.istio=ingressgateway -``` - -Note the name and labels are overridden to match the names of the existing installation. - -Warning: the helm charts here default to using port 80 and 443, while the old charts used 8080 and 8443. -If you have AuthorizationPolicies that reference port these ports, you should update them during this process, -or customize the ports to match the old defaults. -See the [security advisory](https://istio.io/latest/news/security/istio-security-2021-002/) for more information. - -#### Other migrations - -If you see errors like `rendered manifests contain a resource that already exists` during installation, you may need to forcibly take ownership. - -The script below can handle this for you. Replace `RELEASE` and `NAMESPACE` with the name and namespace of the release: - -```console -KINDS=(service deployment) -RELEASE=istio-ingressgateway -NAMESPACE=istio-system -for KIND in "${KINDS[@]}"; do - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-name=$RELEASE - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-namespace=$NAMESPACE - kubectl --namespace $NAMESPACE --overwrite=true label $KIND $RELEASE app.kubernetes.io/managed-by=Helm -done -``` - -You may ignore errors about resources not being found. diff --git a/resources/v1.26.4/charts/gateway/files/profile-ambient.yaml b/resources/v1.26.4/charts/gateway/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.4/charts/gateway/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.4/charts/gateway/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.4/charts/gateway/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.4/charts/gateway/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/gateway/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.4/charts/gateway/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.4/charts/gateway/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.4/charts/gateway/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.4/charts/gateway/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/gateway/files/profile-demo.yaml b/resources/v1.26.4/charts/gateway/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.4/charts/gateway/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.4/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.26.4/charts/gateway/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.4/charts/gateway/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.4/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.26.4/charts/gateway/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.4/charts/gateway/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.4/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.26.4/charts/gateway/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.4/charts/gateway/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.4/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.26.4/charts/gateway/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.4/charts/gateway/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.4/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.26.4/charts/gateway/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.4/charts/gateway/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.4/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.26.4/charts/gateway/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.4/charts/gateway/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.4/charts/gateway/files/profile-preview.yaml b/resources/v1.26.4/charts/gateway/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.4/charts/gateway/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.4/charts/gateway/files/profile-remote.yaml b/resources/v1.26.4/charts/gateway/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.4/charts/gateway/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.4/charts/gateway/files/profile-stable.yaml b/resources/v1.26.4/charts/gateway/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.4/charts/gateway/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.4/charts/gateway/templates/NOTES.txt b/resources/v1.26.4/charts/gateway/templates/NOTES.txt deleted file mode 100644 index fd0142911..000000000 --- a/resources/v1.26.4/charts/gateway/templates/NOTES.txt +++ /dev/null @@ -1,9 +0,0 @@ -"{{ include "gateway.name" . }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: - * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ - * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ diff --git a/resources/v1.26.4/charts/gateway/templates/_helpers.tpl b/resources/v1.26.4/charts/gateway/templates/_helpers.tpl deleted file mode 100644 index e5a0a9b3c..000000000 --- a/resources/v1.26.4/charts/gateway/templates/_helpers.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{- define "gateway.name" -}} -{{- if eq .Release.Name "RELEASE-NAME" -}} - {{- .Values.name | default "istio-ingressgateway" -}} -{{- else -}} - {{- .Values.name | default .Release.Name | default "istio-ingressgateway" -}} -{{- end -}} -{{- end }} - -{{- define "gateway.labels" -}} -{{ include "gateway.selectorLabels" . }} -{{- range $key, $val := .Values.labels }} -{{- if and (ne $key "app") (ne $key "istio") }} -{{ $key | quote }}: {{ $val | quote }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "gateway.selectorLabels" -}} -app: {{ (.Values.labels.app | quote) | default (include "gateway.name" .) }} -istio: {{ (.Values.labels.istio | quote) | default (include "gateway.name" . | trimPrefix "istio-") }} -{{- end }} - -{{/* -Keep sidecar injection labels together -https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy -*/}} -{{- define "gateway.sidecarInjectionLabels" -}} -sidecar.istio.io/inject: "true" -{{- with .Values.revision }} -istio.io/rev: {{ . | quote }} -{{- end }} -{{- end }} - -{{- define "gateway.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- .Values.serviceAccount.name | default (include "gateway.name" .) }} -{{- else }} -{{- .Values.serviceAccount.name | default "default" }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.4/charts/gateway/templates/deployment.yaml b/resources/v1.26.4/charts/gateway/templates/deployment.yaml deleted file mode 100644 index d83ff3b49..000000000 --- a/resources/v1.26.4/charts/gateway/templates/deployment.yaml +++ /dev/null @@ -1,131 +0,0 @@ -apiVersion: apps/v1 -kind: {{ .Values.kind | default "Deployment" }} -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - {{- if and (hasKey .Values "replicaCount") (ne .Values.replicaCount nil) }} - replicas: {{ .Values.replicaCount }} - {{- end }} - {{- end }} - {{- with .Values.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.minReadySeconds }} - minReadySeconds: {{ . }} - {{- end }} - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "gateway.sidecarInjectionLabels" . | nindent 8 }} - {{- include "gateway.selectorLabels" . | nindent 8 }} - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 8}} - {{- range $key, $val := .Values.labels }} - {{- if and (ne $key "app") (ne $key "istio") }} - {{ $key | quote }}: {{ $val | quote }} - {{- end }} - {{- end }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "gateway.serviceAccountName" . }} - securityContext: - {{- if .Values.securityContext }} - {{- toYaml .Values.securityContext | nindent 8 }} - {{- else }} - # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326 - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - {{- with .Values.volumes }} - volumes: - {{ toYaml . | nindent 8 }} - {{- end }} - containers: - - name: istio-proxy - # "auto" will be populated at runtime by the mutating webhook. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#customizing-injection - image: auto - {{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} - {{- end }} - securityContext: - {{- if .Values.containerSecurityContext }} - {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- else }} - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - {{- if not (eq (.Values.platform | default "") "openshift") }} - runAsUser: 1337 - runAsGroup: 1337 - {{- end }} - runAsNonRoot: true - {{- end }} - env: - {{- with .Values.networkGateway }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: "{{.}}" - {{- end }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} - {{- with .Values.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} diff --git a/resources/v1.26.4/charts/gateway/templates/hpa.yaml b/resources/v1.26.4/charts/gateway/templates/hpa.yaml deleted file mode 100644 index 64ecb6a4c..000000000 --- a/resources/v1.26.4/charts/gateway/templates/hpa.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if and (.Values.autoscaling.enabled) (eq .Values.kind "Deployment") }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: {{ .Values.kind | default "Deployment" }} - name: {{ include "gateway.name" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaling.autoscaleBehavior | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.4/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.26.4/charts/gateway/templates/poddisruptionbudget.yaml deleted file mode 100644 index b0155cdf0..000000000 --- a/resources/v1.26.4/charts/gateway/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} -spec: - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - {{- with .Values.podDisruptionBudget }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.4/charts/gateway/templates/role.yaml b/resources/v1.26.4/charts/gateway/templates/role.yaml deleted file mode 100644 index 3d1607963..000000000 --- a/resources/v1.26.4/charts/gateway/templates/role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/*Set up roles for Istio Gateway. Not required for gateway-api*/}} -{{- if .Values.rbac.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "gateway.serviceAccountName" . }} -subjects: -- kind: ServiceAccount - name: {{ include "gateway.serviceAccountName" . }} -{{- end }} diff --git a/resources/v1.26.4/charts/gateway/templates/service.yaml b/resources/v1.26.4/charts/gateway/templates/service.yaml deleted file mode 100644 index 3e28418f7..000000000 --- a/resources/v1.26.4/charts/gateway/templates/service.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if not (eq .Values.service.type "None") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - annotations: - {{- merge (deepCopy .Values.service.annotations) .Values.annotations | toYaml | nindent 4 }} -spec: -{{- with .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ . }}" -{{- end }} -{{- if eq .Values.service.type "LoadBalancer" }} - {{- if hasKey .Values.service "allocateLoadBalancerNodePorts" }} - allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }} - {{- end }} - {{- if hasKey .Values.service "loadBalancerClass" }} - loadBalancerClass: {{ .Values.service.loadBalancerClass }} - {{- end }} -{{- end }} -{{- if .Values.service.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} -{{- end }} -{{- if .Values.service.ipFamilies }} - ipFamilies: -{{- range .Values.service.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} -{{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: "{{ . }}" -{{- end }} - type: {{ .Values.service.type }} - ports: -{{- if .Values.networkGateway }} - - name: status-port - port: 15021 - targetPort: 15021 - - name: tls - port: 15443 - targetPort: 15443 - - name: tls-istiod - port: 15012 - targetPort: 15012 - - name: tls-webhook - port: 15017 - targetPort: 15017 -{{- else }} -{{ .Values.service.ports | toYaml | indent 4 }} -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: {{- range .Values.service.externalIPs }} - - {{.}} - {{- end }} -{{- end }} - selector: - {{- include "gateway.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.4/charts/gateway/templates/serviceaccount.yaml b/resources/v1.26.4/charts/gateway/templates/serviceaccount.yaml deleted file mode 100644 index c88afeadd..000000000 --- a/resources/v1.26.4/charts/gateway/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.4/charts/gateway/templates/zzz_profile.yaml b/resources/v1.26.4/charts/gateway/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.4/charts/gateway/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.4/charts/gateway/values.schema.json b/resources/v1.26.4/charts/gateway/values.schema.json deleted file mode 100644 index d81fcffaa..000000000 --- a/resources/v1.26.4/charts/gateway/values.schema.json +++ /dev/null @@ -1,368 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "$defs": { - "values": { - "type": "object", - "additionalProperties": false, - "properties": { - "_internal_defaults_do_not_set": { - "type": "object" - }, - "global": { - "type": "object" - }, - "affinity": { - "type": "object" - }, - "securityContext": { - "type": [ - "object", - "null" - ] - }, - "containerSecurityContext": { - "type": [ - "object", - "null" - ] - }, - "kind": { - "type": "string", - "enum": [ - "Deployment", - "DaemonSet" - ] - }, - "annotations": { - "additionalProperties": { - "type": [ - "string", - "integer" - ] - }, - "type": "object" - }, - "autoscaling": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxReplicas": { - "type": "integer" - }, - "minReplicas": { - "type": "integer" - }, - "targetCPUUtilizationPercentage": { - "type": "integer" - } - } - }, - "env": { - "type": "object" - }, - "envVarFrom": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "valueFrom": { - "type": "object" - } - } - } - }, - "strategy": { - "type": "object" - }, - "minReadySeconds": { - "type": [ - "null", - "integer" - ] - }, - "readinessProbe": { - "type": [ - "null", - "object" - ] - }, - "labels": { - "type": "object" - }, - "name": { - "type": "string" - }, - "nodeSelector": { - "type": "object" - }, - "podAnnotations": { - "type": "object", - "properties": { - "inject.istio.io/templates": { - "type": "string" - }, - "prometheus.io/path": { - "type": "string" - }, - "prometheus.io/port": { - "type": "string" - }, - "prometheus.io/scrape": { - "type": "string" - } - } - }, - "replicaCount": { - "type": [ - "integer", - "null" - ] - }, - "resources": { - "type": "object", - "properties": { - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - }, - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - } - } - }, - "revision": { - "type": "string" - }, - "defaultRevision": { - "type": "string" - }, - "compatibilityVersion": { - "type": "string" - }, - "profile": { - "type": "string" - }, - "platform": { - "type": "string" - }, - "pilot": { - "type": "object" - }, - "runAsRoot": { - "type": "boolean" - }, - "unprivilegedPort": { - "type": [ - "string", - "boolean" - ], - "enum": [ - true, - false, - "auto" - ] - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "loadBalancerIP": { - "type": "string" - }, - "loadBalancerSourceRanges": { - "type": "array" - }, - "ipFamilies": { - "items": { - "type": "string", - "enum": [ - "IPv4", - "IPv6" - ] - } - }, - "ipFamilyPolicy": { - "type": "string", - "enum": [ - "", - "SingleStack", - "PreferDualStack", - "RequireDualStack" - ] - }, - "ports": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "protocol": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - }, - "type": { - "type": "string" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "name": { - "type": "string" - }, - "create": { - "type": "boolean" - } - } - }, - "rbac": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "tolerations": { - "type": "array" - }, - "topologySpreadConstraints": { - "type": "array" - }, - "networkGateway": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string", - "enum": [ - "", - "Always", - "IfNotPresent", - "Never" - ] - }, - "imagePullSecrets": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - } - } - }, - "podDisruptionBudget": { - "type": "object", - "properties": { - "minAvailable": { - "type": [ - "integer", - "string" - ] - }, - "maxUnavailable": { - "type": [ - "integer", - "string" - ] - }, - "unhealthyPodEvictionPolicy": { - "type": "string", - "enum": [ - "", - "IfHealthyBudget", - "AlwaysAllow" - ] - } - } - }, - "terminationGracePeriodSeconds": { - "type": "number" - }, - "volumes": { - "type": "array", - "items": { - "type": "object" - } - }, - "volumeMounts": { - "type": "array", - "items": { - "type": "object" - } - }, - "initContainers": { - "type": "array", - "items": { - "type": "object" - } - }, - "additionalContainers": { - "type": "array", - "items": { - "type": "object" - } - }, - "priorityClassName": { - "type": "string" - } - } - } - }, - "defaults": { - "$ref": "#/$defs/values" - }, - "$ref": "#/$defs/values" -} diff --git a/resources/v1.26.4/charts/gateway/values.yaml b/resources/v1.26.4/charts/gateway/values.yaml deleted file mode 100644 index 4e65676ba..000000000 --- a/resources/v1.26.4/charts/gateway/values.yaml +++ /dev/null @@ -1,170 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Name allows overriding the release name. Generally this should not be set - name: "" - # revision declares which revision this gateway is a part of - revision: "" - - # Controls the spec.replicas setting for the Gateway deployment if set. - # Otherwise defaults to Kubernetes Deployment default (1). - replicaCount: - - kind: Deployment - - rbac: - # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed - # when using http://gateway-api.org/. - enabled: true - - serviceAccount: - # If set, a service account will be created. Otherwise, the default is used - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set, the release name is used - name: "" - - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - prometheus.io/path: "/stats/prometheus" - inject.istio.io/templates: "gateway" - sidecar.istio.io/inject: "true" - - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - containerSecurityContext: {} - - service: - # Type of service. Set to "None" to disable the service entirely - type: LoadBalancer - ports: - - name: status-port - port: 15021 - protocol: TCP - targetPort: 15021 - - name: http2 - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - annotations: {} - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalTrafficPolicy: "" - externalIPs: [] - ipFamilyPolicy: "" - ipFamilies: [] - ## Whether to automatically allocate NodePorts (only for LoadBalancers). - # allocateLoadBalancerNodePorts: false - ## Set LoadBalancer class (only for LoadBalancers). - # loadBalancerClass: "" - - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: {} - autoscaleBehavior: {} - - # Pod environment variables - env: {} - - # Deployment Update strategy - strategy: {} - - # Sets the Deployment minReadySeconds value - minReadySeconds: - - # Optionally configure a custom readinessProbe. By default the control plane - # automatically injects the readinessProbe. If you wish to override that - # behavior, you may define your own readinessProbe here. - readinessProbe: {} - - # Labels to apply to all resources - labels: - # By default, don't enroll gateways into the ambient dataplane - "istio.io/dataplane-mode": none - - # Annotations to apply to all resources - annotations: {} - - nodeSelector: {} - - tolerations: [] - - topologySpreadConstraints: [] - - affinity: {} - - # If specified, the gateway will act as a network gateway for the given network. - networkGateway: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent - imagePullPolicy: "" - - imagePullSecrets: [] - - # This value is used to configure a Kubernetes PodDisruptionBudget for the gateway. - # - # By default, the `podDisruptionBudget` is disabled (set to `{}`), - # which means that no PodDisruptionBudget resource will be created. - # - # To enable the PodDisruptionBudget, configure it by specifying the - # `minAvailable` or `maxUnavailable`. For example, to set the - # minimum number of available replicas to 1, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # - # Or, to allow a maximum of 1 unavailable replica, you can set: - # - # podDisruptionBudget: - # maxUnavailable: 1 - # - # You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`. - # For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # unhealthyPodEvictionPolicy: AlwaysAllow - # - # To disable the PodDisruptionBudget, you can leave it as an empty object `{}`: - # - # podDisruptionBudget: {} - # - podDisruptionBudget: {} - - # Sets the per-pod terminationGracePeriodSeconds setting. - terminationGracePeriodSeconds: 30 - - # A list of `Volumes` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumes: [] - - # A list of `VolumeMounts` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumeMounts: [] - - # Configure this to a higher priority class in order to make sure your Istio gateway pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" diff --git a/resources/v1.26.4/charts/istiod/Chart.yaml b/resources/v1.26.4/charts/istiod/Chart.yaml deleted file mode 100644 index 93d19507e..000000000 --- a/resources/v1.26.4/charts/istiod/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.4 -description: Helm chart for istio control plane -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- istiod -- istio-discovery -name: istiod -sources: -- https://github.com/istio/istio -version: 1.26.4 diff --git a/resources/v1.26.4/charts/istiod/README.md b/resources/v1.26.4/charts/istiod/README.md deleted file mode 100644 index ddbfbc8fe..000000000 --- a/resources/v1.26.4/charts/istiod/README.md +++ /dev/null @@ -1,73 +0,0 @@ -# Istiod Helm Chart - -This chart installs an Istiod deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -Before installing, ensure CRDs are installed in the cluster (from the `istio/base` chart). - -To install the chart with the release name `istiod`: - -```console -kubectl create namespace istio-system -helm install istiod istio/istiod --namespace istio-system -``` - -## Uninstalling the Chart - -To uninstall/delete the `istiod` deployment: - -```console -helm delete istiod --namespace istio-system -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istiod -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Examples - -#### Configuring mesh configuration settings - -Any [Mesh Config](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/) options can be configured like below: - -```yaml -meshConfig: - accessLogFile: /dev/stdout -``` - -#### Revisions - -Control plane revisions allow deploying multiple versions of the control plane in the same cluster. -This allows safe [canary upgrades](https://istio.io/latest/docs/setup/upgrade/canary/) - -```yaml -revision: my-revision-name -``` diff --git a/resources/v1.26.4/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.26.4/charts/istiod/files/gateway-injection-template.yaml deleted file mode 100644 index 7d23f15f9..000000000 --- a/resources/v1.26.4/charts/istiod/files/gateway-injection-template.yaml +++ /dev/null @@ -1,261 +0,0 @@ -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: - istio.io/rev: {{ .Revision | default "default" | quote }} - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}" - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}" - {{- end }} - {{- end }} -spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 4 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- end }} - securityContext: - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.4/charts/istiod/files/grpc-agent.yaml b/resources/v1.26.4/charts/istiod/files/grpc-agent.yaml deleted file mode 100644 index dda3aeaa9..000000000 --- a/resources/v1.26.4/charts/istiod/files/grpc-agent.yaml +++ /dev/null @@ -1,318 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - {{/* security.istio.io/tlsMode: istio must be set by user, if gRPC is using mTLS initialization code. We can't set it automatically. */}} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} - sidecar.istio.io/rewriteAppHTTPProbers: "false", - } -spec: - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15020 - protocol: TCP - name: mesh-metrics - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - - --url=http://localhost:15020/healthz/ready - env: - - name: ISTIO_META_GENERATOR - value: grpc - - name: OUTPUT_CERTS - value: /var/lib/istio/data - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - # grpc uses xds:/// to resolve – no need to resolve VIP - - name: ISTIO_META_DNS_CAPTURE - value: "false" - - name: DISABLE_ENVOY - value: "true" - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15020 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} -{{- range $index, $container := .Spec.Containers }} -{{ if not (eq $container.Name "istio-proxy") }} - - name: {{ $container.Name }} - env: - - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" - value: "true" - - name: "GRPC_XDS_BOOTSTRAP" - value: "/etc/istio/proxy/grpc-bootstrap.json" - volumeMounts: - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - {{- if eq $.Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} -{{- end }} -{{- end }} - volumes: - - emptyDir: - name: workload-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-xds - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.4/charts/istiod/files/grpc-simple.yaml b/resources/v1.26.4/charts/istiod/files/grpc-simple.yaml deleted file mode 100644 index 9ba0c7a46..000000000 --- a/resources/v1.26.4/charts/istiod/files/grpc-simple.yaml +++ /dev/null @@ -1,65 +0,0 @@ -metadata: - annotations: - sidecar.istio.io/rewriteAppHTTPProbers: "false" -spec: - initContainers: - - name: grpc-bootstrap-init - image: busybox:1.28 - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - env: - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_NAMESPACE - value: | - {{ .Values.global.istioNamespace }} - command: - - sh - - "-c" - - |- - NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local" - SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010" - echo ' - { - "xds_servers": [ - { - "server_uri": "'${SERVER_URI}'", - "channel_creds": [{"type": "insecure"}], - "server_features" : ["xds_v3"] - } - ], - "node": { - "id": "'${NODE_ID}'", - "metadata": { - "GENERATOR": "grpc" - } - } - }' > /var/lib/grpc/data/bootstrap.json - containers: - {{- range $index, $container := .Spec.Containers }} - - name: {{ $container.Name }} - env: - - name: GRPC_XDS_BOOTSTRAP - value: /var/lib/grpc/data/bootstrap.json - - name: GRPC_GO_LOG_VERBOSITY_LEVEL - value: "99" - - name: GRPC_GO_LOG_SEVERITY_LEVEL - value: info - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - {{- end }} - volumes: - - name: grpc-io-proxyless-bootstrap - emptyDir: {} diff --git a/resources/v1.26.4/charts/istiod/files/injection-template.yaml b/resources/v1.26.4/charts/istiod/files/injection-template.yaml deleted file mode 100644 index 657e5ee09..000000000 --- a/resources/v1.26.4/charts/istiod/files/injection-template.yaml +++ /dev/null @@ -1,532 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{ $nativeSidecar := (or (and (not (isset .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`)) (eq (env "ENABLE_NATIVE_SIDECARS" "false") "true")) (eq (index .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`) "true")) }} -{{ $tproxy := (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio" | quote }} - {{- if eq (index .ProxyConfig.ProxyMetadata "ISTIO_META_ENABLE_HBONE") "true" }} - networking.istio.io/tunnel: {{ index .ObjectMeta.Labels `networking.istio.io/tunnel` | default "http" | quote }} - {{- end }} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | trunc 63 | trimSuffix "-" | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} -{{- if .Values.pilot.cni.enabled }} - {{- if eq .Values.pilot.cni.provider "multus" }} - k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `default/istio-cni` }}', - {{- end }} - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}", - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} - traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}", - {{- end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}istio.io/reroute-virtual-interfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}traffic.sidecar.istio.io/excludeInterfaces: "{{.}}",{{ end }} -{{- end }} - } -spec: - {{- $holdProxy := and - (or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts) - (not $nativeSidecar) }} - {{- $noInitContainer := and - (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE`) - (not $nativeSidecar) }} - {{ if $noInitContainer }} - initContainers: [] - {{ else -}} - initContainers: - {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} - {{ if .Values.pilot.cni.enabled -}} - - name: istio-validation - {{ else -}} - - name: istio-init - {{ end -}} - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - args: - - istio-iptables - - "-p" - - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }} - - "-z" - - {{ .MeshConfig.ProxyInboundListenPort | default "15006" | quote }} - - "-u" - - {{ if $tproxy }} "1337" {{ else }} {{ .ProxyUID | default "1337" | quote }} {{ end }} - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}" - - "-d" - {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} - - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{- else }} - - "15090,15021" - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} - - "-q" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" - {{ end -}} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`) -}} - - "-c" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}" - {{ end -}} - - "--log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}" - {{ if .Values.global.logAsJson -}} - - "--log_as_json" - {{ end -}} - {{ if .Values.pilot.cni.enabled -}} - - "--run-validation" - - "--skip-rule-apply" - {{ else if .Values.global.proxy_init.forceApplyIptables -}} - - "--force-apply" - {{ end -}} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{- if .ProxyConfig.ProxyMetadata }} - env: - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: - {{- if not .Values.pilot.cni.enabled }} - add: - - NET_ADMIN - - NET_RAW - {{- end }} - drop: - - ALL - {{- if not .Values.pilot.cni.enabled }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - readOnlyRootFilesystem: true - runAsGroup: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyGID | default "1337" }} {{ end }} - runAsUser: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyUID | default "1337" }} {{ end }} - runAsNonRoot: true - {{- end }} - {{ end -}} - {{ end -}} - {{ if not $nativeSidecar }} - containers: - {{ end }} - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{ if $nativeSidecar }}restartPolicy: Always{{end}} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- else if $holdProxy }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - {{- else if $nativeSidecar }} - {{- /* preStop is called when the pod starts shutdown. Initialize drain. We will get SIGTERM once applications are torn down. */}} - lifecycle: - preStop: - exec: - command: - - pilot-agent - - request - - --debug-port={{(annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort)}} - - POST - - drain - {{- end }} - env: - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- with (index .ObjectMeta.Labels `service.istio.io/workload-name` | default .DeploymentMeta.Name) }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ . }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - {{ if .Values.global.proxy.startupProbe.enabled }} - startupProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: 0 - periodSeconds: 1 - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.startupProbe.failureThreshold }} - {{ end }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }} - allowPrivilegeEscalation: true - capabilities: - add: - - NET_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: true - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: false - runAsUser: 0 - {{- else }} - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - add: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - - NET_ADMIN - {{- end }} - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} - - NET_BIND_SERVICE - {{- end }} - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: true - {{ if or ($tproxy) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - runAsNonRoot: false - runAsUser: 0 - runAsGroup: 1337 - {{- else -}} - runAsNonRoot: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} - volumes: - - emptyDir: - name: workload-socket - - emptyDir: - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.4/charts/istiod/files/kube-gateway.yaml b/resources/v1.26.4/charts/istiod/files/kube-gateway.yaml deleted file mode 100644 index 447ecae83..000000000 --- a/resources/v1.26.4/charts/istiod/files/kube-gateway.yaml +++ /dev/null @@ -1,401 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": {{.Name}} - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 8 }} - spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 8 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- if .Values.gateways.seccompProfile }} - seccompProfile: - {{- toYaml .Values.gateways.seccompProfile | nindent 10 }} - {{- end }} - {{- end }} - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{- if .Values.global.proxy.resources }} - resources: - {{- toYaml .Values.global.proxy.resources | nindent 10 }} - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - securityContext: - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: true - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }} - {{- end }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: "[]" - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName .ClusterID }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- with (valueOrDefault (index .InfrastructureLabels "topology.istio.io/network") .Values.global.network) }} - - name: ISTIO_META_NETWORK - value: {{.|quote}} - {{- end }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName|quote}} - - name: ISTIO_META_OWNER - value: "kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}}" - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- with (index .InfrastructureLabels "topology.istio.io/network") }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: {{.|quote}} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq ((.Values.pilot).env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: {{.UID}} -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": {{.Name}} - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.4/charts/istiod/files/profile-ambient.yaml b/resources/v1.26.4/charts/istiod/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.4/charts/istiod/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.4/charts/istiod/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.4/charts/istiod/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.4/charts/istiod/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/istiod/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.4/charts/istiod/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.4/charts/istiod/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.4/charts/istiod/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.4/charts/istiod/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/istiod/files/profile-demo.yaml b/resources/v1.26.4/charts/istiod/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.4/charts/istiod/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.4/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.26.4/charts/istiod/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.4/charts/istiod/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.4/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.26.4/charts/istiod/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.4/charts/istiod/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.4/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.26.4/charts/istiod/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.4/charts/istiod/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.4/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.26.4/charts/istiod/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.4/charts/istiod/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.4/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.26.4/charts/istiod/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.4/charts/istiod/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.4/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.26.4/charts/istiod/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.4/charts/istiod/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.4/charts/istiod/files/profile-preview.yaml b/resources/v1.26.4/charts/istiod/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.4/charts/istiod/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.4/charts/istiod/files/profile-remote.yaml b/resources/v1.26.4/charts/istiod/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.4/charts/istiod/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.4/charts/istiod/files/profile-stable.yaml b/resources/v1.26.4/charts/istiod/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.4/charts/istiod/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.4/charts/istiod/files/waypoint.yaml b/resources/v1.26.4/charts/istiod/files/waypoint.yaml deleted file mode 100644 index 421cabeae..000000000 --- a/resources/v1.26.4/charts/istiod/files/waypoint.yaml +++ /dev/null @@ -1,396 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": "{{.Name}}" - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "istio.io/dataplane-mode" "none" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 8}} - spec: - {{- if .Values.global.waypoint.affinity }} - affinity: - {{- toYaml .Values.global.waypoint.affinity | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml .Values.global.waypoint.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.nodeSelector }} - nodeSelector: - {{- toYaml .Values.global.waypoint.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.tolerations }} - tolerations: - {{- toYaml .Values.global.waypoint.tolerations | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 2 - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - args: - - proxy - - waypoint - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - {{.ServiceAccount}}.$(POD_NAMESPACE) - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - env: - - name: ISTIO_META_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - {{- if .ProxyConfig.ProxyMetadata }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - {{- $network := valueOrDefault (index .InfrastructureLabels `topology.istio.io/network`) .Values.global.network }} - {{- if $network }} - - name: ISTIO_META_NETWORK - value: "{{ $network }}" - {{- end }} - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName}} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if .Values.global.waypoint.resources }} - resources: - {{- toYaml .Values.global.waypoint.resources | nindent 10 }} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - privileged: false - {{- if not (eq .Values.global.platform "openshift") }} - runAsGroup: 1337 - runAsUser: 1337 - {{- end }} - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.gateways.seccompProfile }} - seccompProfile: -{{- toYaml .Values.gateways.seccompProfile | nindent 12 }} -{{- end }} - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: - medium: Memory - name: go-proxy-envoy - - emptyDir: {} - name: istio-data - - emptyDir: {} - name: go-proxy-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap - (strdict "networking.istio.io/traffic-distribution" "PreferClose") - (omit .InfrastructureAnnotations - "kubectl.kubernetes.io/last-applied-configuration" - "gateway.istio.io/name-override" - "gateway.istio.io/service-account" - "gateway.istio.io/controller-version" - ) | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": "{{.Name}}" - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.4/charts/istiod/templates/NOTES.txt b/resources/v1.26.4/charts/istiod/templates/NOTES.txt deleted file mode 100644 index 0d07ea7f4..000000000 --- a/resources/v1.26.4/charts/istiod/templates/NOTES.txt +++ /dev/null @@ -1,82 +0,0 @@ -"istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: -{{- $profile := default "" .Values.profile }} -{{- if (eq $profile "ambient") }} - * Get started with ambient: https://istio.io/latest/docs/ops/ambient/getting-started/ - * Review ambient's architecture: https://istio.io/latest/docs/ops/ambient/architecture/ -{{- else }} - * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/ - * Try out our tasks to get started on common configurations: - * https://istio.io/latest/docs/tasks/traffic-management - * https://istio.io/latest/docs/tasks/security/ - * https://istio.io/latest/docs/tasks/policy-enforcement/ -{{- end }} - * Review the list of actively supported releases, CVE publications and our hardening guide: - * https://istio.io/latest/docs/releases/supported-releases/ - * https://istio.io/latest/news/security/ - * https://istio.io/latest/docs/ops/best-practices/security/ - -For further documentation see https://istio.io website - -{{- - $deps := dict - "global.outboundTrafficPolicy" "meshConfig.outboundTrafficPolicy" - "global.certificates" "meshConfig.certificates" - "global.localityLbSetting" "meshConfig.localityLbSetting" - "global.policyCheckFailOpen" "meshConfig.policyCheckFailOpen" - "global.enableTracing" "meshConfig.enableTracing" - "global.proxy.accessLogFormat" "meshConfig.accessLogFormat" - "global.proxy.accessLogFile" "meshConfig.accessLogFile" - "global.proxy.concurrency" "meshConfig.defaultConfig.concurrency" - "global.proxy.envoyAccessLogService" "meshConfig.defaultConfig.envoyAccessLogService" - "global.proxy.envoyAccessLogService.enabled" "meshConfig.enableEnvoyAccessLogService" - "global.proxy.envoyMetricsService" "meshConfig.defaultConfig.envoyMetricsService" - "global.proxy.protocolDetectionTimeout" "meshConfig.protocolDetectionTimeout" - "global.proxy.holdApplicationUntilProxyStarts" "meshConfig.defaultConfig.holdApplicationUntilProxyStarts" - "pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" - "global.mtls.enabled" "the PeerAuthentication resource" - "global.mtls.auto" "meshConfig.enableAutoMtls" - "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address" - "global.tracer.lightstep.accessToken" "meshConfig.defaultConfig.tracing.lightstep.accessToken" - "global.tracer.zipkin.address" "meshConfig.defaultConfig.tracing.zipkin.address" - "global.tracer.datadog.address" "meshConfig.defaultConfig.tracing.datadog.address" - "global.meshExpansion.enabled" "Gateway and other Istio networking resources, such as in samples/multicluster/" - "istiocoredns.enabled" "the in-proxy DNS capturing (ISTIO_META_DNS_CAPTURE)" -}} -{{- range $dep, $replace := $deps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -WARNING: {{$dep|quote}} is deprecated; use {{$replace|quote}} instead. -{{- end }} -{{- end }} -{{- - $failDeps := dict - "telemetry.v2.prometheus.configOverride" - "telemetry.v2.stackdriver.configOverride" - "telemetry.v2.stackdriver.disableOutbound" - "telemetry.v2.stackdriver.outboundAccessLogging" - "global.tracer.stackdriver.debug" "meshConfig.defaultConfig.tracing.stackdriver.debug" - "global.tracer.stackdriver.maxNumberOfAttributes" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" - "global.tracer.stackdriver.maxNumberOfAnnotations" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" - "global.tracer.stackdriver.maxNumberOfMessageEvents" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" - "meshConfig.defaultConfig.tracing.stackdriver.debug" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" "Istio supported tracers" -}} -{{- range $dep, $replace := $failDeps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -{{fail (print $dep " is removed")}} -{{- end }} -{{- end }} -{{- if eq $.Values.global.pilotCertProvider "kubernetes" }} -{{- fail "pilotCertProvider=kubernetes is not supported" }} -{{- end }} \ No newline at end of file diff --git a/resources/v1.26.4/charts/istiod/templates/_helpers.tpl b/resources/v1.26.4/charts/istiod/templates/_helpers.tpl deleted file mode 100644 index 042c92538..000000000 --- a/resources/v1.26.4/charts/istiod/templates/_helpers.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* Default Prometheus is enabled if its enabled and there are no config overrides set */}} -{{ define "default-prometheus" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.prometheus.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. Default metrics are enabled if SD is enabled */}} -{{ define "default-sd-metrics" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. */}} -{{ define "default-sd-logs" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/autoscale.yaml b/resources/v1.26.4/charts/istiod/templates/autoscale.yaml deleted file mode 100644 index 09cd6258c..000000000 --- a/resources/v1.26.4/charts/istiod/templates/autoscale.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.cpu.targetAverageUtilization }} - {{- if .Values.memory.targetAverageUtilization }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.memory.targetAverageUtilization }} - {{- end }} - {{- if .Values.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaleBehavior | nindent 4 }} - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/clusterrole.yaml b/resources/v1.26.4/charts/istiod/templates/clusterrole.yaml deleted file mode 100644 index d4d79d00f..000000000 --- a/resources/v1.26.4/charts/istiod/templates/clusterrole.yaml +++ /dev/null @@ -1,206 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - # sidecar injection controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - # configuration validation webhook controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] - - # istio configuration - # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) - # please proceed with caution - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["get", "watch", "list"] - resources: ["*"] -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["update", "patch"] - resources: - - authorizationpolicies/status - - destinationrules/status - - envoyfilters/status - - gateways/status - - peerauthentications/status - - proxyconfigs/status - - requestauthentications/status - - serviceentries/status - - sidecars/status - - telemetries/status - - virtualservices/status - - wasmplugins/status - - workloadentries/status - - workloadgroups/status -{{- end }} - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries/status", "serviceentries/status" ] - - apiGroups: ["security.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "authorizationpolicies/status" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services/status" ] - - # auto-detect installed CRD definitions - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - # discovery and routing - - apiGroups: [""] - resources: ["pods", "nodes", "services", "namespaces", "endpoints"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - -{{- if .Values.taint.enabled }} - - apiGroups: [""] - resources: ["nodes"] - verbs: ["patch"] -{{- end }} - - # ingress controller -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] -{{- end}} - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses", "ingressclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] - - # required for CA's namespace controller - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - # Istiod and bootstrap. -{{- $omitCertProvidersForClusterRole := list "istiod" "custom" "none"}} -{{- if or .Values.env.EXTERNAL_CA (not (has .Values.global.pilotCertProvider $omitCertProvidersForClusterRole)) }} - - apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete", "watch"] - - apiGroups: ["certificates.k8s.io"] - resources: - - "signers" - resourceNames: -{{- range .Values.global.certSigners }} - - {{ . | quote }} -{{- end }} - verbs: ["approve"] -{{- end}} -{{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - - apiGroups: ["certificates.k8s.io"] - resources: ["clustertrustbundles"] - verbs: ["update", "create", "delete", "list", "watch", "get"] - - apiGroups: ["certificates.k8s.io"] - resources: ["signers"] - resourceNames: ["istio.io/istiod-ca"] - verbs: ["attest"] -{{- end }} - - # Used by Istiod to verify the JWT tokens - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - # Used by Istiod to verify gateway SDS - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] - - # Use for Kubernetes Service APIs - - apiGroups: ["gateway.networking.k8s.io", "gateway.networking.x-k8s.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] - - apiGroups: ["gateway.networking.x-k8s.io"] - resources: - - xbackendtrafficpolicies/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: - - backendtlspolicies/status - - gatewayclasses/status - - gateways/status - - grpcroutes/status - - httproutes/status - - referencegrants/status - - tcproutes/status - - tlsroutes/status - - udproutes/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: ["gatewayclasses"] - verbs: ["create", "update", "patch", "delete"] - - # Needed for multicluster secret reading, possibly ingress certs in the future - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] - - # Used for MCS serviceexport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: [ "get", "watch", "list", "create", "delete"] - - # Used for MCS serviceimport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "watch", "list"] ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: ["apps"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "deployments" ] - - apiGroups: ["autoscaling"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "horizontalpodautoscalers" ] - - apiGroups: ["policy"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "poddisruptionbudgets" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "serviceaccounts"] -{{- end }} -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.26.4/charts/istiod/templates/clusterrolebinding.yaml deleted file mode 100644 index 10781b407..000000000 --- a/resources/v1.26.4/charts/istiod/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.26.4/charts/istiod/templates/configmap-jwks.yaml deleted file mode 100644 index 3505d2822..000000000 --- a/resources/v1.26.4/charts/istiod/templates/configmap-jwks.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/configmap-values.yaml b/resources/v1.26.4/charts/istiod/templates/configmap-values.yaml deleted file mode 100644 index 75e6e0bcc..000000000 --- a/resources/v1.26.4/charts/istiod/templates/configmap-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: values{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - annotations: - kubernetes.io/description: This ConfigMap contains the Helm values used during chart rendering. This ConfigMap is rendered for debugging purposes and external tooling; modifying these values has no effect. - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - original-values: |- -{{ .Values._original | toPrettyJson | indent 4 }} -{{- $_ := unset $.Values "_original" }} - merged-values: |- -{{ .Values | toPrettyJson | indent 4 }} diff --git a/resources/v1.26.4/charts/istiod/templates/configmap.yaml b/resources/v1.26.4/charts/istiod/templates/configmap.yaml deleted file mode 100644 index 3098d300f..000000000 --- a/resources/v1.26.4/charts/istiod/templates/configmap.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- define "mesh" }} - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: "cluster.local" - - # The namespace to treat as the administrative root namespace for Istio configuration. - # When processing a leaf namespace Istio will search for declarations in that namespace first - # and if none are found it will search in the root namespace. Any matching declaration found in the root namespace - # is processed as if it were declared in the leaf namespace. - rootNamespace: {{ .Values.meshConfig.rootNamespace | default .Values.global.istioNamespace }} - - {{ $prom := include "default-prometheus" . | eq "true" }} - {{ $sdMetrics := include "default-sd-metrics" . | eq "true" }} - {{ $sdLogs := include "default-sd-logs" . | eq "true" }} - {{- if or $prom $sdMetrics $sdLogs }} - defaultProviders: - {{- if or $prom $sdMetrics }} - metrics: - {{ if $prom }}- prometheus{{ end }} - {{ if and $sdMetrics $sdLogs }}- stackdriver{{ end }} - {{- end }} - {{- if and $sdMetrics $sdLogs }} - accessLogging: - - stackdriver - {{- end }} - {{- end }} - - defaultConfig: - {{- if .Values.global.meshID }} - meshId: "{{ .Values.global.meshID }}" - {{- end }} - {{- with (.Values.global.proxy.variant | default .Values.global.variant) }} - image: - imageType: {{. | quote}} - {{- end }} - {{- if not (eq .Values.global.proxy.tracer "none") }} - tracing: - {{- if eq .Values.global.proxy.tracer "lightstep" }} - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - zipkin: - # Address of the Zipkin collector - address: {{ ((.Values.global.tracer).zipkin).address | default (print "zipkin." .Values.global.istioNamespace ":9411") }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - datadog: - # Address of the Datadog Agent - address: {{ ((.Values.global.tracer).datadog).address | default "$(HOST_IP):8126" }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - stackdriver: - # enables trace output to stdout. - debug: {{ (($.Values.global.tracer).stackdriver).debug | default "false" }} - # The global default max number of attributes per span. - maxNumberOfAttributes: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAttributes | default "200" }} - # The global default max number of annotation events per span. - maxNumberOfAnnotations: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAnnotations | default "200" }} - # The global default max number of message events per span. - maxNumberOfMessageEvents: {{ (($.Values.global.tracer).stackdriver).maxNumberOfMessageEvents | default "200" }} - {{- end }} - {{- end }} - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ printf "istiod.%s.svc" .Release.Namespace }}:15012 - {{- else }} - discoveryAddress: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{.Release.Namespace}}.svc:15012 - {{- end }} -{{- end }} - -{{/* We take the mesh config above, defined with individual values.yaml, and merge with .Values.meshConfig */}} -{{/* The intent here is that meshConfig.foo becomes the API, rather than re-inventing the API in values.yaml */}} -{{- $originalMesh := include "mesh" . | fromYaml }} -{{- $mesh := mergeOverwrite $originalMesh .Values.meshConfig }} - -{{- if .Values.configMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} - - mesh: |- -{{- if .Values.meshConfig }} -{{ $mesh | toYaml | indent 4 }} -{{- else }} -{{- include "mesh" . }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/deployment.yaml b/resources/v1.26.4/charts/istiod/templates/deployment.yaml deleted file mode 100644 index 73917d860..000000000 --- a/resources/v1.26.4/charts/istiod/templates/deployment.yaml +++ /dev/null @@ -1,304 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- range $key, $val := .Values.deploymentLabels }} - {{ $key }}: "{{ $val }}" -{{- end }} -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - {{- if ne .Values.revision "" }} - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - {{- else }} - istio: pilot - {{- end }} - template: - metadata: - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - sidecar.istio.io/inject: "false" - operator.istio.io/component: "Pilot" - {{- if ne .Values.revision "" }} - istio: istiod - {{- else }} - istio: pilot - {{- end }} - {{- range $key, $val := .Values.podLabels }} - {{ $key }}: "{{ $val }}" - {{- end }} - istio.io/dataplane-mode: none - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 8 }} - annotations: - prometheus.io/port: "15014" - prometheus.io/scrape: "true" - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- with .Values.affinity }} - affinity: -{{- toYaml . | nindent 8 }} -{{- end }} - tolerations: - - key: cni.istio.io/not-ready - operator: "Exists" -{{- with .Values.tolerations }} -{{- toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{- toYaml . | nindent 8 }} -{{- end }} - serviceAccountName: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- with .Values.initContainers }} - initContainers: - {{- tpl (toYaml .) $ | nindent 8 }} -{{- end }} - containers: - - name: discovery -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "pilot" }}:{{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}}" -{{- end }} -{{- if .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} -{{- end }} - args: - - "discovery" - - --monitoringAddr=:15014 -{{- if .Values.global.logging.level }} - - --log_output_level={{ .Values.global.logging.level }} -{{- end}} -{{- if .Values.global.logAsJson }} - - --log_as_json -{{- end }} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.taint.namespace }} - - --cniNamespace={{ .Values.taint.namespace }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" -{{- if .Values.extraContainerArgs }} - {{- with .Values.extraContainerArgs }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- end }} - ports: - - containerPort: 8080 - protocol: TCP - name: http-debug - - containerPort: 15010 - protocol: TCP - name: grpc-xds - - containerPort: 15012 - protocol: TCP - name: tls-xds - - containerPort: 15017 - protocol: TCP - name: https-webhooks - - containerPort: 15014 - protocol: TCP - name: http-monitoring - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 1 - periodSeconds: 3 - timeoutSeconds: 5 - env: - - name: REVISION - value: "{{ .Values.revision | default `default` }}" - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.serviceAccountName - - name: KUBECONFIG - value: /var/run/secrets/remote/config - # If you explicitly told us where ztunnel lives, use that. - # Otherwise, assume it lives in our namespace - # Also, check for an explicit ENV override (legacy approach) and prefer that - # if present - {{ $ztTrustedNS := or .Values.trustedZtunnelNamespace .Release.Namespace }} - {{ $ztTrustedName := or .Values.trustedZtunnelName "ztunnel" }} - {{- if not .Values.env.CA_TRUSTED_NODE_ACCOUNTS }} - - name: CA_TRUSTED_NODE_ACCOUNTS - value: "{{ $ztTrustedNS }}/{{ $ztTrustedName }}" - {{- end }} - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - {{- with .Values.envVarFrom }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} -# If externalIstiod is set via Values.Global, then enable the pilot env variable. However, if it's set via Values.pilot.env, then -# don't set it here to avoid duplication. -# TODO (nshankar13): Move from Helm chart to code: https://github.com/istio/istio/issues/52449 -{{- if and .Values.global.externalIstiod (not (and .Values.env .Values.env.EXTERNAL_ISTIOD)) }} - - name: EXTERNAL_ISTIOD - value: "{{ .Values.global.externalIstiod }}" -{{- end }} - - name: PILOT_ENABLE_ANALYSIS - value: "{{ .Values.global.istiod.enableAnalysis }}" - - name: CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - divisor: "1" - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - divisor: "1" - - name: PLATFORM - value: "{{ coalesce .Values.global.platform .Values.platform }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - volumeMounts: - - name: istio-token - mountPath: /var/run/secrets/tokens - readOnly: true - - name: local-certs - mountPath: /var/run/secrets/istio-dns - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - - name: istio-kubeconfig - mountPath: /var/run/secrets/remote - readOnly: true - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts - {{- end }} - - name: istio-csr-dns-cert - mountPath: /var/run/secrets/istiod/tls - readOnly: true - - name: istio-csr-ca-configmap - mountPath: /var/run/secrets/istiod/ca - readOnly: true - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 10 }} - {{- end }} - volumes: - # Technically not needed on this pod - but it helps debugging/testing SDS - # Should be removed after everything works. - - emptyDir: - medium: Memory - name: local-certs - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ .Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - # Optional: user-generated root - - name: cacerts - secret: - secretName: cacerts - optional: true - - name: istio-kubeconfig - secret: - secretName: istio-kubeconfig - optional: true - # Optional: istio-csr dns pilot certs - - name: istio-csr-dns-cert - secret: - secretName: istiod-tls - optional: true - - name: istio-csr-ca-configmap - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - optional: true - {{- else }} - configMap: - name: istio-ca-root-cert - defaultMode: 420 - optional: true - {{- end }} - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} - ---- -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.26.4/charts/istiod/templates/gateway-class-configmap.yaml deleted file mode 100644 index 6b23d716a..000000000 --- a/resources/v1.26.4/charts/istiod/templates/gateway-class-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ range $key, $value := .Values.gatewayClasses }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-{{ $.Values.revision | default "default" }}-gatewayclass-{{$key}} - namespace: {{ $.Release.Namespace }} - labels: - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - gateway.istio.io/defaults-for-class: {{$key|quote}} - {{- include "istio.labels" $ | nindent 4 }} -data: -{{ range $kind, $overlay := $value }} - {{$kind}}: | -{{$overlay|toYaml|trim|indent 4}} -{{ end }} ---- -{{ end }} diff --git a/resources/v1.26.4/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.26.4/charts/istiod/templates/istiod-injector-configmap.yaml deleted file mode 100644 index 171aff886..000000000 --- a/resources/v1.26.4/charts/istiod/templates/istiod-injector-configmap.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: -{{/* Scope the values to just top level fields used in the template, to reduce the size. */}} - values: |- -{{ $vals := pick .Values "global" "sidecarInjectorWebhook" "revision" -}} -{{ $pilotVals := pick .Values "cni" "env" -}} -{{ $vals = set $vals "pilot" $pilotVals -}} -{{ $gatewayVals := pick .Values.gateways "securityContext" "seccompProfile" -}} -{{ $vals = set $vals "gateways" $gatewayVals -}} -{{ $vals | toPrettyJson | indent 4 }} - - # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching - # and istiod webhook functionality. - # - # New fields should not use Values - it is a 'primary' config object, users should be able - # to fine tune it or use it with kube-inject. - config: |- - # defaultTemplates defines the default template to use for pods that do not explicitly specify a template - {{- if .Values.sidecarInjectorWebhook.defaultTemplates }} - defaultTemplates: -{{- range .Values.sidecarInjectorWebhook.defaultTemplates}} - - {{ . }} -{{- end }} - {{- else }} - defaultTemplates: [sidecar] - {{- end }} - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": {{ $val | quote }} - {{- end }} - {{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template - which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined". - This should make it obvious that their installation is broken. - */}} - template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }} - templates: -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }} - sidecar: | -{{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }} - gateway: | -{{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }} - grpc-simple: | -{{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }} - grpc-agent: | -{{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "waypoint") }} - waypoint: | -{{ .Files.Get "files/waypoint.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "kube-gateway") }} - kube-gateway: | -{{ .Files.Get "files/kube-gateway.yaml" | trim | indent 8 }} -{{- end }} -{{- with .Values.sidecarInjectorWebhook.templates }} -{{ toYaml . | trim | indent 6 }} -{{- end }} - -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.26.4/charts/istiod/templates/mutatingwebhook.yaml deleted file mode 100644 index 22160f70a..000000000 --- a/resources/v1.26.4/charts/istiod/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- /* Core defines the common configuration used by all webhook segments */}} -{{/* Copy just what we need to avoid expensive deepCopy */}} -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "caBundle" .Values.istiodRemote.injectionCABundle - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - {{- if .caBundle }} - caBundle: "{{ .caBundle }}" - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- /* Installed for each revision - not installed for cluster resources ( cluster roles, bindings, crds) */}} -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq .Release.Namespace "istio-system"}} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- else }} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -{{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- /* Set up the selectors. First section is for revision, rest is for "default" revision */}} - -{{- /* Case 1: namespace selector matches, and object doesn't disable */}} -{{- /* Note: if both revision and legacy selector, we give precedence to the legacy one */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: No namespace selector, but object selects our revision (and doesn't disable) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - -{{- /* Webhooks for default revision */}} -{{- if (eq .Values.revision "") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if .Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.26.4/charts/istiod/templates/poddisruptionbudget.yaml deleted file mode 100644 index 1eacf16e6..000000000 --- a/resources/v1.26.4/charts/istiod/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - istio: pilot - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - minAvailable: 1 - selector: - matchLabels: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - istio: pilot - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.26.4/charts/istiod/templates/reader-clusterrole.yaml deleted file mode 100644 index 4707c7e9f..000000000 --- a/resources/v1.26.4/charts/istiod/templates/reader-clusterrole.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: - - "config.istio.io" - - "security.istio.io" - - "networking.istio.io" - - "authentication.istio.io" - - "rbac.istio.io" - - "telemetry.istio.io" - - "extensions.istio.io" - resources: ["*"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - # TODO(keithmattix): See if we can conditionally give permission to read secrets and configmaps iff externalIstiod - # is enabled. Best I can tell, these two resources are only needed for configuring proxy TLS (i.e. CA certs). - resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets", "configmaps"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] - resources: ["gateways"] - verbs: ["get", "watch", "list"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] -{{- if .Values.istiodRemote.enabled }} - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] -{{- end}} diff --git a/resources/v1.26.4/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.26.4/charts/istiod/templates/reader-clusterrolebinding.yaml deleted file mode 100644 index aea9f01f7..000000000 --- a/resources/v1.26.4/charts/istiod/templates/reader-clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} diff --git a/resources/v1.26.4/charts/istiod/templates/remote-istiod-endpoints.yaml b/resources/v1.26.4/charts/istiod/templates/remote-istiod-endpoints.yaml deleted file mode 100644 index a6de571da..000000000 --- a/resources/v1.26.4/charts/istiod/templates/remote-istiod-endpoints.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.istiodRemote.enabled }} -# if the remotePilotAddress is an IP addr -{{- if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 15017 - name: tcp-webhook - protocol: TCP ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.26.4/charts/istiod/templates/remote-istiod-service.yaml deleted file mode 100644 index d3f872f74..000000000 --- a/resources/v1.26.4/charts/istiod/templates/remote-istiod-service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 443 - targetPort: 15017 - name: tcp-webhook - protocol: TCP - {{- if and .Values.global.remotePilotAddress (not (regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress)) }} - # if the remotePilotAddress is not an IP addr, we use ExternalName - type: ExternalName - externalName: {{ .Values.global.remotePilotAddress }} - {{- end }} -{{- if .Values.global.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy }} -{{- end }} -{{- if .Values.global.ipFamilies }} - ipFamilies: -{{- range .Values.global.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/revision-tags.yaml b/resources/v1.26.4/charts/istiod/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.4/charts/istiod/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/role.yaml b/resources/v1.26.4/charts/istiod/templates/role.yaml deleted file mode 100644 index 10d89e8d1..000000000 --- a/resources/v1.26.4/charts/istiod/templates/role.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: -# permissions to verify the webhook is ready and rejecting -# invalid config. We use --server-dry-run so no config is persisted. -- apiGroups: ["networking.istio.io"] - verbs: ["create"] - resources: ["gateways"] - -# For storing CA secret -- apiGroups: [""] - resources: ["secrets"] - # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config - verbs: ["create", "get", "watch", "list", "update", "delete"] - -# For status controller, so it can delete the distribution report configmap -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["delete"] - -# For gateway deployment controller -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "update", "patch", "create"] -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/rolebinding.yaml b/resources/v1.26.4/charts/istiod/templates/rolebinding.yaml deleted file mode 100644 index a42f4ec44..000000000 --- a/resources/v1.26.4/charts/istiod/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/service.yaml b/resources/v1.26.4/charts/istiod/templates/service.yaml deleted file mode 100644 index 30d5b8912..000000000 --- a/resources/v1.26.4/charts/istiod/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.serviceAnnotations }} - annotations: -{{ toYaml .Values.serviceAnnotations | indent 4 }} - {{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: istiod - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15010 - name: grpc-xds # plaintext - protocol: TCP - - port: 15012 - name: https-dns # mTLS with k8s-signed cert - protocol: TCP - - port: 443 - name: https-webhook # validation and injection - targetPort: 15017 - protocol: TCP - - port: 15014 - name: http-monitoring # prometheus stats - protocol: TCP - selector: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - # Label used by the 'default' service. For versioned deployments we match with app and version. - # This avoids default deployment picking the canary - istio: pilot - {{- end }} - {{- if .Values.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.ipFamilyPolicy }} - {{- end }} - {{- if .Values.ipFamilies }} - ipFamilies: - {{- range .Values.ipFamilies }} - - {{ . }} - {{- end }} - {{- end }} ---- -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/serviceaccount.yaml b/resources/v1.26.4/charts/istiod/templates/serviceaccount.yaml deleted file mode 100644 index a673a4d07..000000000 --- a/resources/v1.26.4/charts/istiod/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} - {{- if .Values.serviceAccountAnnotations }} - annotations: -{{- toYaml .Values.serviceAccountAnnotations | nindent 4 }} - {{- end }} -{{- end }} ---- diff --git a/resources/v1.26.4/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.26.4/charts/istiod/templates/validatingadmissionpolicy.yaml deleted file mode 100644 index d36eef68e..000000000 --- a/resources/v1.26.4/charts/istiod/templates/validatingadmissionpolicy.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.experimental.stableValidationPolicy }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-policy-binding{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" -spec: - policyName: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - validationActions: [Deny] -{{- end }} -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.26.4/charts/istiod/templates/validatingwebhookconfiguration.yaml deleted file mode 100644 index fb28836a0..000000000 --- a/resources/v1.26.4/charts/istiod/templates/validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.global.configValidation }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-validator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - # Webhook handling per-revision validation. Mostly here so we can determine whether webhooks - # are rejecting invalid configs on a per-revision basis. - - name: rev.validation.istio.io - clientConfig: - # Should change from base but cannot for API compat - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.4/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.26.4/charts/istiod/templates/zzy_descope_legacy.yaml deleted file mode 100644 index ae8fced29..000000000 --- a/resources/v1.26.4/charts/istiod/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.pilot` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "pilot") }} \ No newline at end of file diff --git a/resources/v1.26.4/charts/istiod/templates/zzz_profile.yaml b/resources/v1.26.4/charts/istiod/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.4/charts/istiod/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.4/charts/istiod/values.yaml b/resources/v1.26.4/charts/istiod/values.yaml deleted file mode 100644 index 970a4c6e0..000000000 --- a/resources/v1.26.4/charts/istiod/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.4 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.4/charts/revisiontags/Chart.yaml b/resources/v1.26.4/charts/revisiontags/Chart.yaml deleted file mode 100644 index 1b770dc9f..000000000 --- a/resources/v1.26.4/charts/revisiontags/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.4 -description: Helm chart for istio revision tags -name: revisiontags -sources: -- https://github.com/istio-ecosystem/sail-operator -version: 0.1.0 - diff --git a/resources/v1.26.4/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.26.4/charts/revisiontags/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.4/charts/revisiontags/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.4/charts/revisiontags/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.4/charts/revisiontags/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.4/charts/revisiontags/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/revisiontags/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.4/charts/revisiontags/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.4/charts/revisiontags/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.4/charts/revisiontags/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/revisiontags/files/profile-demo.yaml b/resources/v1.26.4/charts/revisiontags/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.4/charts/revisiontags/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.4/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.26.4/charts/revisiontags/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.4/charts/revisiontags/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.4/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.26.4/charts/revisiontags/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.4/charts/revisiontags/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.4/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.26.4/charts/revisiontags/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.4/charts/revisiontags/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.4/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.26.4/charts/revisiontags/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.4/charts/revisiontags/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.4/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.26.4/charts/revisiontags/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.4/charts/revisiontags/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.4/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.26.4/charts/revisiontags/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.4/charts/revisiontags/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.4/charts/revisiontags/files/profile-preview.yaml b/resources/v1.26.4/charts/revisiontags/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.4/charts/revisiontags/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.4/charts/revisiontags/files/profile-remote.yaml b/resources/v1.26.4/charts/revisiontags/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.4/charts/revisiontags/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.4/charts/revisiontags/files/profile-stable.yaml b/resources/v1.26.4/charts/revisiontags/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.4/charts/revisiontags/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.4/charts/revisiontags/templates/revision-tags.yaml b/resources/v1.26.4/charts/revisiontags/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.4/charts/revisiontags/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.4/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.26.4/charts/revisiontags/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.4/charts/revisiontags/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.4/charts/revisiontags/values.yaml b/resources/v1.26.4/charts/revisiontags/values.yaml deleted file mode 100644 index 970a4c6e0..000000000 --- a/resources/v1.26.4/charts/revisiontags/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.4 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.4/charts/ztunnel/Chart.yaml b/resources/v1.26.4/charts/ztunnel/Chart.yaml deleted file mode 100644 index b8f225ccf..000000000 --- a/resources/v1.26.4/charts/ztunnel/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.4 -description: Helm chart for istio ztunnel components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-ztunnel -- istio -name: ztunnel -sources: -- https://github.com/istio/istio -version: 1.26.4 diff --git a/resources/v1.26.4/charts/ztunnel/README.md b/resources/v1.26.4/charts/ztunnel/README.md deleted file mode 100644 index ffe0b94fe..000000000 --- a/resources/v1.26.4/charts/ztunnel/README.md +++ /dev/null @@ -1,50 +0,0 @@ -# Istio Ztunnel Helm Chart - -This chart installs an Istio ztunnel. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart: - -```console -helm install ztunnel istio/ztunnel -``` - -## Uninstalling the Chart - -To uninstall/delete the chart: - -```console -helm delete ztunnel -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/ztunnel -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.4/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.26.4/charts/ztunnel/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.4/charts/ztunnel/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.4/charts/ztunnel/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.4/charts/ztunnel/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.4/charts/ztunnel/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/ztunnel/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.4/charts/ztunnel/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.4/charts/ztunnel/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.4/charts/ztunnel/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.4/charts/ztunnel/files/profile-demo.yaml b/resources/v1.26.4/charts/ztunnel/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.4/charts/ztunnel/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.4/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.26.4/charts/ztunnel/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.4/charts/ztunnel/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.4/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.26.4/charts/ztunnel/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.4/charts/ztunnel/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.4/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.26.4/charts/ztunnel/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.4/charts/ztunnel/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.4/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.26.4/charts/ztunnel/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.4/charts/ztunnel/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.4/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.26.4/charts/ztunnel/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.4/charts/ztunnel/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.4/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.26.4/charts/ztunnel/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.4/charts/ztunnel/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.4/charts/ztunnel/files/profile-preview.yaml b/resources/v1.26.4/charts/ztunnel/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.4/charts/ztunnel/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.4/charts/ztunnel/files/profile-remote.yaml b/resources/v1.26.4/charts/ztunnel/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.4/charts/ztunnel/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.4/charts/ztunnel/files/profile-stable.yaml b/resources/v1.26.4/charts/ztunnel/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.4/charts/ztunnel/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.4/charts/ztunnel/templates/NOTES.txt b/resources/v1.26.4/charts/ztunnel/templates/NOTES.txt deleted file mode 100644 index 244f59db0..000000000 --- a/resources/v1.26.4/charts/ztunnel/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -ztunnel successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.4/charts/ztunnel/templates/_helpers.tpl b/resources/v1.26.4/charts/ztunnel/templates/_helpers.tpl deleted file mode 100644 index 46a7a0b79..000000000 --- a/resources/v1.26.4/charts/ztunnel/templates/_helpers.tpl +++ /dev/null @@ -1 +0,0 @@ -{{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }} diff --git a/resources/v1.26.4/charts/ztunnel/templates/daemonset.yaml b/resources/v1.26.4/charts/ztunnel/templates/daemonset.yaml deleted file mode 100644 index 720970c97..000000000 --- a/resources/v1.26.4/charts/ztunnel/templates/daemonset.yaml +++ /dev/null @@ -1,205 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -spec: - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - app: ztunnel - template: - metadata: - labels: - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app: ztunnel - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 8}} -{{ with .Values.podLabels -}}{{ toYaml . | indent 8 }}{{ end }} - annotations: - sidecar.istio.io/inject: "false" -{{- if .Values.revision }} - istio.io/rev: {{ .Values.revision }} -{{- end }} -{{ with .Values.podAnnotations -}}{{ toYaml . | indent 8 }}{{ end }} - spec: - nodeSelector: - kubernetes.io/os: linux -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | trim | indent 8 }} -{{- end }} - serviceAccountName: {{ include "ztunnel.release-name" . }} - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - containers: - - name: istio-proxy -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub }}/{{ .Values.image | default "ztunnel" }}:{{ .Values.tag }}{{with (.Values.variant )}}-{{.}}{{end}}" -{{- end }} - ports: - - containerPort: 15020 - name: ztunnel-stats - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 10 }} -{{- end }} -{{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} -{{- end }} - securityContext: - # K8S docs are clear that CAP_SYS_ADMIN *or* privileged: true - # both force this to `true`: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - # But there is a K8S validation bug that doesn't propery catch this: https://github.com/kubernetes/kubernetes/issues/119568 - allowPrivilegeEscalation: true - privileged: false - capabilities: - drop: - - ALL - add: # See https://man7.org/linux/man-pages/man7/capabilities.7.html - - NET_ADMIN # Required for TPROXY and setsockopt - - SYS_ADMIN # Required for `setns` - doing things in other netns - - NET_RAW # Required for RAW/PACKET sockets, TPROXY - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: false - runAsUser: 0 -{{- if .Values.seLinuxOptions }} - seLinuxOptions: -{{ toYaml .Values.seLinuxOptions | trim | indent 12 }} -{{- end }} - readinessProbe: - httpGet: - port: 15021 - path: /healthz/ready - args: - - proxy - - ztunnel - env: - - name: CA_ADDRESS - {{- if .Values.caAddress }} - value: {{ .Values.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - - name: XDS_ADDRESS - {{- if .Values.xdsAddress }} - value: {{ .Values.xdsAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - {{- if .Values.logAsJson }} - - name: LOG_FORMAT - value: json - {{- end}} - - name: RUST_LOG - value: {{ .Values.logLevel | quote }} - - name: RUST_BACKTRACE - value: "1" - - name: ISTIO_META_CLUSTER_ID - value: {{ .Values.multiCluster.clusterName | default "Kubernetes" }} - - name: INPOD_ENABLED - value: "true" - - name: TERMINATION_GRACE_PERIOD_SECONDS - value: "{{ .Values.terminationGracePeriodSeconds }}" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.meshConfig.defaultConfig.proxyMetadata }} - {{- range $key, $value := .Values.meshConfig.defaultConfig.proxyMetadata}} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- with .Values.env }} - {{- range $key, $val := . }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - volumeMounts: - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - - mountPath: /tmp - name: tmp - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 8 }} - {{- end }} - priorityClassName: system-node-critical - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - volumes: - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: istio-ca - - name: istiod-ca-cert - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate # ideally this would be a socket, but istio-cni may not have started yet. - # pprof needs a writable /tmp, and we don't have that thanks to `readOnlyRootFilesystem: true`, so mount one - - name: tmp - emptyDir: {} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} diff --git a/resources/v1.26.4/charts/ztunnel/templates/rbac.yaml b/resources/v1.26.4/charts/ztunnel/templates/rbac.yaml deleted file mode 100644 index 0a8138c9a..000000000 --- a/resources/v1.26.4/charts/ztunnel/templates/rbac.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount - {{- with .Values.imagePullSecrets }} -imagePullSecrets: - {{- range . }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} ---- -{{- if (eq (.Values.platform | default "") "openshift") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ztunnel.release-name" . }} -subjects: -- kind: ServiceAccount - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} -{{- end }} ---- diff --git a/resources/v1.26.4/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.26.4/charts/ztunnel/templates/resourcequota.yaml deleted file mode 100644 index a1c0e5496..000000000 --- a/resources/v1.26.4/charts/ztunnel/templates/resourcequota.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.4/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.26.4/charts/ztunnel/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.4/charts/ztunnel/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.4/charts/ztunnel/values.yaml b/resources/v1.26.4/charts/ztunnel/values.yaml deleted file mode 100644 index 5709d3745..000000000 --- a/resources/v1.26.4/charts/ztunnel/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Hub to pull from. Image will be `Hub/Image:Tag-Variant` - hub: gcr.io/istio-release - # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.26.4 - # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. - variant: "" - - # Image name to pull from. Image will be `Hub/Image:Tag-Variant` - # If Image contains a "/", it will replace the entire `image` in the pod. - image: ztunnel - - # resourceName, if set, will override the naming of resources. If not set, will default to 'ztunnel'. - # If you set this, you MUST also set `trustedZtunnelName` in the `istiod` chart. - resourceName: "" - - # Labels to apply to all top level resources - labels: {} - # Annotations to apply to all top level resources - annotations: {} - - # Additional volumeMounts to the ztunnel container - volumeMounts: [] - - # Additional volumes to the ztunnel pod - volumes: [] - - # Annotations added to each pod. The default annotations are required for scraping prometheus (in most environments). - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - - # Additional labels to apply on the pod level - podLabels: {} - - # Pod resource configuration - resources: - requests: - cpu: 200m - # Ztunnel memory scales with the size of the cluster and traffic load - # While there are many factors, this is enough for ~200k pod cluster or 100k concurrently open connections. - memory: 512Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # List of secret names to add to the service account as image pull secrets - imagePullSecrets: [] - - # A `key: value` mapping of environment variables to add to the pod - env: {} - - # Override for the pod imagePullPolicy - imagePullPolicy: "" - - # Settings for multicluster - multiCluster: - # The name of the cluster we are installing in. Note this is a user-defined name, which must be consistent - # with Istiod configuration. - clusterName: "" - - # meshConfig defines runtime configuration of components. - # For ztunnel, only defaultConfig is used, but this is nested under `meshConfig` for consistency with other - # components. - # TODO: https://github.com/istio/istio/issues/43248 - meshConfig: - defaultConfig: - proxyMetadata: {} - - # This value defines: - # 1. how many seconds kube waits for ztunnel pod to gracefully exit before forcibly terminating it (this value) - # 2. how many seconds ztunnel waits to drain its own connections (this value - 1 sec) - # Default K8S value is 30 seconds - terminationGracePeriodSeconds: 30 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set explicitly. - revision: "" - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - caAddress: "" - - # The customized XDS address to retrieve configuration. - # This should include the port - 15012 for Istiod. TLS will be used with the certificates in "istiod-ca-cert" secret. - # By default, it is istiod.istio-system.svc:15012 if revision is not set, or istiod-..svc:15012 - xdsAddress: "" - - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set. - istioNamespace: istio-system - - # Configuration log level of ztunnel binary, default is info. - # Valid values are: trace, debug, info, warn, error - logLevel: info - - # To output all logs in json format - logAsJson: false - - # Set to `type: RuntimeDefault` to use the default profile if available. - seLinuxOptions: {} - # TODO Ambient inpod - for OpenShift, set to the following to get writable sockets in hostmounts to work, eventually consider CSI driver instead - #seLinuxOptions: - # type: spc_t - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 diff --git a/resources/v1.26.4/cni-1.26.4.tgz.etag b/resources/v1.26.4/cni-1.26.4.tgz.etag deleted file mode 100644 index 8fdd04c70..000000000 --- a/resources/v1.26.4/cni-1.26.4.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -842b317483c74cfbfe89dccef35fc7e3 diff --git a/resources/v1.26.4/commit b/resources/v1.26.4/commit deleted file mode 100644 index ea0928ced..000000000 --- a/resources/v1.26.4/commit +++ /dev/null @@ -1 +0,0 @@ -1.26.4 diff --git a/resources/v1.26.4/gateway-1.26.4.tgz.etag b/resources/v1.26.4/gateway-1.26.4.tgz.etag deleted file mode 100644 index 8e293eaaa..000000000 --- a/resources/v1.26.4/gateway-1.26.4.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -3122660b2d9f8221da75d09243ab51b5 diff --git a/resources/v1.26.4/istiod-1.26.4.tgz.etag b/resources/v1.26.4/istiod-1.26.4.tgz.etag deleted file mode 100644 index 8f77457cf..000000000 --- a/resources/v1.26.4/istiod-1.26.4.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -19cc73d37315acd67de4fb3f2fc9268c diff --git a/resources/v1.26.4/profiles/ambient.yaml b/resources/v1.26.4/profiles/ambient.yaml deleted file mode 100644 index 71ea784a8..000000000 --- a/resources/v1.26.4/profiles/ambient.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient diff --git a/resources/v1.26.4/profiles/default.yaml b/resources/v1.26.4/profiles/default.yaml deleted file mode 100644 index 8f1ef1967..000000000 --- a/resources/v1.26.4/profiles/default.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - # Most default values come from the helm chart's values.yaml - # Below are the things that differ - values: - defaultRevision: "" - global: - istioNamespace: istio-system - configValidation: true - ztunnel: - resourceName: ztunnel diff --git a/resources/v1.26.4/profiles/demo.yaml b/resources/v1.26.4/profiles/demo.yaml deleted file mode 100644 index 53c4b4163..000000000 --- a/resources/v1.26.4/profiles/demo.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: demo diff --git a/resources/v1.26.4/profiles/empty.yaml b/resources/v1.26.4/profiles/empty.yaml deleted file mode 100644 index 4477cb1fe..000000000 --- a/resources/v1.26.4/profiles/empty.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# The empty profile has everything disabled -# This is useful as a base for custom user configuration -apiVersion: sailoperator.io/v1 -kind: Istio -spec: {} diff --git a/resources/v1.26.4/profiles/openshift-ambient.yaml b/resources/v1.26.4/profiles/openshift-ambient.yaml deleted file mode 100644 index 76edf00cd..000000000 --- a/resources/v1.26.4/profiles/openshift-ambient.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient - global: - platform: openshift diff --git a/resources/v1.26.4/profiles/openshift.yaml b/resources/v1.26.4/profiles/openshift.yaml deleted file mode 100644 index 41492660f..000000000 --- a/resources/v1.26.4/profiles/openshift.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - global: - platform: openshift diff --git a/resources/v1.26.4/profiles/preview.yaml b/resources/v1.26.4/profiles/preview.yaml deleted file mode 100644 index 59d545c84..000000000 --- a/resources/v1.26.4/profiles/preview.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: preview diff --git a/resources/v1.26.4/profiles/remote.yaml b/resources/v1.26.4/profiles/remote.yaml deleted file mode 100644 index 54c65c8ba..000000000 --- a/resources/v1.26.4/profiles/remote.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The remote profile is used to configure a mesh cluster without a locally deployed control plane. -# Only the injector mutating webhook configuration is installed. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: remote diff --git a/resources/v1.26.4/profiles/stable.yaml b/resources/v1.26.4/profiles/stable.yaml deleted file mode 100644 index 285feba24..000000000 --- a/resources/v1.26.4/profiles/stable.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: stable diff --git a/resources/v1.26.4/ztunnel-1.26.4.tgz.etag b/resources/v1.26.4/ztunnel-1.26.4.tgz.etag deleted file mode 100644 index 2fd9b028e..000000000 --- a/resources/v1.26.4/ztunnel-1.26.4.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -4814808cb691a6400d9d4593f84f6c93 diff --git a/resources/v1.26.5/base-1.26.5.tgz.etag b/resources/v1.26.5/base-1.26.5.tgz.etag deleted file mode 100644 index 6bc870cf4..000000000 --- a/resources/v1.26.5/base-1.26.5.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -e77f6c5082814d6a622ac83c01dc0b4f diff --git a/resources/v1.26.5/charts/base/Chart.yaml b/resources/v1.26.5/charts/base/Chart.yaml deleted file mode 100644 index b642690bd..000000000 --- a/resources/v1.26.5/charts/base/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.5 -description: Helm chart for deploying Istio cluster resources and CRDs -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -name: base -sources: -- https://github.com/istio/istio -version: 1.26.5 diff --git a/resources/v1.26.5/charts/base/README.md b/resources/v1.26.5/charts/base/README.md deleted file mode 100644 index ae8f6d5b0..000000000 --- a/resources/v1.26.5/charts/base/README.md +++ /dev/null @@ -1,35 +0,0 @@ -# Istio base Helm Chart - -This chart installs resources shared by all Istio revisions. This includes Istio CRDs. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-base`: - -```console -kubectl create namespace istio-system -helm install istio-base istio/base -n istio-system -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.5/charts/base/files/profile-ambient.yaml b/resources/v1.26.5/charts/base/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.5/charts/base/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.5/charts/base/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.5/charts/base/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.5/charts/base/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/base/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.5/charts/base/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.5/charts/base/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.5/charts/base/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.5/charts/base/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/base/files/profile-demo.yaml b/resources/v1.26.5/charts/base/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.5/charts/base/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.5/charts/base/files/profile-platform-gke.yaml b/resources/v1.26.5/charts/base/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.5/charts/base/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.5/charts/base/files/profile-platform-k3d.yaml b/resources/v1.26.5/charts/base/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.5/charts/base/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.5/charts/base/files/profile-platform-k3s.yaml b/resources/v1.26.5/charts/base/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.5/charts/base/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.5/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.26.5/charts/base/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.5/charts/base/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.5/charts/base/files/profile-platform-minikube.yaml b/resources/v1.26.5/charts/base/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.5/charts/base/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.5/charts/base/files/profile-platform-openshift.yaml b/resources/v1.26.5/charts/base/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.5/charts/base/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.5/charts/base/files/profile-preview.yaml b/resources/v1.26.5/charts/base/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.5/charts/base/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.5/charts/base/files/profile-remote.yaml b/resources/v1.26.5/charts/base/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.5/charts/base/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.5/charts/base/files/profile-stable.yaml b/resources/v1.26.5/charts/base/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.5/charts/base/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.5/charts/base/templates/NOTES.txt b/resources/v1.26.5/charts/base/templates/NOTES.txt deleted file mode 100644 index f12616f57..000000000 --- a/resources/v1.26.5/charts/base/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -Istio base successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.5/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.26.5/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml deleted file mode 100644 index 2616b09c9..000000000 --- a/resources/v1.26.5/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if and .Values.experimental.stableValidationPolicy (not (eq .Values.defaultRevision "")) }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-default-policy.istio.io" - labels: - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision }} - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-default-policy-binding.istio.io" -spec: - policyName: "stable-channel-default-policy.istio.io" - validationActions: [Deny] -{{- end }} diff --git a/resources/v1.26.5/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.26.5/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml deleted file mode 100644 index 8cb76fd77..000000000 --- a/resources/v1.26.5/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if not (eq .Values.defaultRevision "") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istiod-default-validator - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - - name: validation.istio.io - clientConfig: - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - {{- if (eq .Values.defaultRevision "default") }} - name: istiod - {{- else }} - name: istiod-{{ .Values.defaultRevision }} - {{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] -{{- end }} diff --git a/resources/v1.26.5/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.26.5/charts/base/templates/reader-serviceaccount.yaml deleted file mode 100644 index ba829a6bf..000000000 --- a/resources/v1.26.5/charts/base/templates/reader-serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# This singleton service account aggregates reader permissions for the revisions in a given cluster -# ATM this is a singleton per cluster with Istio installed, and is not revisioned. It maybe should be, -# as otherwise compromising the token for this SA would give you access to *every* installed revision. -# Should be used for remote secret creation. -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.5/charts/base/templates/zzz_profile.yaml b/resources/v1.26.5/charts/base/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.5/charts/base/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.5/charts/base/values.yaml b/resources/v1.26.5/charts/base/values.yaml deleted file mode 100644 index d18296f00..000000000 --- a/resources/v1.26.5/charts/base/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - global: - - # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - - # Used to locate istiod. - istioNamespace: istio-system - base: - # A list of CRDs to exclude. Requires `enableCRDTemplates` to be true. - # Example: `excludedCRDs: ["envoyfilters.networking.istio.io"]`. - # Note: when installing with `istioctl`, `enableIstioConfigCRDs=false` must also be set. - excludedCRDs: [] - # Helm (as of V3) does not support upgrading CRDs, because it is not universally - # safe for them to support this. - # Istio as a project enforces certain backwards-compat guarantees that allow us - # to safely upgrade CRDs in spite of this, so we default to self-managing CRDs - # as standard K8S resources in Helm, and disable Helm's CRD management. See also: - # https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts - enableCRDTemplates: true - - # Validation webhook configuration url - # For example: https://$remotePilotAddress:15017/validate - validationURL: "" - # Validation webhook caBundle value. Useful when running pilot with a well known cert - validationCABundle: "" - - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - defaultRevision: "default" - experimental: - stableValidationPolicy: false diff --git a/resources/v1.26.5/charts/cni/Chart.yaml b/resources/v1.26.5/charts/cni/Chart.yaml deleted file mode 100644 index f610e99a8..000000000 --- a/resources/v1.26.5/charts/cni/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.5 -description: Helm chart for istio-cni components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-cni -- istio -name: cni -sources: -- https://github.com/istio/istio -version: 1.26.5 diff --git a/resources/v1.26.5/charts/cni/README.md b/resources/v1.26.5/charts/cni/README.md deleted file mode 100644 index a8b78d5bd..000000000 --- a/resources/v1.26.5/charts/cni/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# Istio CNI Helm Chart - -This chart installs the Istio CNI Plugin. See the [CNI installation guide](https://istio.io/latest/docs/setup/additional-setup/cni/) -for more information. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-cni`: - -```console -helm install istio-cni istio/cni -n kube-system -``` - -Installation in `kube-system` is recommended to ensure the [`system-node-critical`](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) -`priorityClassName` can be used. You can install in other namespace only on K8S clusters that allow -'system-node-critical' outside of kube-system. - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istio-cni -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Ambient - -To enable ambient, you can use the ambient profile: `--set profile=ambient`. - -#### Calico - -For Calico, you must also modify the settings to allow source spoofing: - -- if deployed by operator, `kubectl patch felixconfigurations default --type='json' -p='[{"op": "add", "path": "/spec/workloadSourceSpoofing", "value": "Any"}]'` -- if deployed by manifest, add env `FELIX_WORKLOADSOURCESPOOFING` with value `Any` in `spec.template.spec.containers.env` for daemonset `calico-node`. (This will allow PODs with specified annotation to skip the rpf check. ) - -### GKE notes - -On GKE, 'kube-system' is required. - -If using `helm template`, `--set cni.cniBinDir=/home/kubernetes/bin` is required - with `helm install` -it is auto-detected. diff --git a/resources/v1.26.5/charts/cni/files/profile-ambient.yaml b/resources/v1.26.5/charts/cni/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.5/charts/cni/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.5/charts/cni/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.5/charts/cni/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.5/charts/cni/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/cni/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.5/charts/cni/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.5/charts/cni/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.5/charts/cni/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.5/charts/cni/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/cni/files/profile-demo.yaml b/resources/v1.26.5/charts/cni/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.5/charts/cni/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.5/charts/cni/files/profile-platform-gke.yaml b/resources/v1.26.5/charts/cni/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.5/charts/cni/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.5/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.26.5/charts/cni/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.5/charts/cni/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.5/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.26.5/charts/cni/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.5/charts/cni/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.5/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.26.5/charts/cni/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.5/charts/cni/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.5/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.26.5/charts/cni/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.5/charts/cni/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.5/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.26.5/charts/cni/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.5/charts/cni/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.5/charts/cni/files/profile-preview.yaml b/resources/v1.26.5/charts/cni/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.5/charts/cni/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.5/charts/cni/files/profile-remote.yaml b/resources/v1.26.5/charts/cni/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.5/charts/cni/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.5/charts/cni/files/profile-stable.yaml b/resources/v1.26.5/charts/cni/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.5/charts/cni/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.5/charts/cni/templates/NOTES.txt b/resources/v1.26.5/charts/cni/templates/NOTES.txt deleted file mode 100644 index fb35525b9..000000000 --- a/resources/v1.26.5/charts/cni/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -"{{ .Release.Name }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.5/charts/cni/templates/_helpers.tpl b/resources/v1.26.5/charts/cni/templates/_helpers.tpl deleted file mode 100644 index 73cc17b2f..000000000 --- a/resources/v1.26.5/charts/cni/templates/_helpers.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{- define "name" -}} - istio-cni -{{- end }} - - -{{- define "istio-tag" -}} - {{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}} -{{- end }} diff --git a/resources/v1.26.5/charts/cni/templates/clusterrole.yaml b/resources/v1.26.5/charts/cni/templates/clusterrole.yaml deleted file mode 100644 index 1779e0bb1..000000000 --- a/resources/v1.26.5/charts/cni/templates/clusterrole.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -- apiGroups: [""] - resources: ["pods","nodes","namespaces"] - verbs: ["get", "list", "watch"] -{{- if (eq ((coalesce .Values.platform .Values.global.platform) | default "") "openshift") }} -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -{{- end }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-repair-role - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["watch", "get", "list"] -{{- if .Values.repair.repairPods }} -{{- /* No privileges needed*/}} -{{- else if .Values.repair.deletePods }} - - apiGroups: [""] - resources: ["pods"] - verbs: ["delete"] -{{- else if .Values.repair.labelPods }} - - apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -{{- end }} -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-ambient - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -- apiGroups: ["apps"] - resources: ["daemonsets"] - resourceNames: ["{{ template "name" . }}-node"] - verbs: ["get"] -{{- end }} diff --git a/resources/v1.26.5/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.26.5/charts/cni/templates/clusterrolebinding.yaml deleted file mode 100644 index 42fedab1f..000000000 --- a/resources/v1.26.5/charts/cni/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-repair-rolebinding - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-repair-role -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-ambient - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-ambient -{{- end }} diff --git a/resources/v1.26.5/charts/cni/templates/configmap-cni.yaml b/resources/v1.26.5/charts/cni/templates/configmap-cni.yaml deleted file mode 100644 index 3deb2cb5a..000000000 --- a/resources/v1.26.5/charts/cni/templates/configmap-cni.yaml +++ /dev/null @@ -1,35 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "name" . }}-config - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -data: - CURRENT_AGENT_VERSION: {{ .Values.tag | default .Values.global.tag | quote }} - AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} - AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | quote }} - AMBIENT_IPV6: {{ .Values.ambient.ipv6 | quote }} - AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | quote }} - {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values - CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. - {{- end }} - CHAINED_CNI_PLUGIN: {{ .Values.chained | quote }} - EXCLUDE_NAMESPACES: "{{ range $idx, $ns := .Values.excludeNamespaces }}{{ if $idx }},{{ end }}{{ $ns }}{{ end }}" - REPAIR_ENABLED: {{ .Values.repair.enabled | quote }} - REPAIR_LABEL_PODS: {{ .Values.repair.labelPods | quote }} - REPAIR_DELETE_PODS: {{ .Values.repair.deletePods | quote }} - REPAIR_REPAIR_PODS: {{ .Values.repair.repairPods | quote }} - REPAIR_INIT_CONTAINER_NAME: {{ .Values.repair.initContainerName | quote }} - REPAIR_BROKEN_POD_LABEL_KEY: {{ .Values.repair.brokenPodLabelKey | quote }} - REPAIR_BROKEN_POD_LABEL_VALUE: {{ .Values.repair.brokenPodLabelValue | quote }} - {{- with .Values.env }} - {{- range $key, $val := . }} - {{ $key }}: "{{ $val }}" - {{- end }} - {{- end }} diff --git a/resources/v1.26.5/charts/cni/templates/daemonset.yaml b/resources/v1.26.5/charts/cni/templates/daemonset.yaml deleted file mode 100644 index cdccd3654..000000000 --- a/resources/v1.26.5/charts/cni/templates/daemonset.yaml +++ /dev/null @@ -1,245 +0,0 @@ -# This manifest installs the Istio install-cni container, as well -# as the Istio CNI plugin and config on -# each master and worker node in a Kubernetes cluster. -# -# $detectedBinDir exists to support a GKE-specific platform override, -# and is deprecated in favor of using the explicit `gke` platform profile. -{{- $detectedBinDir := (.Capabilities.KubeVersion.GitVersion | contains "-gke") | ternary - "/home/kubernetes/bin" - "/opt/cni/bin" -}} -{{- if .Values.cniBinDir }} -{{ $detectedBinDir = .Values.cniBinDir }} -{{- end }} -kind: DaemonSet -apiVersion: apps/v1 -metadata: - # Note that this is templated but evaluates to a fixed name - # which the CNI plugin may fall back onto in some failsafe scenarios. - # if this name is changed, CNI plugin logic that checks for this name - # format should also be updated. - name: {{ template "name" . }}-node - namespace: {{ .Release.Namespace }} - labels: - k8s-app: {{ template "name" . }}-node - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - k8s-app: {{ template "name" . }}-node - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - k8s-app: {{ template "name" . }}-node - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 8 }} - annotations: - sidecar.istio.io/inject: "false" - # Add Prometheus Scrape annotations - prometheus.io/scrape: 'true' - prometheus.io/port: "15014" - prometheus.io/path: '/metrics' - # Add AppArmor annotation - # This is required to avoid conflicts with AppArmor profiles which block certain - # privileged pod capabilities. - # Required for Kubernetes 1.29 which does not support setting appArmorProfile in the - # securityContext which is otherwise preferred. - container.apparmor.security.beta.kubernetes.io/install-cni: unconfined - # Custom annotations - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet -{{- end }} - nodeSelector: - kubernetes.io/os: linux - # Can be configured to allow for excluding istio-cni from being scheduled on specified nodes - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - tolerations: - # Make sure istio-cni-node gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: {{ template "name" . }} - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 5 - containers: - # This container installs the Istio CNI binaries - # and CNI network config file on each node. - - name: install-cni -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "install-cni" }}:{{ template "istio-tag" . }}" -{{- end }} -{{- if or .Values.pullPolicy .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.imagePullPolicy }} -{{- end }} - ports: - - containerPort: 15014 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8000 - securityContext: - privileged: false - runAsGroup: 0 - runAsUser: 0 - runAsNonRoot: false - # Both ambient and sidecar repair mode require elevated node privileges to function. - # But we don't need _everything_ in `privileged`, so explicitly set it to false and - # add capabilities based on feature. - capabilities: - drop: - - ALL - add: - # CAP_NET_ADMIN is required to allow ipset and route table access - - NET_ADMIN - # CAP_NET_RAW is required to allow iptables mutation of the `nat` table - - NET_RAW - # CAP_SYS_PTRACE is required for repair and ambient mode to describe - # the pod's network namespace. - - SYS_PTRACE - # CAP_SYS_ADMIN is required for both ambient and repair, in order to open - # network namespaces in `/proc` to obtain descriptors for entering pod network - # namespaces. There does not appear to be a more granular capability for this. - - SYS_ADMIN - # While we run as a 'root' (UID/GID 0), since we drop all capabilities we lose - # the typical ability to read/write to folders owned by others. - # This can cause problems if the hostPath mounts we use, which we require write access into, - # are owned by non-root. DAC_OVERRIDE bypasses these and gives us write access into any folder. - - DAC_OVERRIDE -{{- if .Values.seLinuxOptions }} -{{ with (merge .Values.seLinuxOptions (dict "type" "spc_t")) }} - seLinuxOptions: -{{ toYaml . | trim | indent 14 }} -{{- end }} -{{- end }} -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - command: ["install-cni"] - args: - {{- if or .Values.logging.level .Values.global.logging.level }} - - --log_output_level={{ coalesce .Values.logging.level .Values.global.logging.level }} - {{- end}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end}} - envFrom: - - configMapRef: - name: {{ template "name" . }}-config - env: - - name: REPAIR_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: REPAIR_RUN_AS_DAEMON - value: "true" - - name: REPAIR_SIDECAR_ANNOTATION - value: "sidecar.istio.io/status" - {{- if not (and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace) }} - - name: ALLOW_SWITCH_TO_HOST_NS - value: "true" - {{- end }} - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - mountPath: /host/proc - name: cni-host-procfs - readOnly: true - {{- end }} - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - - mountPath: /var/run/istio-cni - name: cni-socket-dir - {{- if .Values.ambient.enabled }} - - mountPath: /host/var/run/netns - mountPropagation: HostToContainer - name: cni-netns-dir - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - {{ end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - volumes: - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: {{ $detectedBinDir }} - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - name: cni-host-procfs - hostPath: - path: /proc - type: Directory - {{- end }} - {{- if .Values.ambient.enabled }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate - {{- end }} - - name: cni-net-dir - hostPath: - path: {{ .Values.cniConfDir }} - # Used for UDS sockets for logging, ambient eventing - - name: cni-socket-dir - hostPath: - path: /var/run/istio-cni - - name: cni-netns-dir - hostPath: - path: {{ .Values.cniNetnsDir }} - type: DirectoryOrCreate # DirectoryOrCreate instead of Directory for the following reason - CNI may not bind mount this until a non-hostnetwork pod is scheduled on the node, - # and we don't want to block CNI agent pod creation on waiting for the first non-hostnetwork pod. - # Once the CNI does mount this, it will get populated and we're good. diff --git a/resources/v1.26.5/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.26.5/charts/cni/templates/network-attachment-definition.yaml deleted file mode 100644 index 86a2eb7c0..000000000 --- a/resources/v1.26.5/charts/cni/templates/network-attachment-definition.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if eq .Values.provider "multus" }} -apiVersion: k8s.cni.cncf.io/v1 -kind: NetworkAttachmentDefinition -metadata: - name: {{ template "name" . }} - namespace: default - labels: - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.5/charts/cni/templates/resourcequota.yaml b/resources/v1.26.5/charts/cni/templates/resourcequota.yaml deleted file mode 100644 index 9a6d61ff9..000000000 --- a/resources/v1.26.5/charts/cni/templates/resourcequota.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ template "name" . }}-resource-quota - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.5/charts/cni/templates/serviceaccount.yaml b/resources/v1.26.5/charts/cni/templates/serviceaccount.yaml deleted file mode 100644 index 3193d7b74..000000000 --- a/resources/v1.26.5/charts/cni/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.5/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.26.5/charts/cni/templates/zzy_descope_legacy.yaml deleted file mode 100644 index a9584ac29..000000000 --- a/resources/v1.26.5/charts/cni/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.cni` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "cni") }} \ No newline at end of file diff --git a/resources/v1.26.5/charts/cni/templates/zzz_profile.yaml b/resources/v1.26.5/charts/cni/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.5/charts/cni/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.5/charts/cni/values.yaml b/resources/v1.26.5/charts/cni/values.yaml deleted file mode 100644 index b81de1ece..000000000 --- a/resources/v1.26.5/charts/cni/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - hub: "" - tag: "" - variant: "" - image: install-cni - pullPolicy: "" - - # Same as `global.logging.level`, but will override it if set - logging: - level: "" - - # Configuration file to insert istio-cni plugin configuration - # by default this will be the first file found in the cni-conf-dir - # Example - # cniConfFileName: 10-calico.conflist - - # CNI-and-platform specific path defaults. - # These may need to be set to platform-specific values, consult - # overrides for your platform in `manifests/helm-profiles/platform-*.yaml` - cniBinDir: /opt/cni/bin - cniConfDir: /etc/cni/net.d - cniConfFileName: "" - cniNetnsDir: "/var/run/netns" - - excludeNamespaces: - - kube-system - - # Allows user to set custom affinity for the DaemonSet - affinity: {} - - # Custom annotations on pod level, if you need them - podAnnotations: {} - - # Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")? - # Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case - chained: true - - # Custom configuration happens based on the CNI provider. - # Possible values: "default", "multus" - provider: "default" - - # Configure ambient settings - ambient: - # If enabled, ambient redirection will be enabled - enabled: false - # Set ambient config dir path: defaults to /etc/ambient-config - configDir: "" - # If enabled, and ambient is enabled, DNS redirection will be enabled - dnsCapture: true - # If enabled, and ambient is enabled, enables ipv6 support - ipv6: true - # If enabled, and ambient is enabled, the CNI agent will reconcile incompatible iptables rules and chains at startup. - # This will eventually be enabled by default - reconcileIptablesOnStartup: false - # If enabled, and ambient is enabled, the CNI agent will always share the network namespace of the host node it is running on - shareHostNetworkNamespace: false - - - repair: - enabled: true - hub: "" - tag: "" - - # Repair controller has 3 modes. Pick which one meets your use cases. Note only one may be used. - # This defines the action the controller will take when a pod is detected as broken. - - # labelPods will label all pods with =. - # This is only capable of identifying broken pods; the user is responsible for fixing them (generally, by deleting them). - # Note this gives the DaemonSet a relatively high privilege, as modifying pod metadata/status can have wider impacts. - labelPods: false - # deletePods will delete any broken pod. These will then be rescheduled, hopefully onto a node that is fully ready. - # Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod. - deletePods: false - # repairPods will dynamically repair any broken pod by setting up the pod networking configuration even after it has started. - # Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. - # This requires no RBAC privilege, but does require `securityContext.privileged/CAP_SYS_ADMIN`. - repairPods: true - - initContainerName: "istio-validation" - - brokenPodLabelKey: "cni.istio.io/uninitialized" - brokenPodLabelValue: "true" - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # SELinux options to set in the istio-cni-node pods. You may need to set this to `type: spc_t` for some platforms. - seLinuxOptions: {} - - resources: - requests: - cpu: 100m - memory: 100Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # For Helm compatibility. - ownerName: "" - - global: - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - - # Default tag for Istio images. - tag: 1.26.5 - - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # change cni scope level to control logging out of istio-cni-node DaemonSet - logging: - level: info - - logAsJson: false - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Default resources allocated - defaultResources: - requests: - cpu: 100m - memory: 100Mi - - # A `key: value` mapping of environment variables to add to the pod - env: {} diff --git a/resources/v1.26.5/charts/gateway/Chart.yaml b/resources/v1.26.5/charts/gateway/Chart.yaml deleted file mode 100644 index e7b199452..000000000 --- a/resources/v1.26.5/charts/gateway/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.5 -description: Helm chart for deploying Istio gateways -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- gateways -name: gateway -sources: -- https://github.com/istio/istio -type: application -version: 1.26.5 diff --git a/resources/v1.26.5/charts/gateway/README.md b/resources/v1.26.5/charts/gateway/README.md deleted file mode 100644 index 5c064d165..000000000 --- a/resources/v1.26.5/charts/gateway/README.md +++ /dev/null @@ -1,170 +0,0 @@ -# Istio Gateway Helm Chart - -This chart installs an Istio gateway deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-ingressgateway`: - -```console -helm install istio-ingressgateway istio/gateway -``` - -## Uninstalling the Chart - -To uninstall/delete the `istio-ingressgateway` deployment: - -```console -helm delete istio-ingressgateway -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/gateway -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### OpenShift - -When deploying the gateway in an OpenShift cluster, use the `openshift` profile to override the default values, for example: - -```console -helm install istio-ingressgateway istio/gateway --set profile=openshift -``` - -### `image: auto` Information - -The image used by the chart, `auto`, may be unintuitive. -This exists because the pod spec will be automatically populated at runtime, using the same mechanism as [Sidecar Injection](istio.io/latest/docs/setup/additional-setup/sidecar-injection). -This allows the same configurations and lifecycle to apply to gateways as sidecars. - -Note: this does mean that the namespace the gateway is deployed in must not have the `istio-injection=disabled` label. -See [Controlling the injection policy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) for more info. - -### Examples - -#### Egress Gateway - -Deploying a Gateway to be used as an [Egress Gateway](https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/): - -```yaml -service: - # Egress gateways do not need an external LoadBalancer IP - type: ClusterIP -``` - -#### Multi-network/VM Gateway - -Deploying a Gateway to be used as a [Multi-network Gateway](https://istio.io/latest/docs/setup/install/multicluster/) for network `network-1`: - -```yaml -networkGateway: network-1 -``` - -### Migrating from other installation methods - -Installations from other installation methods (such as istioctl, Istio Operator, other helm charts, etc) can be migrated to use the new Helm charts -following the guidance below. -If you are able to, a clean installation is simpler. However, this often requires an external IP migration which can be challenging. - -WARNING: when installing over an existing deployment, the two deployments will be merged together by Helm, which may lead to unexpected results. - -#### Legacy Gateway Helm charts - -Istio historically offered two different charts - `manifests/charts/gateways/istio-ingress` and `manifests/charts/gateways/istio-egress`. -These are replaced by this chart. -While not required, it is recommended all new users use this chart, and existing users migrate when possible. - -This chart has the following benefits and differences: -* Designed with Helm best practices in mind (standardized values options, values schema, values are not all nested under `gateways.istio-ingressgateway.*`, release name and namespace taken into account, etc). -* Utilizes Gateway injection, simplifying upgrades, allowing gateways to run in any namespace, and avoiding repeating config for sidecars and gateways. -* Published to official Istio Helm repository. -* Single chart for all gateways (Ingress, Egress, East West). - -#### General concerns - -For a smooth migration, the resource names and `Deployment.spec.selector` labels must match. - -If you install with `helm install istio-gateway istio/gateway`, resources will be named `istio-gateway` and the `selector` labels set to: - -```yaml -app: istio-gateway -istio: gateway # the release name with leading istio- prefix stripped -``` - -If your existing installation doesn't follow these names, you can override them. For example, if you have resources named `my-custom-gateway` with `selector` labels -`foo=bar,istio=ingressgateway`: - -```yaml -name: my-custom-gateway # Override the name to match existing resources -labels: - app: "" # Unset default app selector label - istio: ingressgateway # override default istio selector label - foo: bar # Add the existing custom selector label -``` - -#### Migrating an existing Helm release - -An existing helm release can be `helm upgrade`d to this chart by using the same release name. For example, if a previous -installation was done like: - -```console -helm install istio-ingress manifests/charts/gateways/istio-ingress -n istio-system -``` - -It could be upgraded with - -```console -helm upgrade istio-ingress manifests/charts/gateway -n istio-system --set name=istio-ingressgateway --set labels.app=istio-ingressgateway --set labels.istio=ingressgateway -``` - -Note the name and labels are overridden to match the names of the existing installation. - -Warning: the helm charts here default to using port 80 and 443, while the old charts used 8080 and 8443. -If you have AuthorizationPolicies that reference port these ports, you should update them during this process, -or customize the ports to match the old defaults. -See the [security advisory](https://istio.io/latest/news/security/istio-security-2021-002/) for more information. - -#### Other migrations - -If you see errors like `rendered manifests contain a resource that already exists` during installation, you may need to forcibly take ownership. - -The script below can handle this for you. Replace `RELEASE` and `NAMESPACE` with the name and namespace of the release: - -```console -KINDS=(service deployment) -RELEASE=istio-ingressgateway -NAMESPACE=istio-system -for KIND in "${KINDS[@]}"; do - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-name=$RELEASE - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-namespace=$NAMESPACE - kubectl --namespace $NAMESPACE --overwrite=true label $KIND $RELEASE app.kubernetes.io/managed-by=Helm -done -``` - -You may ignore errors about resources not being found. diff --git a/resources/v1.26.5/charts/gateway/files/profile-ambient.yaml b/resources/v1.26.5/charts/gateway/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.5/charts/gateway/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.5/charts/gateway/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.5/charts/gateway/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.5/charts/gateway/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/gateway/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.5/charts/gateway/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.5/charts/gateway/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.5/charts/gateway/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.5/charts/gateway/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/gateway/files/profile-demo.yaml b/resources/v1.26.5/charts/gateway/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.5/charts/gateway/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.5/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.26.5/charts/gateway/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.5/charts/gateway/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.5/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.26.5/charts/gateway/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.5/charts/gateway/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.5/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.26.5/charts/gateway/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.5/charts/gateway/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.5/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.26.5/charts/gateway/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.5/charts/gateway/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.5/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.26.5/charts/gateway/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.5/charts/gateway/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.5/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.26.5/charts/gateway/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.5/charts/gateway/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.5/charts/gateway/files/profile-preview.yaml b/resources/v1.26.5/charts/gateway/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.5/charts/gateway/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.5/charts/gateway/files/profile-remote.yaml b/resources/v1.26.5/charts/gateway/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.5/charts/gateway/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.5/charts/gateway/files/profile-stable.yaml b/resources/v1.26.5/charts/gateway/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.5/charts/gateway/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.5/charts/gateway/templates/NOTES.txt b/resources/v1.26.5/charts/gateway/templates/NOTES.txt deleted file mode 100644 index fd0142911..000000000 --- a/resources/v1.26.5/charts/gateway/templates/NOTES.txt +++ /dev/null @@ -1,9 +0,0 @@ -"{{ include "gateway.name" . }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: - * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ - * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ diff --git a/resources/v1.26.5/charts/gateway/templates/_helpers.tpl b/resources/v1.26.5/charts/gateway/templates/_helpers.tpl deleted file mode 100644 index e5a0a9b3c..000000000 --- a/resources/v1.26.5/charts/gateway/templates/_helpers.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{- define "gateway.name" -}} -{{- if eq .Release.Name "RELEASE-NAME" -}} - {{- .Values.name | default "istio-ingressgateway" -}} -{{- else -}} - {{- .Values.name | default .Release.Name | default "istio-ingressgateway" -}} -{{- end -}} -{{- end }} - -{{- define "gateway.labels" -}} -{{ include "gateway.selectorLabels" . }} -{{- range $key, $val := .Values.labels }} -{{- if and (ne $key "app") (ne $key "istio") }} -{{ $key | quote }}: {{ $val | quote }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "gateway.selectorLabels" -}} -app: {{ (.Values.labels.app | quote) | default (include "gateway.name" .) }} -istio: {{ (.Values.labels.istio | quote) | default (include "gateway.name" . | trimPrefix "istio-") }} -{{- end }} - -{{/* -Keep sidecar injection labels together -https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy -*/}} -{{- define "gateway.sidecarInjectionLabels" -}} -sidecar.istio.io/inject: "true" -{{- with .Values.revision }} -istio.io/rev: {{ . | quote }} -{{- end }} -{{- end }} - -{{- define "gateway.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- .Values.serviceAccount.name | default (include "gateway.name" .) }} -{{- else }} -{{- .Values.serviceAccount.name | default "default" }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.5/charts/gateway/templates/deployment.yaml b/resources/v1.26.5/charts/gateway/templates/deployment.yaml deleted file mode 100644 index d83ff3b49..000000000 --- a/resources/v1.26.5/charts/gateway/templates/deployment.yaml +++ /dev/null @@ -1,131 +0,0 @@ -apiVersion: apps/v1 -kind: {{ .Values.kind | default "Deployment" }} -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - {{- if and (hasKey .Values "replicaCount") (ne .Values.replicaCount nil) }} - replicas: {{ .Values.replicaCount }} - {{- end }} - {{- end }} - {{- with .Values.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.minReadySeconds }} - minReadySeconds: {{ . }} - {{- end }} - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "gateway.sidecarInjectionLabels" . | nindent 8 }} - {{- include "gateway.selectorLabels" . | nindent 8 }} - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 8}} - {{- range $key, $val := .Values.labels }} - {{- if and (ne $key "app") (ne $key "istio") }} - {{ $key | quote }}: {{ $val | quote }} - {{- end }} - {{- end }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "gateway.serviceAccountName" . }} - securityContext: - {{- if .Values.securityContext }} - {{- toYaml .Values.securityContext | nindent 8 }} - {{- else }} - # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326 - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - {{- with .Values.volumes }} - volumes: - {{ toYaml . | nindent 8 }} - {{- end }} - containers: - - name: istio-proxy - # "auto" will be populated at runtime by the mutating webhook. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#customizing-injection - image: auto - {{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} - {{- end }} - securityContext: - {{- if .Values.containerSecurityContext }} - {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- else }} - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - {{- if not (eq (.Values.platform | default "") "openshift") }} - runAsUser: 1337 - runAsGroup: 1337 - {{- end }} - runAsNonRoot: true - {{- end }} - env: - {{- with .Values.networkGateway }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: "{{.}}" - {{- end }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} - {{- with .Values.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} diff --git a/resources/v1.26.5/charts/gateway/templates/hpa.yaml b/resources/v1.26.5/charts/gateway/templates/hpa.yaml deleted file mode 100644 index 64ecb6a4c..000000000 --- a/resources/v1.26.5/charts/gateway/templates/hpa.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if and (.Values.autoscaling.enabled) (eq .Values.kind "Deployment") }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: {{ .Values.kind | default "Deployment" }} - name: {{ include "gateway.name" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaling.autoscaleBehavior | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.5/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.26.5/charts/gateway/templates/poddisruptionbudget.yaml deleted file mode 100644 index b0155cdf0..000000000 --- a/resources/v1.26.5/charts/gateway/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} -spec: - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - {{- with .Values.podDisruptionBudget }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.5/charts/gateway/templates/role.yaml b/resources/v1.26.5/charts/gateway/templates/role.yaml deleted file mode 100644 index 3d1607963..000000000 --- a/resources/v1.26.5/charts/gateway/templates/role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/*Set up roles for Istio Gateway. Not required for gateway-api*/}} -{{- if .Values.rbac.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "gateway.serviceAccountName" . }} -subjects: -- kind: ServiceAccount - name: {{ include "gateway.serviceAccountName" . }} -{{- end }} diff --git a/resources/v1.26.5/charts/gateway/templates/service.yaml b/resources/v1.26.5/charts/gateway/templates/service.yaml deleted file mode 100644 index 3e28418f7..000000000 --- a/resources/v1.26.5/charts/gateway/templates/service.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if not (eq .Values.service.type "None") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - annotations: - {{- merge (deepCopy .Values.service.annotations) .Values.annotations | toYaml | nindent 4 }} -spec: -{{- with .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ . }}" -{{- end }} -{{- if eq .Values.service.type "LoadBalancer" }} - {{- if hasKey .Values.service "allocateLoadBalancerNodePorts" }} - allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }} - {{- end }} - {{- if hasKey .Values.service "loadBalancerClass" }} - loadBalancerClass: {{ .Values.service.loadBalancerClass }} - {{- end }} -{{- end }} -{{- if .Values.service.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} -{{- end }} -{{- if .Values.service.ipFamilies }} - ipFamilies: -{{- range .Values.service.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} -{{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: "{{ . }}" -{{- end }} - type: {{ .Values.service.type }} - ports: -{{- if .Values.networkGateway }} - - name: status-port - port: 15021 - targetPort: 15021 - - name: tls - port: 15443 - targetPort: 15443 - - name: tls-istiod - port: 15012 - targetPort: 15012 - - name: tls-webhook - port: 15017 - targetPort: 15017 -{{- else }} -{{ .Values.service.ports | toYaml | indent 4 }} -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: {{- range .Values.service.externalIPs }} - - {{.}} - {{- end }} -{{- end }} - selector: - {{- include "gateway.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.5/charts/gateway/templates/serviceaccount.yaml b/resources/v1.26.5/charts/gateway/templates/serviceaccount.yaml deleted file mode 100644 index c88afeadd..000000000 --- a/resources/v1.26.5/charts/gateway/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.5/charts/gateway/templates/zzz_profile.yaml b/resources/v1.26.5/charts/gateway/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.5/charts/gateway/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.5/charts/gateway/values.schema.json b/resources/v1.26.5/charts/gateway/values.schema.json deleted file mode 100644 index d81fcffaa..000000000 --- a/resources/v1.26.5/charts/gateway/values.schema.json +++ /dev/null @@ -1,368 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "$defs": { - "values": { - "type": "object", - "additionalProperties": false, - "properties": { - "_internal_defaults_do_not_set": { - "type": "object" - }, - "global": { - "type": "object" - }, - "affinity": { - "type": "object" - }, - "securityContext": { - "type": [ - "object", - "null" - ] - }, - "containerSecurityContext": { - "type": [ - "object", - "null" - ] - }, - "kind": { - "type": "string", - "enum": [ - "Deployment", - "DaemonSet" - ] - }, - "annotations": { - "additionalProperties": { - "type": [ - "string", - "integer" - ] - }, - "type": "object" - }, - "autoscaling": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxReplicas": { - "type": "integer" - }, - "minReplicas": { - "type": "integer" - }, - "targetCPUUtilizationPercentage": { - "type": "integer" - } - } - }, - "env": { - "type": "object" - }, - "envVarFrom": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "valueFrom": { - "type": "object" - } - } - } - }, - "strategy": { - "type": "object" - }, - "minReadySeconds": { - "type": [ - "null", - "integer" - ] - }, - "readinessProbe": { - "type": [ - "null", - "object" - ] - }, - "labels": { - "type": "object" - }, - "name": { - "type": "string" - }, - "nodeSelector": { - "type": "object" - }, - "podAnnotations": { - "type": "object", - "properties": { - "inject.istio.io/templates": { - "type": "string" - }, - "prometheus.io/path": { - "type": "string" - }, - "prometheus.io/port": { - "type": "string" - }, - "prometheus.io/scrape": { - "type": "string" - } - } - }, - "replicaCount": { - "type": [ - "integer", - "null" - ] - }, - "resources": { - "type": "object", - "properties": { - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - }, - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - } - } - }, - "revision": { - "type": "string" - }, - "defaultRevision": { - "type": "string" - }, - "compatibilityVersion": { - "type": "string" - }, - "profile": { - "type": "string" - }, - "platform": { - "type": "string" - }, - "pilot": { - "type": "object" - }, - "runAsRoot": { - "type": "boolean" - }, - "unprivilegedPort": { - "type": [ - "string", - "boolean" - ], - "enum": [ - true, - false, - "auto" - ] - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "loadBalancerIP": { - "type": "string" - }, - "loadBalancerSourceRanges": { - "type": "array" - }, - "ipFamilies": { - "items": { - "type": "string", - "enum": [ - "IPv4", - "IPv6" - ] - } - }, - "ipFamilyPolicy": { - "type": "string", - "enum": [ - "", - "SingleStack", - "PreferDualStack", - "RequireDualStack" - ] - }, - "ports": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "protocol": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - }, - "type": { - "type": "string" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "name": { - "type": "string" - }, - "create": { - "type": "boolean" - } - } - }, - "rbac": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "tolerations": { - "type": "array" - }, - "topologySpreadConstraints": { - "type": "array" - }, - "networkGateway": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string", - "enum": [ - "", - "Always", - "IfNotPresent", - "Never" - ] - }, - "imagePullSecrets": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - } - } - }, - "podDisruptionBudget": { - "type": "object", - "properties": { - "minAvailable": { - "type": [ - "integer", - "string" - ] - }, - "maxUnavailable": { - "type": [ - "integer", - "string" - ] - }, - "unhealthyPodEvictionPolicy": { - "type": "string", - "enum": [ - "", - "IfHealthyBudget", - "AlwaysAllow" - ] - } - } - }, - "terminationGracePeriodSeconds": { - "type": "number" - }, - "volumes": { - "type": "array", - "items": { - "type": "object" - } - }, - "volumeMounts": { - "type": "array", - "items": { - "type": "object" - } - }, - "initContainers": { - "type": "array", - "items": { - "type": "object" - } - }, - "additionalContainers": { - "type": "array", - "items": { - "type": "object" - } - }, - "priorityClassName": { - "type": "string" - } - } - } - }, - "defaults": { - "$ref": "#/$defs/values" - }, - "$ref": "#/$defs/values" -} diff --git a/resources/v1.26.5/charts/gateway/values.yaml b/resources/v1.26.5/charts/gateway/values.yaml deleted file mode 100644 index 4e65676ba..000000000 --- a/resources/v1.26.5/charts/gateway/values.yaml +++ /dev/null @@ -1,170 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Name allows overriding the release name. Generally this should not be set - name: "" - # revision declares which revision this gateway is a part of - revision: "" - - # Controls the spec.replicas setting for the Gateway deployment if set. - # Otherwise defaults to Kubernetes Deployment default (1). - replicaCount: - - kind: Deployment - - rbac: - # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed - # when using http://gateway-api.org/. - enabled: true - - serviceAccount: - # If set, a service account will be created. Otherwise, the default is used - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set, the release name is used - name: "" - - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - prometheus.io/path: "/stats/prometheus" - inject.istio.io/templates: "gateway" - sidecar.istio.io/inject: "true" - - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - containerSecurityContext: {} - - service: - # Type of service. Set to "None" to disable the service entirely - type: LoadBalancer - ports: - - name: status-port - port: 15021 - protocol: TCP - targetPort: 15021 - - name: http2 - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - annotations: {} - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalTrafficPolicy: "" - externalIPs: [] - ipFamilyPolicy: "" - ipFamilies: [] - ## Whether to automatically allocate NodePorts (only for LoadBalancers). - # allocateLoadBalancerNodePorts: false - ## Set LoadBalancer class (only for LoadBalancers). - # loadBalancerClass: "" - - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: {} - autoscaleBehavior: {} - - # Pod environment variables - env: {} - - # Deployment Update strategy - strategy: {} - - # Sets the Deployment minReadySeconds value - minReadySeconds: - - # Optionally configure a custom readinessProbe. By default the control plane - # automatically injects the readinessProbe. If you wish to override that - # behavior, you may define your own readinessProbe here. - readinessProbe: {} - - # Labels to apply to all resources - labels: - # By default, don't enroll gateways into the ambient dataplane - "istio.io/dataplane-mode": none - - # Annotations to apply to all resources - annotations: {} - - nodeSelector: {} - - tolerations: [] - - topologySpreadConstraints: [] - - affinity: {} - - # If specified, the gateway will act as a network gateway for the given network. - networkGateway: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent - imagePullPolicy: "" - - imagePullSecrets: [] - - # This value is used to configure a Kubernetes PodDisruptionBudget for the gateway. - # - # By default, the `podDisruptionBudget` is disabled (set to `{}`), - # which means that no PodDisruptionBudget resource will be created. - # - # To enable the PodDisruptionBudget, configure it by specifying the - # `minAvailable` or `maxUnavailable`. For example, to set the - # minimum number of available replicas to 1, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # - # Or, to allow a maximum of 1 unavailable replica, you can set: - # - # podDisruptionBudget: - # maxUnavailable: 1 - # - # You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`. - # For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # unhealthyPodEvictionPolicy: AlwaysAllow - # - # To disable the PodDisruptionBudget, you can leave it as an empty object `{}`: - # - # podDisruptionBudget: {} - # - podDisruptionBudget: {} - - # Sets the per-pod terminationGracePeriodSeconds setting. - terminationGracePeriodSeconds: 30 - - # A list of `Volumes` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumes: [] - - # A list of `VolumeMounts` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumeMounts: [] - - # Configure this to a higher priority class in order to make sure your Istio gateway pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" diff --git a/resources/v1.26.5/charts/istiod/Chart.yaml b/resources/v1.26.5/charts/istiod/Chart.yaml deleted file mode 100644 index ac74a46d4..000000000 --- a/resources/v1.26.5/charts/istiod/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.5 -description: Helm chart for istio control plane -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- istiod -- istio-discovery -name: istiod -sources: -- https://github.com/istio/istio -version: 1.26.5 diff --git a/resources/v1.26.5/charts/istiod/README.md b/resources/v1.26.5/charts/istiod/README.md deleted file mode 100644 index ddbfbc8fe..000000000 --- a/resources/v1.26.5/charts/istiod/README.md +++ /dev/null @@ -1,73 +0,0 @@ -# Istiod Helm Chart - -This chart installs an Istiod deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -Before installing, ensure CRDs are installed in the cluster (from the `istio/base` chart). - -To install the chart with the release name `istiod`: - -```console -kubectl create namespace istio-system -helm install istiod istio/istiod --namespace istio-system -``` - -## Uninstalling the Chart - -To uninstall/delete the `istiod` deployment: - -```console -helm delete istiod --namespace istio-system -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istiod -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Examples - -#### Configuring mesh configuration settings - -Any [Mesh Config](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/) options can be configured like below: - -```yaml -meshConfig: - accessLogFile: /dev/stdout -``` - -#### Revisions - -Control plane revisions allow deploying multiple versions of the control plane in the same cluster. -This allows safe [canary upgrades](https://istio.io/latest/docs/setup/upgrade/canary/) - -```yaml -revision: my-revision-name -``` diff --git a/resources/v1.26.5/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.26.5/charts/istiod/files/gateway-injection-template.yaml deleted file mode 100644 index 7d23f15f9..000000000 --- a/resources/v1.26.5/charts/istiod/files/gateway-injection-template.yaml +++ /dev/null @@ -1,261 +0,0 @@ -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: - istio.io/rev: {{ .Revision | default "default" | quote }} - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}" - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}" - {{- end }} - {{- end }} -spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 4 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- end }} - securityContext: - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.5/charts/istiod/files/grpc-agent.yaml b/resources/v1.26.5/charts/istiod/files/grpc-agent.yaml deleted file mode 100644 index dda3aeaa9..000000000 --- a/resources/v1.26.5/charts/istiod/files/grpc-agent.yaml +++ /dev/null @@ -1,318 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - {{/* security.istio.io/tlsMode: istio must be set by user, if gRPC is using mTLS initialization code. We can't set it automatically. */}} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} - sidecar.istio.io/rewriteAppHTTPProbers: "false", - } -spec: - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15020 - protocol: TCP - name: mesh-metrics - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - - --url=http://localhost:15020/healthz/ready - env: - - name: ISTIO_META_GENERATOR - value: grpc - - name: OUTPUT_CERTS - value: /var/lib/istio/data - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - # grpc uses xds:/// to resolve – no need to resolve VIP - - name: ISTIO_META_DNS_CAPTURE - value: "false" - - name: DISABLE_ENVOY - value: "true" - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15020 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} -{{- range $index, $container := .Spec.Containers }} -{{ if not (eq $container.Name "istio-proxy") }} - - name: {{ $container.Name }} - env: - - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" - value: "true" - - name: "GRPC_XDS_BOOTSTRAP" - value: "/etc/istio/proxy/grpc-bootstrap.json" - volumeMounts: - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - {{- if eq $.Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} -{{- end }} -{{- end }} - volumes: - - emptyDir: - name: workload-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-xds - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.5/charts/istiod/files/grpc-simple.yaml b/resources/v1.26.5/charts/istiod/files/grpc-simple.yaml deleted file mode 100644 index 9ba0c7a46..000000000 --- a/resources/v1.26.5/charts/istiod/files/grpc-simple.yaml +++ /dev/null @@ -1,65 +0,0 @@ -metadata: - annotations: - sidecar.istio.io/rewriteAppHTTPProbers: "false" -spec: - initContainers: - - name: grpc-bootstrap-init - image: busybox:1.28 - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - env: - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_NAMESPACE - value: | - {{ .Values.global.istioNamespace }} - command: - - sh - - "-c" - - |- - NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local" - SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010" - echo ' - { - "xds_servers": [ - { - "server_uri": "'${SERVER_URI}'", - "channel_creds": [{"type": "insecure"}], - "server_features" : ["xds_v3"] - } - ], - "node": { - "id": "'${NODE_ID}'", - "metadata": { - "GENERATOR": "grpc" - } - } - }' > /var/lib/grpc/data/bootstrap.json - containers: - {{- range $index, $container := .Spec.Containers }} - - name: {{ $container.Name }} - env: - - name: GRPC_XDS_BOOTSTRAP - value: /var/lib/grpc/data/bootstrap.json - - name: GRPC_GO_LOG_VERBOSITY_LEVEL - value: "99" - - name: GRPC_GO_LOG_SEVERITY_LEVEL - value: info - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - {{- end }} - volumes: - - name: grpc-io-proxyless-bootstrap - emptyDir: {} diff --git a/resources/v1.26.5/charts/istiod/files/injection-template.yaml b/resources/v1.26.5/charts/istiod/files/injection-template.yaml deleted file mode 100644 index bfd922b04..000000000 --- a/resources/v1.26.5/charts/istiod/files/injection-template.yaml +++ /dev/null @@ -1,531 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{ $nativeSidecar := (or (and (not (isset .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`)) (eq (env "ENABLE_NATIVE_SIDECARS" "false") "true")) (eq (index .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`) "true")) }} -{{ $tproxy := (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio" | quote }} - {{- if eq (index .ProxyConfig.ProxyMetadata "ISTIO_META_ENABLE_HBONE") "true" }} - networking.istio.io/tunnel: {{ index .ObjectMeta.Labels `networking.istio.io/tunnel` | default "http" | quote }} - {{- end }} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | trunc 63 | trimSuffix "-" | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} -{{- if .Values.pilot.cni.enabled }} - {{- if eq .Values.pilot.cni.provider "multus" }} - k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `default/istio-cni` }}', - {{- end }} - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}", - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} - traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}", - {{- end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}istio.io/reroute-virtual-interfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}traffic.sidecar.istio.io/excludeInterfaces: "{{.}}",{{ end }} -{{- end }} - } -spec: - {{- $holdProxy := and - (or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts) - (not $nativeSidecar) }} - {{- $noInitContainer := and - (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE`) - (not $nativeSidecar) }} - {{ if $noInitContainer }} - initContainers: [] - {{ else -}} - initContainers: - {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} - {{ if .Values.pilot.cni.enabled -}} - - name: istio-validation - {{ else -}} - - name: istio-init - {{ end -}} - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - args: - - istio-iptables - - "-p" - - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }} - - "-z" - - {{ .MeshConfig.ProxyInboundListenPort | default "15006" | quote }} - - "-u" - - {{ if $tproxy }} "1337" {{ else }} {{ .ProxyUID | default "1337" | quote }} {{ end }} - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}" - - "-d" - {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} - - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{- else }} - - "15090,15021" - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} - - "-q" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" - {{ end -}} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}" - {{ else if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`) -}} - - "-c" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}" - {{ end -}} - - "--log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}" - {{ if .Values.global.logAsJson -}} - - "--log_as_json" - {{ end -}} - {{ if .Values.pilot.cni.enabled -}} - - "--run-validation" - - "--skip-rule-apply" - {{ else if .Values.global.proxy_init.forceApplyIptables -}} - - "--force-apply" - {{ end -}} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{- if .ProxyConfig.ProxyMetadata }} - env: - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: - {{- if not .Values.pilot.cni.enabled }} - add: - - NET_ADMIN - - NET_RAW - {{- end }} - drop: - - ALL - {{- if not .Values.pilot.cni.enabled }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - readOnlyRootFilesystem: true - runAsGroup: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyGID | default "1337" }} {{ end }} - runAsUser: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyUID | default "1337" }} {{ end }} - runAsNonRoot: true - {{- end }} - {{ end -}} - {{ end -}} - {{ if not $nativeSidecar }} - containers: - {{ end }} - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{ if $nativeSidecar }}restartPolicy: Always{{end}} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- else if $holdProxy }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - {{- else if $nativeSidecar }} - {{- /* preStop is called when the pod starts shutdown. Initialize drain. We will get SIGTERM once applications are torn down. */}} - lifecycle: - preStop: - exec: - command: - - pilot-agent - - request - - --debug-port={{(annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort)}} - - POST - - drain - {{- end }} - env: - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- with (index .ObjectMeta.Labels `service.istio.io/workload-name` | default .DeploymentMeta.Name) }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ . }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - {{ if .Values.global.proxy.startupProbe.enabled }} - startupProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: 0 - periodSeconds: 1 - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.startupProbe.failureThreshold }} - {{ end }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }} - allowPrivilegeEscalation: true - capabilities: - add: - - NET_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: true - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: false - runAsUser: 0 - {{- else }} - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - add: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - - NET_ADMIN - {{- end }} - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} - - NET_BIND_SERVICE - {{- end }} - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: true - {{ if or ($tproxy) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - runAsNonRoot: false - runAsUser: 0 - runAsGroup: 1337 - {{- else -}} - runAsNonRoot: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} - volumes: - - emptyDir: - name: workload-socket - - emptyDir: - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.5/charts/istiod/files/kube-gateway.yaml b/resources/v1.26.5/charts/istiod/files/kube-gateway.yaml deleted file mode 100644 index 447ecae83..000000000 --- a/resources/v1.26.5/charts/istiod/files/kube-gateway.yaml +++ /dev/null @@ -1,401 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": {{.Name}} - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 8 }} - spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 8 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- if .Values.gateways.seccompProfile }} - seccompProfile: - {{- toYaml .Values.gateways.seccompProfile | nindent 10 }} - {{- end }} - {{- end }} - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{- if .Values.global.proxy.resources }} - resources: - {{- toYaml .Values.global.proxy.resources | nindent 10 }} - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - securityContext: - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: true - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }} - {{- end }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: "[]" - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName .ClusterID }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- with (valueOrDefault (index .InfrastructureLabels "topology.istio.io/network") .Values.global.network) }} - - name: ISTIO_META_NETWORK - value: {{.|quote}} - {{- end }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName|quote}} - - name: ISTIO_META_OWNER - value: "kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}}" - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- with (index .InfrastructureLabels "topology.istio.io/network") }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: {{.|quote}} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq ((.Values.pilot).env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: {{.UID}} -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": {{.Name}} - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.5/charts/istiod/files/profile-ambient.yaml b/resources/v1.26.5/charts/istiod/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.5/charts/istiod/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.5/charts/istiod/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.5/charts/istiod/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.5/charts/istiod/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/istiod/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.5/charts/istiod/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.5/charts/istiod/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.5/charts/istiod/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.5/charts/istiod/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/istiod/files/profile-demo.yaml b/resources/v1.26.5/charts/istiod/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.5/charts/istiod/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.5/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.26.5/charts/istiod/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.5/charts/istiod/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.5/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.26.5/charts/istiod/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.5/charts/istiod/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.5/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.26.5/charts/istiod/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.5/charts/istiod/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.5/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.26.5/charts/istiod/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.5/charts/istiod/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.5/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.26.5/charts/istiod/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.5/charts/istiod/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.5/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.26.5/charts/istiod/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.5/charts/istiod/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.5/charts/istiod/files/profile-preview.yaml b/resources/v1.26.5/charts/istiod/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.5/charts/istiod/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.5/charts/istiod/files/profile-remote.yaml b/resources/v1.26.5/charts/istiod/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.5/charts/istiod/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.5/charts/istiod/files/profile-stable.yaml b/resources/v1.26.5/charts/istiod/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.5/charts/istiod/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.5/charts/istiod/files/waypoint.yaml b/resources/v1.26.5/charts/istiod/files/waypoint.yaml deleted file mode 100644 index 421cabeae..000000000 --- a/resources/v1.26.5/charts/istiod/files/waypoint.yaml +++ /dev/null @@ -1,396 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": "{{.Name}}" - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "istio.io/dataplane-mode" "none" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 8}} - spec: - {{- if .Values.global.waypoint.affinity }} - affinity: - {{- toYaml .Values.global.waypoint.affinity | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml .Values.global.waypoint.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.nodeSelector }} - nodeSelector: - {{- toYaml .Values.global.waypoint.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.tolerations }} - tolerations: - {{- toYaml .Values.global.waypoint.tolerations | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 2 - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - args: - - proxy - - waypoint - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - {{.ServiceAccount}}.$(POD_NAMESPACE) - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - env: - - name: ISTIO_META_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - {{- if .ProxyConfig.ProxyMetadata }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - {{- $network := valueOrDefault (index .InfrastructureLabels `topology.istio.io/network`) .Values.global.network }} - {{- if $network }} - - name: ISTIO_META_NETWORK - value: "{{ $network }}" - {{- end }} - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName}} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if .Values.global.waypoint.resources }} - resources: - {{- toYaml .Values.global.waypoint.resources | nindent 10 }} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - privileged: false - {{- if not (eq .Values.global.platform "openshift") }} - runAsGroup: 1337 - runAsUser: 1337 - {{- end }} - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.gateways.seccompProfile }} - seccompProfile: -{{- toYaml .Values.gateways.seccompProfile | nindent 12 }} -{{- end }} - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: - medium: Memory - name: go-proxy-envoy - - emptyDir: {} - name: istio-data - - emptyDir: {} - name: go-proxy-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap - (strdict "networking.istio.io/traffic-distribution" "PreferClose") - (omit .InfrastructureAnnotations - "kubectl.kubernetes.io/last-applied-configuration" - "gateway.istio.io/name-override" - "gateway.istio.io/service-account" - "gateway.istio.io/controller-version" - ) | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": "{{.Name}}" - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.5/charts/istiod/templates/NOTES.txt b/resources/v1.26.5/charts/istiod/templates/NOTES.txt deleted file mode 100644 index 0d07ea7f4..000000000 --- a/resources/v1.26.5/charts/istiod/templates/NOTES.txt +++ /dev/null @@ -1,82 +0,0 @@ -"istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: -{{- $profile := default "" .Values.profile }} -{{- if (eq $profile "ambient") }} - * Get started with ambient: https://istio.io/latest/docs/ops/ambient/getting-started/ - * Review ambient's architecture: https://istio.io/latest/docs/ops/ambient/architecture/ -{{- else }} - * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/ - * Try out our tasks to get started on common configurations: - * https://istio.io/latest/docs/tasks/traffic-management - * https://istio.io/latest/docs/tasks/security/ - * https://istio.io/latest/docs/tasks/policy-enforcement/ -{{- end }} - * Review the list of actively supported releases, CVE publications and our hardening guide: - * https://istio.io/latest/docs/releases/supported-releases/ - * https://istio.io/latest/news/security/ - * https://istio.io/latest/docs/ops/best-practices/security/ - -For further documentation see https://istio.io website - -{{- - $deps := dict - "global.outboundTrafficPolicy" "meshConfig.outboundTrafficPolicy" - "global.certificates" "meshConfig.certificates" - "global.localityLbSetting" "meshConfig.localityLbSetting" - "global.policyCheckFailOpen" "meshConfig.policyCheckFailOpen" - "global.enableTracing" "meshConfig.enableTracing" - "global.proxy.accessLogFormat" "meshConfig.accessLogFormat" - "global.proxy.accessLogFile" "meshConfig.accessLogFile" - "global.proxy.concurrency" "meshConfig.defaultConfig.concurrency" - "global.proxy.envoyAccessLogService" "meshConfig.defaultConfig.envoyAccessLogService" - "global.proxy.envoyAccessLogService.enabled" "meshConfig.enableEnvoyAccessLogService" - "global.proxy.envoyMetricsService" "meshConfig.defaultConfig.envoyMetricsService" - "global.proxy.protocolDetectionTimeout" "meshConfig.protocolDetectionTimeout" - "global.proxy.holdApplicationUntilProxyStarts" "meshConfig.defaultConfig.holdApplicationUntilProxyStarts" - "pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" - "global.mtls.enabled" "the PeerAuthentication resource" - "global.mtls.auto" "meshConfig.enableAutoMtls" - "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address" - "global.tracer.lightstep.accessToken" "meshConfig.defaultConfig.tracing.lightstep.accessToken" - "global.tracer.zipkin.address" "meshConfig.defaultConfig.tracing.zipkin.address" - "global.tracer.datadog.address" "meshConfig.defaultConfig.tracing.datadog.address" - "global.meshExpansion.enabled" "Gateway and other Istio networking resources, such as in samples/multicluster/" - "istiocoredns.enabled" "the in-proxy DNS capturing (ISTIO_META_DNS_CAPTURE)" -}} -{{- range $dep, $replace := $deps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -WARNING: {{$dep|quote}} is deprecated; use {{$replace|quote}} instead. -{{- end }} -{{- end }} -{{- - $failDeps := dict - "telemetry.v2.prometheus.configOverride" - "telemetry.v2.stackdriver.configOverride" - "telemetry.v2.stackdriver.disableOutbound" - "telemetry.v2.stackdriver.outboundAccessLogging" - "global.tracer.stackdriver.debug" "meshConfig.defaultConfig.tracing.stackdriver.debug" - "global.tracer.stackdriver.maxNumberOfAttributes" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" - "global.tracer.stackdriver.maxNumberOfAnnotations" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" - "global.tracer.stackdriver.maxNumberOfMessageEvents" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" - "meshConfig.defaultConfig.tracing.stackdriver.debug" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" "Istio supported tracers" -}} -{{- range $dep, $replace := $failDeps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -{{fail (print $dep " is removed")}} -{{- end }} -{{- end }} -{{- if eq $.Values.global.pilotCertProvider "kubernetes" }} -{{- fail "pilotCertProvider=kubernetes is not supported" }} -{{- end }} \ No newline at end of file diff --git a/resources/v1.26.5/charts/istiod/templates/_helpers.tpl b/resources/v1.26.5/charts/istiod/templates/_helpers.tpl deleted file mode 100644 index 042c92538..000000000 --- a/resources/v1.26.5/charts/istiod/templates/_helpers.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* Default Prometheus is enabled if its enabled and there are no config overrides set */}} -{{ define "default-prometheus" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.prometheus.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. Default metrics are enabled if SD is enabled */}} -{{ define "default-sd-metrics" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. */}} -{{ define "default-sd-logs" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/autoscale.yaml b/resources/v1.26.5/charts/istiod/templates/autoscale.yaml deleted file mode 100644 index 09cd6258c..000000000 --- a/resources/v1.26.5/charts/istiod/templates/autoscale.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.cpu.targetAverageUtilization }} - {{- if .Values.memory.targetAverageUtilization }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.memory.targetAverageUtilization }} - {{- end }} - {{- if .Values.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaleBehavior | nindent 4 }} - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/clusterrole.yaml b/resources/v1.26.5/charts/istiod/templates/clusterrole.yaml deleted file mode 100644 index d4d79d00f..000000000 --- a/resources/v1.26.5/charts/istiod/templates/clusterrole.yaml +++ /dev/null @@ -1,206 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - # sidecar injection controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - # configuration validation webhook controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] - - # istio configuration - # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) - # please proceed with caution - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["get", "watch", "list"] - resources: ["*"] -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["update", "patch"] - resources: - - authorizationpolicies/status - - destinationrules/status - - envoyfilters/status - - gateways/status - - peerauthentications/status - - proxyconfigs/status - - requestauthentications/status - - serviceentries/status - - sidecars/status - - telemetries/status - - virtualservices/status - - wasmplugins/status - - workloadentries/status - - workloadgroups/status -{{- end }} - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries/status", "serviceentries/status" ] - - apiGroups: ["security.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "authorizationpolicies/status" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services/status" ] - - # auto-detect installed CRD definitions - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - # discovery and routing - - apiGroups: [""] - resources: ["pods", "nodes", "services", "namespaces", "endpoints"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - -{{- if .Values.taint.enabled }} - - apiGroups: [""] - resources: ["nodes"] - verbs: ["patch"] -{{- end }} - - # ingress controller -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] -{{- end}} - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses", "ingressclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] - - # required for CA's namespace controller - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - # Istiod and bootstrap. -{{- $omitCertProvidersForClusterRole := list "istiod" "custom" "none"}} -{{- if or .Values.env.EXTERNAL_CA (not (has .Values.global.pilotCertProvider $omitCertProvidersForClusterRole)) }} - - apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete", "watch"] - - apiGroups: ["certificates.k8s.io"] - resources: - - "signers" - resourceNames: -{{- range .Values.global.certSigners }} - - {{ . | quote }} -{{- end }} - verbs: ["approve"] -{{- end}} -{{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - - apiGroups: ["certificates.k8s.io"] - resources: ["clustertrustbundles"] - verbs: ["update", "create", "delete", "list", "watch", "get"] - - apiGroups: ["certificates.k8s.io"] - resources: ["signers"] - resourceNames: ["istio.io/istiod-ca"] - verbs: ["attest"] -{{- end }} - - # Used by Istiod to verify the JWT tokens - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - # Used by Istiod to verify gateway SDS - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] - - # Use for Kubernetes Service APIs - - apiGroups: ["gateway.networking.k8s.io", "gateway.networking.x-k8s.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] - - apiGroups: ["gateway.networking.x-k8s.io"] - resources: - - xbackendtrafficpolicies/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: - - backendtlspolicies/status - - gatewayclasses/status - - gateways/status - - grpcroutes/status - - httproutes/status - - referencegrants/status - - tcproutes/status - - tlsroutes/status - - udproutes/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: ["gatewayclasses"] - verbs: ["create", "update", "patch", "delete"] - - # Needed for multicluster secret reading, possibly ingress certs in the future - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] - - # Used for MCS serviceexport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: [ "get", "watch", "list", "create", "delete"] - - # Used for MCS serviceimport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "watch", "list"] ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: ["apps"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "deployments" ] - - apiGroups: ["autoscaling"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "horizontalpodautoscalers" ] - - apiGroups: ["policy"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "poddisruptionbudgets" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "serviceaccounts"] -{{- end }} -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.26.5/charts/istiod/templates/clusterrolebinding.yaml deleted file mode 100644 index 10781b407..000000000 --- a/resources/v1.26.5/charts/istiod/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.26.5/charts/istiod/templates/configmap-jwks.yaml deleted file mode 100644 index 3505d2822..000000000 --- a/resources/v1.26.5/charts/istiod/templates/configmap-jwks.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/configmap-values.yaml b/resources/v1.26.5/charts/istiod/templates/configmap-values.yaml deleted file mode 100644 index 75e6e0bcc..000000000 --- a/resources/v1.26.5/charts/istiod/templates/configmap-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: values{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - annotations: - kubernetes.io/description: This ConfigMap contains the Helm values used during chart rendering. This ConfigMap is rendered for debugging purposes and external tooling; modifying these values has no effect. - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - original-values: |- -{{ .Values._original | toPrettyJson | indent 4 }} -{{- $_ := unset $.Values "_original" }} - merged-values: |- -{{ .Values | toPrettyJson | indent 4 }} diff --git a/resources/v1.26.5/charts/istiod/templates/configmap.yaml b/resources/v1.26.5/charts/istiod/templates/configmap.yaml deleted file mode 100644 index 3098d300f..000000000 --- a/resources/v1.26.5/charts/istiod/templates/configmap.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- define "mesh" }} - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: "cluster.local" - - # The namespace to treat as the administrative root namespace for Istio configuration. - # When processing a leaf namespace Istio will search for declarations in that namespace first - # and if none are found it will search in the root namespace. Any matching declaration found in the root namespace - # is processed as if it were declared in the leaf namespace. - rootNamespace: {{ .Values.meshConfig.rootNamespace | default .Values.global.istioNamespace }} - - {{ $prom := include "default-prometheus" . | eq "true" }} - {{ $sdMetrics := include "default-sd-metrics" . | eq "true" }} - {{ $sdLogs := include "default-sd-logs" . | eq "true" }} - {{- if or $prom $sdMetrics $sdLogs }} - defaultProviders: - {{- if or $prom $sdMetrics }} - metrics: - {{ if $prom }}- prometheus{{ end }} - {{ if and $sdMetrics $sdLogs }}- stackdriver{{ end }} - {{- end }} - {{- if and $sdMetrics $sdLogs }} - accessLogging: - - stackdriver - {{- end }} - {{- end }} - - defaultConfig: - {{- if .Values.global.meshID }} - meshId: "{{ .Values.global.meshID }}" - {{- end }} - {{- with (.Values.global.proxy.variant | default .Values.global.variant) }} - image: - imageType: {{. | quote}} - {{- end }} - {{- if not (eq .Values.global.proxy.tracer "none") }} - tracing: - {{- if eq .Values.global.proxy.tracer "lightstep" }} - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - zipkin: - # Address of the Zipkin collector - address: {{ ((.Values.global.tracer).zipkin).address | default (print "zipkin." .Values.global.istioNamespace ":9411") }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - datadog: - # Address of the Datadog Agent - address: {{ ((.Values.global.tracer).datadog).address | default "$(HOST_IP):8126" }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - stackdriver: - # enables trace output to stdout. - debug: {{ (($.Values.global.tracer).stackdriver).debug | default "false" }} - # The global default max number of attributes per span. - maxNumberOfAttributes: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAttributes | default "200" }} - # The global default max number of annotation events per span. - maxNumberOfAnnotations: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAnnotations | default "200" }} - # The global default max number of message events per span. - maxNumberOfMessageEvents: {{ (($.Values.global.tracer).stackdriver).maxNumberOfMessageEvents | default "200" }} - {{- end }} - {{- end }} - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ printf "istiod.%s.svc" .Release.Namespace }}:15012 - {{- else }} - discoveryAddress: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{.Release.Namespace}}.svc:15012 - {{- end }} -{{- end }} - -{{/* We take the mesh config above, defined with individual values.yaml, and merge with .Values.meshConfig */}} -{{/* The intent here is that meshConfig.foo becomes the API, rather than re-inventing the API in values.yaml */}} -{{- $originalMesh := include "mesh" . | fromYaml }} -{{- $mesh := mergeOverwrite $originalMesh .Values.meshConfig }} - -{{- if .Values.configMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} - - mesh: |- -{{- if .Values.meshConfig }} -{{ $mesh | toYaml | indent 4 }} -{{- else }} -{{- include "mesh" . }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/deployment.yaml b/resources/v1.26.5/charts/istiod/templates/deployment.yaml deleted file mode 100644 index 73917d860..000000000 --- a/resources/v1.26.5/charts/istiod/templates/deployment.yaml +++ /dev/null @@ -1,304 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- range $key, $val := .Values.deploymentLabels }} - {{ $key }}: "{{ $val }}" -{{- end }} -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - {{- if ne .Values.revision "" }} - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - {{- else }} - istio: pilot - {{- end }} - template: - metadata: - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - sidecar.istio.io/inject: "false" - operator.istio.io/component: "Pilot" - {{- if ne .Values.revision "" }} - istio: istiod - {{- else }} - istio: pilot - {{- end }} - {{- range $key, $val := .Values.podLabels }} - {{ $key }}: "{{ $val }}" - {{- end }} - istio.io/dataplane-mode: none - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 8 }} - annotations: - prometheus.io/port: "15014" - prometheus.io/scrape: "true" - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- with .Values.affinity }} - affinity: -{{- toYaml . | nindent 8 }} -{{- end }} - tolerations: - - key: cni.istio.io/not-ready - operator: "Exists" -{{- with .Values.tolerations }} -{{- toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{- toYaml . | nindent 8 }} -{{- end }} - serviceAccountName: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- with .Values.initContainers }} - initContainers: - {{- tpl (toYaml .) $ | nindent 8 }} -{{- end }} - containers: - - name: discovery -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "pilot" }}:{{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}}" -{{- end }} -{{- if .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} -{{- end }} - args: - - "discovery" - - --monitoringAddr=:15014 -{{- if .Values.global.logging.level }} - - --log_output_level={{ .Values.global.logging.level }} -{{- end}} -{{- if .Values.global.logAsJson }} - - --log_as_json -{{- end }} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.taint.namespace }} - - --cniNamespace={{ .Values.taint.namespace }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" -{{- if .Values.extraContainerArgs }} - {{- with .Values.extraContainerArgs }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- end }} - ports: - - containerPort: 8080 - protocol: TCP - name: http-debug - - containerPort: 15010 - protocol: TCP - name: grpc-xds - - containerPort: 15012 - protocol: TCP - name: tls-xds - - containerPort: 15017 - protocol: TCP - name: https-webhooks - - containerPort: 15014 - protocol: TCP - name: http-monitoring - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 1 - periodSeconds: 3 - timeoutSeconds: 5 - env: - - name: REVISION - value: "{{ .Values.revision | default `default` }}" - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.serviceAccountName - - name: KUBECONFIG - value: /var/run/secrets/remote/config - # If you explicitly told us where ztunnel lives, use that. - # Otherwise, assume it lives in our namespace - # Also, check for an explicit ENV override (legacy approach) and prefer that - # if present - {{ $ztTrustedNS := or .Values.trustedZtunnelNamespace .Release.Namespace }} - {{ $ztTrustedName := or .Values.trustedZtunnelName "ztunnel" }} - {{- if not .Values.env.CA_TRUSTED_NODE_ACCOUNTS }} - - name: CA_TRUSTED_NODE_ACCOUNTS - value: "{{ $ztTrustedNS }}/{{ $ztTrustedName }}" - {{- end }} - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - {{- with .Values.envVarFrom }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} -# If externalIstiod is set via Values.Global, then enable the pilot env variable. However, if it's set via Values.pilot.env, then -# don't set it here to avoid duplication. -# TODO (nshankar13): Move from Helm chart to code: https://github.com/istio/istio/issues/52449 -{{- if and .Values.global.externalIstiod (not (and .Values.env .Values.env.EXTERNAL_ISTIOD)) }} - - name: EXTERNAL_ISTIOD - value: "{{ .Values.global.externalIstiod }}" -{{- end }} - - name: PILOT_ENABLE_ANALYSIS - value: "{{ .Values.global.istiod.enableAnalysis }}" - - name: CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - divisor: "1" - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - divisor: "1" - - name: PLATFORM - value: "{{ coalesce .Values.global.platform .Values.platform }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - volumeMounts: - - name: istio-token - mountPath: /var/run/secrets/tokens - readOnly: true - - name: local-certs - mountPath: /var/run/secrets/istio-dns - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - - name: istio-kubeconfig - mountPath: /var/run/secrets/remote - readOnly: true - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts - {{- end }} - - name: istio-csr-dns-cert - mountPath: /var/run/secrets/istiod/tls - readOnly: true - - name: istio-csr-ca-configmap - mountPath: /var/run/secrets/istiod/ca - readOnly: true - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 10 }} - {{- end }} - volumes: - # Technically not needed on this pod - but it helps debugging/testing SDS - # Should be removed after everything works. - - emptyDir: - medium: Memory - name: local-certs - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ .Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - # Optional: user-generated root - - name: cacerts - secret: - secretName: cacerts - optional: true - - name: istio-kubeconfig - secret: - secretName: istio-kubeconfig - optional: true - # Optional: istio-csr dns pilot certs - - name: istio-csr-dns-cert - secret: - secretName: istiod-tls - optional: true - - name: istio-csr-ca-configmap - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - optional: true - {{- else }} - configMap: - name: istio-ca-root-cert - defaultMode: 420 - optional: true - {{- end }} - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} - ---- -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.26.5/charts/istiod/templates/gateway-class-configmap.yaml deleted file mode 100644 index 6b23d716a..000000000 --- a/resources/v1.26.5/charts/istiod/templates/gateway-class-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ range $key, $value := .Values.gatewayClasses }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-{{ $.Values.revision | default "default" }}-gatewayclass-{{$key}} - namespace: {{ $.Release.Namespace }} - labels: - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - gateway.istio.io/defaults-for-class: {{$key|quote}} - {{- include "istio.labels" $ | nindent 4 }} -data: -{{ range $kind, $overlay := $value }} - {{$kind}}: | -{{$overlay|toYaml|trim|indent 4}} -{{ end }} ---- -{{ end }} diff --git a/resources/v1.26.5/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.26.5/charts/istiod/templates/istiod-injector-configmap.yaml deleted file mode 100644 index 171aff886..000000000 --- a/resources/v1.26.5/charts/istiod/templates/istiod-injector-configmap.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: -{{/* Scope the values to just top level fields used in the template, to reduce the size. */}} - values: |- -{{ $vals := pick .Values "global" "sidecarInjectorWebhook" "revision" -}} -{{ $pilotVals := pick .Values "cni" "env" -}} -{{ $vals = set $vals "pilot" $pilotVals -}} -{{ $gatewayVals := pick .Values.gateways "securityContext" "seccompProfile" -}} -{{ $vals = set $vals "gateways" $gatewayVals -}} -{{ $vals | toPrettyJson | indent 4 }} - - # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching - # and istiod webhook functionality. - # - # New fields should not use Values - it is a 'primary' config object, users should be able - # to fine tune it or use it with kube-inject. - config: |- - # defaultTemplates defines the default template to use for pods that do not explicitly specify a template - {{- if .Values.sidecarInjectorWebhook.defaultTemplates }} - defaultTemplates: -{{- range .Values.sidecarInjectorWebhook.defaultTemplates}} - - {{ . }} -{{- end }} - {{- else }} - defaultTemplates: [sidecar] - {{- end }} - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": {{ $val | quote }} - {{- end }} - {{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template - which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined". - This should make it obvious that their installation is broken. - */}} - template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }} - templates: -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }} - sidecar: | -{{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }} - gateway: | -{{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }} - grpc-simple: | -{{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }} - grpc-agent: | -{{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "waypoint") }} - waypoint: | -{{ .Files.Get "files/waypoint.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "kube-gateway") }} - kube-gateway: | -{{ .Files.Get "files/kube-gateway.yaml" | trim | indent 8 }} -{{- end }} -{{- with .Values.sidecarInjectorWebhook.templates }} -{{ toYaml . | trim | indent 6 }} -{{- end }} - -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.26.5/charts/istiod/templates/mutatingwebhook.yaml deleted file mode 100644 index 22160f70a..000000000 --- a/resources/v1.26.5/charts/istiod/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- /* Core defines the common configuration used by all webhook segments */}} -{{/* Copy just what we need to avoid expensive deepCopy */}} -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "caBundle" .Values.istiodRemote.injectionCABundle - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - {{- if .caBundle }} - caBundle: "{{ .caBundle }}" - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- /* Installed for each revision - not installed for cluster resources ( cluster roles, bindings, crds) */}} -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq .Release.Namespace "istio-system"}} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- else }} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -{{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- /* Set up the selectors. First section is for revision, rest is for "default" revision */}} - -{{- /* Case 1: namespace selector matches, and object doesn't disable */}} -{{- /* Note: if both revision and legacy selector, we give precedence to the legacy one */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: No namespace selector, but object selects our revision (and doesn't disable) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - -{{- /* Webhooks for default revision */}} -{{- if (eq .Values.revision "") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if .Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.26.5/charts/istiod/templates/poddisruptionbudget.yaml deleted file mode 100644 index 1eacf16e6..000000000 --- a/resources/v1.26.5/charts/istiod/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - istio: pilot - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - minAvailable: 1 - selector: - matchLabels: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - istio: pilot - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.26.5/charts/istiod/templates/reader-clusterrole.yaml deleted file mode 100644 index 4707c7e9f..000000000 --- a/resources/v1.26.5/charts/istiod/templates/reader-clusterrole.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: - - "config.istio.io" - - "security.istio.io" - - "networking.istio.io" - - "authentication.istio.io" - - "rbac.istio.io" - - "telemetry.istio.io" - - "extensions.istio.io" - resources: ["*"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - # TODO(keithmattix): See if we can conditionally give permission to read secrets and configmaps iff externalIstiod - # is enabled. Best I can tell, these two resources are only needed for configuring proxy TLS (i.e. CA certs). - resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets", "configmaps"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] - resources: ["gateways"] - verbs: ["get", "watch", "list"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] -{{- if .Values.istiodRemote.enabled }} - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] -{{- end}} diff --git a/resources/v1.26.5/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.26.5/charts/istiod/templates/reader-clusterrolebinding.yaml deleted file mode 100644 index aea9f01f7..000000000 --- a/resources/v1.26.5/charts/istiod/templates/reader-clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} diff --git a/resources/v1.26.5/charts/istiod/templates/remote-istiod-endpoints.yaml b/resources/v1.26.5/charts/istiod/templates/remote-istiod-endpoints.yaml deleted file mode 100644 index a6de571da..000000000 --- a/resources/v1.26.5/charts/istiod/templates/remote-istiod-endpoints.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.istiodRemote.enabled }} -# if the remotePilotAddress is an IP addr -{{- if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 15017 - name: tcp-webhook - protocol: TCP ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.26.5/charts/istiod/templates/remote-istiod-service.yaml deleted file mode 100644 index d3f872f74..000000000 --- a/resources/v1.26.5/charts/istiod/templates/remote-istiod-service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 443 - targetPort: 15017 - name: tcp-webhook - protocol: TCP - {{- if and .Values.global.remotePilotAddress (not (regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress)) }} - # if the remotePilotAddress is not an IP addr, we use ExternalName - type: ExternalName - externalName: {{ .Values.global.remotePilotAddress }} - {{- end }} -{{- if .Values.global.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy }} -{{- end }} -{{- if .Values.global.ipFamilies }} - ipFamilies: -{{- range .Values.global.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/revision-tags.yaml b/resources/v1.26.5/charts/istiod/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.5/charts/istiod/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/role.yaml b/resources/v1.26.5/charts/istiod/templates/role.yaml deleted file mode 100644 index 10d89e8d1..000000000 --- a/resources/v1.26.5/charts/istiod/templates/role.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: -# permissions to verify the webhook is ready and rejecting -# invalid config. We use --server-dry-run so no config is persisted. -- apiGroups: ["networking.istio.io"] - verbs: ["create"] - resources: ["gateways"] - -# For storing CA secret -- apiGroups: [""] - resources: ["secrets"] - # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config - verbs: ["create", "get", "watch", "list", "update", "delete"] - -# For status controller, so it can delete the distribution report configmap -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["delete"] - -# For gateway deployment controller -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "update", "patch", "create"] -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/rolebinding.yaml b/resources/v1.26.5/charts/istiod/templates/rolebinding.yaml deleted file mode 100644 index a42f4ec44..000000000 --- a/resources/v1.26.5/charts/istiod/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/service.yaml b/resources/v1.26.5/charts/istiod/templates/service.yaml deleted file mode 100644 index 30d5b8912..000000000 --- a/resources/v1.26.5/charts/istiod/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.serviceAnnotations }} - annotations: -{{ toYaml .Values.serviceAnnotations | indent 4 }} - {{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: istiod - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15010 - name: grpc-xds # plaintext - protocol: TCP - - port: 15012 - name: https-dns # mTLS with k8s-signed cert - protocol: TCP - - port: 443 - name: https-webhook # validation and injection - targetPort: 15017 - protocol: TCP - - port: 15014 - name: http-monitoring # prometheus stats - protocol: TCP - selector: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - # Label used by the 'default' service. For versioned deployments we match with app and version. - # This avoids default deployment picking the canary - istio: pilot - {{- end }} - {{- if .Values.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.ipFamilyPolicy }} - {{- end }} - {{- if .Values.ipFamilies }} - ipFamilies: - {{- range .Values.ipFamilies }} - - {{ . }} - {{- end }} - {{- end }} ---- -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/serviceaccount.yaml b/resources/v1.26.5/charts/istiod/templates/serviceaccount.yaml deleted file mode 100644 index a673a4d07..000000000 --- a/resources/v1.26.5/charts/istiod/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} - {{- if .Values.serviceAccountAnnotations }} - annotations: -{{- toYaml .Values.serviceAccountAnnotations | nindent 4 }} - {{- end }} -{{- end }} ---- diff --git a/resources/v1.26.5/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.26.5/charts/istiod/templates/validatingadmissionpolicy.yaml deleted file mode 100644 index d36eef68e..000000000 --- a/resources/v1.26.5/charts/istiod/templates/validatingadmissionpolicy.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.experimental.stableValidationPolicy }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-policy-binding{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" -spec: - policyName: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - validationActions: [Deny] -{{- end }} -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.26.5/charts/istiod/templates/validatingwebhookconfiguration.yaml deleted file mode 100644 index fb28836a0..000000000 --- a/resources/v1.26.5/charts/istiod/templates/validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.global.configValidation }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-validator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - # Webhook handling per-revision validation. Mostly here so we can determine whether webhooks - # are rejecting invalid configs on a per-revision basis. - - name: rev.validation.istio.io - clientConfig: - # Should change from base but cannot for API compat - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.5/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.26.5/charts/istiod/templates/zzy_descope_legacy.yaml deleted file mode 100644 index ae8fced29..000000000 --- a/resources/v1.26.5/charts/istiod/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.pilot` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "pilot") }} \ No newline at end of file diff --git a/resources/v1.26.5/charts/istiod/templates/zzz_profile.yaml b/resources/v1.26.5/charts/istiod/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.5/charts/istiod/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.5/charts/istiod/values.yaml b/resources/v1.26.5/charts/istiod/values.yaml deleted file mode 100644 index d920010ec..000000000 --- a/resources/v1.26.5/charts/istiod/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.5 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.5/charts/revisiontags/Chart.yaml b/resources/v1.26.5/charts/revisiontags/Chart.yaml deleted file mode 100644 index 79521f5b3..000000000 --- a/resources/v1.26.5/charts/revisiontags/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.5 -description: Helm chart for istio revision tags -name: revisiontags -sources: -- https://github.com/istio-ecosystem/sail-operator -version: 0.1.0 - diff --git a/resources/v1.26.5/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.26.5/charts/revisiontags/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.5/charts/revisiontags/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.5/charts/revisiontags/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.5/charts/revisiontags/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.5/charts/revisiontags/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/revisiontags/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.5/charts/revisiontags/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.5/charts/revisiontags/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.5/charts/revisiontags/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.5/charts/revisiontags/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/revisiontags/files/profile-demo.yaml b/resources/v1.26.5/charts/revisiontags/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.5/charts/revisiontags/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.5/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.26.5/charts/revisiontags/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.5/charts/revisiontags/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.5/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.26.5/charts/revisiontags/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.5/charts/revisiontags/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.5/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.26.5/charts/revisiontags/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.5/charts/revisiontags/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.5/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.26.5/charts/revisiontags/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.5/charts/revisiontags/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.5/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.26.5/charts/revisiontags/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.5/charts/revisiontags/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.5/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.26.5/charts/revisiontags/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.5/charts/revisiontags/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.5/charts/revisiontags/files/profile-preview.yaml b/resources/v1.26.5/charts/revisiontags/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.5/charts/revisiontags/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.5/charts/revisiontags/files/profile-remote.yaml b/resources/v1.26.5/charts/revisiontags/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.5/charts/revisiontags/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.5/charts/revisiontags/files/profile-stable.yaml b/resources/v1.26.5/charts/revisiontags/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.5/charts/revisiontags/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.5/charts/revisiontags/templates/revision-tags.yaml b/resources/v1.26.5/charts/revisiontags/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.5/charts/revisiontags/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.5/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.26.5/charts/revisiontags/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.5/charts/revisiontags/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.5/charts/revisiontags/values.yaml b/resources/v1.26.5/charts/revisiontags/values.yaml deleted file mode 100644 index d920010ec..000000000 --- a/resources/v1.26.5/charts/revisiontags/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.5 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.5/charts/ztunnel/Chart.yaml b/resources/v1.26.5/charts/ztunnel/Chart.yaml deleted file mode 100644 index e88d7c36c..000000000 --- a/resources/v1.26.5/charts/ztunnel/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.5 -description: Helm chart for istio ztunnel components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-ztunnel -- istio -name: ztunnel -sources: -- https://github.com/istio/istio -version: 1.26.5 diff --git a/resources/v1.26.5/charts/ztunnel/README.md b/resources/v1.26.5/charts/ztunnel/README.md deleted file mode 100644 index ffe0b94fe..000000000 --- a/resources/v1.26.5/charts/ztunnel/README.md +++ /dev/null @@ -1,50 +0,0 @@ -# Istio Ztunnel Helm Chart - -This chart installs an Istio ztunnel. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart: - -```console -helm install ztunnel istio/ztunnel -``` - -## Uninstalling the Chart - -To uninstall/delete the chart: - -```console -helm delete ztunnel -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/ztunnel -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.5/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.26.5/charts/ztunnel/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.5/charts/ztunnel/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.5/charts/ztunnel/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.5/charts/ztunnel/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.5/charts/ztunnel/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/ztunnel/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.5/charts/ztunnel/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.5/charts/ztunnel/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.5/charts/ztunnel/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.5/charts/ztunnel/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.5/charts/ztunnel/files/profile-demo.yaml b/resources/v1.26.5/charts/ztunnel/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.5/charts/ztunnel/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.5/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.26.5/charts/ztunnel/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.5/charts/ztunnel/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.5/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.26.5/charts/ztunnel/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.5/charts/ztunnel/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.5/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.26.5/charts/ztunnel/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.5/charts/ztunnel/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.5/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.26.5/charts/ztunnel/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.5/charts/ztunnel/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.5/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.26.5/charts/ztunnel/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.5/charts/ztunnel/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.5/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.26.5/charts/ztunnel/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.5/charts/ztunnel/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.5/charts/ztunnel/files/profile-preview.yaml b/resources/v1.26.5/charts/ztunnel/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.5/charts/ztunnel/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.5/charts/ztunnel/files/profile-remote.yaml b/resources/v1.26.5/charts/ztunnel/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.5/charts/ztunnel/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.5/charts/ztunnel/files/profile-stable.yaml b/resources/v1.26.5/charts/ztunnel/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.5/charts/ztunnel/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.5/charts/ztunnel/templates/NOTES.txt b/resources/v1.26.5/charts/ztunnel/templates/NOTES.txt deleted file mode 100644 index 244f59db0..000000000 --- a/resources/v1.26.5/charts/ztunnel/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -ztunnel successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.5/charts/ztunnel/templates/_helpers.tpl b/resources/v1.26.5/charts/ztunnel/templates/_helpers.tpl deleted file mode 100644 index 46a7a0b79..000000000 --- a/resources/v1.26.5/charts/ztunnel/templates/_helpers.tpl +++ /dev/null @@ -1 +0,0 @@ -{{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }} diff --git a/resources/v1.26.5/charts/ztunnel/templates/daemonset.yaml b/resources/v1.26.5/charts/ztunnel/templates/daemonset.yaml deleted file mode 100644 index 720970c97..000000000 --- a/resources/v1.26.5/charts/ztunnel/templates/daemonset.yaml +++ /dev/null @@ -1,205 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -spec: - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - app: ztunnel - template: - metadata: - labels: - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app: ztunnel - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 8}} -{{ with .Values.podLabels -}}{{ toYaml . | indent 8 }}{{ end }} - annotations: - sidecar.istio.io/inject: "false" -{{- if .Values.revision }} - istio.io/rev: {{ .Values.revision }} -{{- end }} -{{ with .Values.podAnnotations -}}{{ toYaml . | indent 8 }}{{ end }} - spec: - nodeSelector: - kubernetes.io/os: linux -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | trim | indent 8 }} -{{- end }} - serviceAccountName: {{ include "ztunnel.release-name" . }} - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - containers: - - name: istio-proxy -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub }}/{{ .Values.image | default "ztunnel" }}:{{ .Values.tag }}{{with (.Values.variant )}}-{{.}}{{end}}" -{{- end }} - ports: - - containerPort: 15020 - name: ztunnel-stats - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 10 }} -{{- end }} -{{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} -{{- end }} - securityContext: - # K8S docs are clear that CAP_SYS_ADMIN *or* privileged: true - # both force this to `true`: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - # But there is a K8S validation bug that doesn't propery catch this: https://github.com/kubernetes/kubernetes/issues/119568 - allowPrivilegeEscalation: true - privileged: false - capabilities: - drop: - - ALL - add: # See https://man7.org/linux/man-pages/man7/capabilities.7.html - - NET_ADMIN # Required for TPROXY and setsockopt - - SYS_ADMIN # Required for `setns` - doing things in other netns - - NET_RAW # Required for RAW/PACKET sockets, TPROXY - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: false - runAsUser: 0 -{{- if .Values.seLinuxOptions }} - seLinuxOptions: -{{ toYaml .Values.seLinuxOptions | trim | indent 12 }} -{{- end }} - readinessProbe: - httpGet: - port: 15021 - path: /healthz/ready - args: - - proxy - - ztunnel - env: - - name: CA_ADDRESS - {{- if .Values.caAddress }} - value: {{ .Values.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - - name: XDS_ADDRESS - {{- if .Values.xdsAddress }} - value: {{ .Values.xdsAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - {{- if .Values.logAsJson }} - - name: LOG_FORMAT - value: json - {{- end}} - - name: RUST_LOG - value: {{ .Values.logLevel | quote }} - - name: RUST_BACKTRACE - value: "1" - - name: ISTIO_META_CLUSTER_ID - value: {{ .Values.multiCluster.clusterName | default "Kubernetes" }} - - name: INPOD_ENABLED - value: "true" - - name: TERMINATION_GRACE_PERIOD_SECONDS - value: "{{ .Values.terminationGracePeriodSeconds }}" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.meshConfig.defaultConfig.proxyMetadata }} - {{- range $key, $value := .Values.meshConfig.defaultConfig.proxyMetadata}} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- with .Values.env }} - {{- range $key, $val := . }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - volumeMounts: - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - - mountPath: /tmp - name: tmp - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 8 }} - {{- end }} - priorityClassName: system-node-critical - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - volumes: - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: istio-ca - - name: istiod-ca-cert - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate # ideally this would be a socket, but istio-cni may not have started yet. - # pprof needs a writable /tmp, and we don't have that thanks to `readOnlyRootFilesystem: true`, so mount one - - name: tmp - emptyDir: {} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} diff --git a/resources/v1.26.5/charts/ztunnel/templates/rbac.yaml b/resources/v1.26.5/charts/ztunnel/templates/rbac.yaml deleted file mode 100644 index 0a8138c9a..000000000 --- a/resources/v1.26.5/charts/ztunnel/templates/rbac.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount - {{- with .Values.imagePullSecrets }} -imagePullSecrets: - {{- range . }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} ---- -{{- if (eq (.Values.platform | default "") "openshift") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ztunnel.release-name" . }} -subjects: -- kind: ServiceAccount - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} -{{- end }} ---- diff --git a/resources/v1.26.5/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.26.5/charts/ztunnel/templates/resourcequota.yaml deleted file mode 100644 index a1c0e5496..000000000 --- a/resources/v1.26.5/charts/ztunnel/templates/resourcequota.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.5/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.26.5/charts/ztunnel/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.5/charts/ztunnel/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.5/charts/ztunnel/values.yaml b/resources/v1.26.5/charts/ztunnel/values.yaml deleted file mode 100644 index 10b86fe72..000000000 --- a/resources/v1.26.5/charts/ztunnel/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Hub to pull from. Image will be `Hub/Image:Tag-Variant` - hub: gcr.io/istio-release - # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.26.5 - # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. - variant: "" - - # Image name to pull from. Image will be `Hub/Image:Tag-Variant` - # If Image contains a "/", it will replace the entire `image` in the pod. - image: ztunnel - - # resourceName, if set, will override the naming of resources. If not set, will default to 'ztunnel'. - # If you set this, you MUST also set `trustedZtunnelName` in the `istiod` chart. - resourceName: "" - - # Labels to apply to all top level resources - labels: {} - # Annotations to apply to all top level resources - annotations: {} - - # Additional volumeMounts to the ztunnel container - volumeMounts: [] - - # Additional volumes to the ztunnel pod - volumes: [] - - # Annotations added to each pod. The default annotations are required for scraping prometheus (in most environments). - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - - # Additional labels to apply on the pod level - podLabels: {} - - # Pod resource configuration - resources: - requests: - cpu: 200m - # Ztunnel memory scales with the size of the cluster and traffic load - # While there are many factors, this is enough for ~200k pod cluster or 100k concurrently open connections. - memory: 512Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # List of secret names to add to the service account as image pull secrets - imagePullSecrets: [] - - # A `key: value` mapping of environment variables to add to the pod - env: {} - - # Override for the pod imagePullPolicy - imagePullPolicy: "" - - # Settings for multicluster - multiCluster: - # The name of the cluster we are installing in. Note this is a user-defined name, which must be consistent - # with Istiod configuration. - clusterName: "" - - # meshConfig defines runtime configuration of components. - # For ztunnel, only defaultConfig is used, but this is nested under `meshConfig` for consistency with other - # components. - # TODO: https://github.com/istio/istio/issues/43248 - meshConfig: - defaultConfig: - proxyMetadata: {} - - # This value defines: - # 1. how many seconds kube waits for ztunnel pod to gracefully exit before forcibly terminating it (this value) - # 2. how many seconds ztunnel waits to drain its own connections (this value - 1 sec) - # Default K8S value is 30 seconds - terminationGracePeriodSeconds: 30 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set explicitly. - revision: "" - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - caAddress: "" - - # The customized XDS address to retrieve configuration. - # This should include the port - 15012 for Istiod. TLS will be used with the certificates in "istiod-ca-cert" secret. - # By default, it is istiod.istio-system.svc:15012 if revision is not set, or istiod-..svc:15012 - xdsAddress: "" - - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set. - istioNamespace: istio-system - - # Configuration log level of ztunnel binary, default is info. - # Valid values are: trace, debug, info, warn, error - logLevel: info - - # To output all logs in json format - logAsJson: false - - # Set to `type: RuntimeDefault` to use the default profile if available. - seLinuxOptions: {} - # TODO Ambient inpod - for OpenShift, set to the following to get writable sockets in hostmounts to work, eventually consider CSI driver instead - #seLinuxOptions: - # type: spc_t - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 diff --git a/resources/v1.26.5/cni-1.26.5.tgz.etag b/resources/v1.26.5/cni-1.26.5.tgz.etag deleted file mode 100644 index ca9ea4df2..000000000 --- a/resources/v1.26.5/cni-1.26.5.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -2380f90e769c09ac48696d669f5faf9b diff --git a/resources/v1.26.5/commit b/resources/v1.26.5/commit deleted file mode 100644 index 8fe00a57f..000000000 --- a/resources/v1.26.5/commit +++ /dev/null @@ -1 +0,0 @@ -1.26.5 diff --git a/resources/v1.26.5/gateway-1.26.5.tgz.etag b/resources/v1.26.5/gateway-1.26.5.tgz.etag deleted file mode 100644 index 64a5a87a1..000000000 --- a/resources/v1.26.5/gateway-1.26.5.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -8408b19fb295e218beeb16e15fd9860a diff --git a/resources/v1.26.5/istiod-1.26.5.tgz.etag b/resources/v1.26.5/istiod-1.26.5.tgz.etag deleted file mode 100644 index 310bd18dc..000000000 --- a/resources/v1.26.5/istiod-1.26.5.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -055c1de6a6f1e674051456be9525e7fe diff --git a/resources/v1.26.5/profiles/ambient.yaml b/resources/v1.26.5/profiles/ambient.yaml deleted file mode 100644 index 71ea784a8..000000000 --- a/resources/v1.26.5/profiles/ambient.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient diff --git a/resources/v1.26.5/profiles/default.yaml b/resources/v1.26.5/profiles/default.yaml deleted file mode 100644 index 8f1ef1967..000000000 --- a/resources/v1.26.5/profiles/default.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - # Most default values come from the helm chart's values.yaml - # Below are the things that differ - values: - defaultRevision: "" - global: - istioNamespace: istio-system - configValidation: true - ztunnel: - resourceName: ztunnel diff --git a/resources/v1.26.5/profiles/demo.yaml b/resources/v1.26.5/profiles/demo.yaml deleted file mode 100644 index 53c4b4163..000000000 --- a/resources/v1.26.5/profiles/demo.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: demo diff --git a/resources/v1.26.5/profiles/empty.yaml b/resources/v1.26.5/profiles/empty.yaml deleted file mode 100644 index 4477cb1fe..000000000 --- a/resources/v1.26.5/profiles/empty.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# The empty profile has everything disabled -# This is useful as a base for custom user configuration -apiVersion: sailoperator.io/v1 -kind: Istio -spec: {} diff --git a/resources/v1.26.5/profiles/openshift-ambient.yaml b/resources/v1.26.5/profiles/openshift-ambient.yaml deleted file mode 100644 index 76edf00cd..000000000 --- a/resources/v1.26.5/profiles/openshift-ambient.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient - global: - platform: openshift diff --git a/resources/v1.26.5/profiles/openshift.yaml b/resources/v1.26.5/profiles/openshift.yaml deleted file mode 100644 index 41492660f..000000000 --- a/resources/v1.26.5/profiles/openshift.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - global: - platform: openshift diff --git a/resources/v1.26.5/profiles/preview.yaml b/resources/v1.26.5/profiles/preview.yaml deleted file mode 100644 index 59d545c84..000000000 --- a/resources/v1.26.5/profiles/preview.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: preview diff --git a/resources/v1.26.5/profiles/remote.yaml b/resources/v1.26.5/profiles/remote.yaml deleted file mode 100644 index 54c65c8ba..000000000 --- a/resources/v1.26.5/profiles/remote.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The remote profile is used to configure a mesh cluster without a locally deployed control plane. -# Only the injector mutating webhook configuration is installed. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: remote diff --git a/resources/v1.26.5/profiles/stable.yaml b/resources/v1.26.5/profiles/stable.yaml deleted file mode 100644 index 285feba24..000000000 --- a/resources/v1.26.5/profiles/stable.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: stable diff --git a/resources/v1.26.5/ztunnel-1.26.5.tgz.etag b/resources/v1.26.5/ztunnel-1.26.5.tgz.etag deleted file mode 100644 index 37d19e1bb..000000000 --- a/resources/v1.26.5/ztunnel-1.26.5.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -03e45a84d653c2a3d804043379438f07 diff --git a/resources/v1.26.6/base-1.26.6.tgz.etag b/resources/v1.26.6/base-1.26.6.tgz.etag deleted file mode 100644 index 39e2e584a..000000000 --- a/resources/v1.26.6/base-1.26.6.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -e07791e14063cfedd0ee61203d6406ec diff --git a/resources/v1.26.6/charts/base/Chart.yaml b/resources/v1.26.6/charts/base/Chart.yaml deleted file mode 100644 index ea428a19c..000000000 --- a/resources/v1.26.6/charts/base/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.6 -description: Helm chart for deploying Istio cluster resources and CRDs -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -name: base -sources: -- https://github.com/istio/istio -version: 1.26.6 diff --git a/resources/v1.26.6/charts/base/README.md b/resources/v1.26.6/charts/base/README.md deleted file mode 100644 index ae8f6d5b0..000000000 --- a/resources/v1.26.6/charts/base/README.md +++ /dev/null @@ -1,35 +0,0 @@ -# Istio base Helm Chart - -This chart installs resources shared by all Istio revisions. This includes Istio CRDs. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-base`: - -```console -kubectl create namespace istio-system -helm install istio-base istio/base -n istio-system -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.6/charts/base/files/profile-ambient.yaml b/resources/v1.26.6/charts/base/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.6/charts/base/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.6/charts/base/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.6/charts/base/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.6/charts/base/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/base/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.6/charts/base/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.6/charts/base/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.6/charts/base/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.6/charts/base/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/base/files/profile-demo.yaml b/resources/v1.26.6/charts/base/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.6/charts/base/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.6/charts/base/files/profile-platform-gke.yaml b/resources/v1.26.6/charts/base/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.6/charts/base/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.6/charts/base/files/profile-platform-k3d.yaml b/resources/v1.26.6/charts/base/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.6/charts/base/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.6/charts/base/files/profile-platform-k3s.yaml b/resources/v1.26.6/charts/base/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.6/charts/base/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.6/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.26.6/charts/base/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.6/charts/base/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.6/charts/base/files/profile-platform-minikube.yaml b/resources/v1.26.6/charts/base/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.6/charts/base/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.6/charts/base/files/profile-platform-openshift.yaml b/resources/v1.26.6/charts/base/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.6/charts/base/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.6/charts/base/files/profile-preview.yaml b/resources/v1.26.6/charts/base/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.6/charts/base/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.6/charts/base/files/profile-remote.yaml b/resources/v1.26.6/charts/base/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.6/charts/base/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.6/charts/base/files/profile-stable.yaml b/resources/v1.26.6/charts/base/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.6/charts/base/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.6/charts/base/templates/NOTES.txt b/resources/v1.26.6/charts/base/templates/NOTES.txt deleted file mode 100644 index f12616f57..000000000 --- a/resources/v1.26.6/charts/base/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -Istio base successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.6/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.26.6/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml deleted file mode 100644 index 2616b09c9..000000000 --- a/resources/v1.26.6/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if and .Values.experimental.stableValidationPolicy (not (eq .Values.defaultRevision "")) }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-default-policy.istio.io" - labels: - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision }} - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-default-policy-binding.istio.io" -spec: - policyName: "stable-channel-default-policy.istio.io" - validationActions: [Deny] -{{- end }} diff --git a/resources/v1.26.6/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.26.6/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml deleted file mode 100644 index 8cb76fd77..000000000 --- a/resources/v1.26.6/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if not (eq .Values.defaultRevision "") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istiod-default-validator - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - - name: validation.istio.io - clientConfig: - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - {{- if (eq .Values.defaultRevision "default") }} - name: istiod - {{- else }} - name: istiod-{{ .Values.defaultRevision }} - {{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] -{{- end }} diff --git a/resources/v1.26.6/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.26.6/charts/base/templates/reader-serviceaccount.yaml deleted file mode 100644 index ba829a6bf..000000000 --- a/resources/v1.26.6/charts/base/templates/reader-serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# This singleton service account aggregates reader permissions for the revisions in a given cluster -# ATM this is a singleton per cluster with Istio installed, and is not revisioned. It maybe should be, -# as otherwise compromising the token for this SA would give you access to *every* installed revision. -# Should be used for remote secret creation. -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.6/charts/base/templates/zzz_profile.yaml b/resources/v1.26.6/charts/base/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.6/charts/base/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.6/charts/base/values.yaml b/resources/v1.26.6/charts/base/values.yaml deleted file mode 100644 index d18296f00..000000000 --- a/resources/v1.26.6/charts/base/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - global: - - # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - - # Used to locate istiod. - istioNamespace: istio-system - base: - # A list of CRDs to exclude. Requires `enableCRDTemplates` to be true. - # Example: `excludedCRDs: ["envoyfilters.networking.istio.io"]`. - # Note: when installing with `istioctl`, `enableIstioConfigCRDs=false` must also be set. - excludedCRDs: [] - # Helm (as of V3) does not support upgrading CRDs, because it is not universally - # safe for them to support this. - # Istio as a project enforces certain backwards-compat guarantees that allow us - # to safely upgrade CRDs in spite of this, so we default to self-managing CRDs - # as standard K8S resources in Helm, and disable Helm's CRD management. See also: - # https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts - enableCRDTemplates: true - - # Validation webhook configuration url - # For example: https://$remotePilotAddress:15017/validate - validationURL: "" - # Validation webhook caBundle value. Useful when running pilot with a well known cert - validationCABundle: "" - - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - defaultRevision: "default" - experimental: - stableValidationPolicy: false diff --git a/resources/v1.26.6/charts/cni/Chart.yaml b/resources/v1.26.6/charts/cni/Chart.yaml deleted file mode 100644 index 3c84bd2d2..000000000 --- a/resources/v1.26.6/charts/cni/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.6 -description: Helm chart for istio-cni components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-cni -- istio -name: cni -sources: -- https://github.com/istio/istio -version: 1.26.6 diff --git a/resources/v1.26.6/charts/cni/README.md b/resources/v1.26.6/charts/cni/README.md deleted file mode 100644 index a8b78d5bd..000000000 --- a/resources/v1.26.6/charts/cni/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# Istio CNI Helm Chart - -This chart installs the Istio CNI Plugin. See the [CNI installation guide](https://istio.io/latest/docs/setup/additional-setup/cni/) -for more information. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-cni`: - -```console -helm install istio-cni istio/cni -n kube-system -``` - -Installation in `kube-system` is recommended to ensure the [`system-node-critical`](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) -`priorityClassName` can be used. You can install in other namespace only on K8S clusters that allow -'system-node-critical' outside of kube-system. - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istio-cni -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Ambient - -To enable ambient, you can use the ambient profile: `--set profile=ambient`. - -#### Calico - -For Calico, you must also modify the settings to allow source spoofing: - -- if deployed by operator, `kubectl patch felixconfigurations default --type='json' -p='[{"op": "add", "path": "/spec/workloadSourceSpoofing", "value": "Any"}]'` -- if deployed by manifest, add env `FELIX_WORKLOADSOURCESPOOFING` with value `Any` in `spec.template.spec.containers.env` for daemonset `calico-node`. (This will allow PODs with specified annotation to skip the rpf check. ) - -### GKE notes - -On GKE, 'kube-system' is required. - -If using `helm template`, `--set cni.cniBinDir=/home/kubernetes/bin` is required - with `helm install` -it is auto-detected. diff --git a/resources/v1.26.6/charts/cni/files/profile-ambient.yaml b/resources/v1.26.6/charts/cni/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.6/charts/cni/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.6/charts/cni/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.6/charts/cni/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.6/charts/cni/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/cni/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.6/charts/cni/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.6/charts/cni/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.6/charts/cni/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.6/charts/cni/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/cni/files/profile-demo.yaml b/resources/v1.26.6/charts/cni/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.6/charts/cni/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.6/charts/cni/files/profile-platform-gke.yaml b/resources/v1.26.6/charts/cni/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.6/charts/cni/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.6/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.26.6/charts/cni/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.6/charts/cni/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.6/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.26.6/charts/cni/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.6/charts/cni/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.6/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.26.6/charts/cni/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.6/charts/cni/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.6/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.26.6/charts/cni/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.6/charts/cni/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.6/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.26.6/charts/cni/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.6/charts/cni/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.6/charts/cni/files/profile-preview.yaml b/resources/v1.26.6/charts/cni/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.6/charts/cni/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.6/charts/cni/files/profile-remote.yaml b/resources/v1.26.6/charts/cni/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.6/charts/cni/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.6/charts/cni/files/profile-stable.yaml b/resources/v1.26.6/charts/cni/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.6/charts/cni/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.6/charts/cni/templates/NOTES.txt b/resources/v1.26.6/charts/cni/templates/NOTES.txt deleted file mode 100644 index fb35525b9..000000000 --- a/resources/v1.26.6/charts/cni/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -"{{ .Release.Name }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.6/charts/cni/templates/_helpers.tpl b/resources/v1.26.6/charts/cni/templates/_helpers.tpl deleted file mode 100644 index 73cc17b2f..000000000 --- a/resources/v1.26.6/charts/cni/templates/_helpers.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{- define "name" -}} - istio-cni -{{- end }} - - -{{- define "istio-tag" -}} - {{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}} -{{- end }} diff --git a/resources/v1.26.6/charts/cni/templates/clusterrole.yaml b/resources/v1.26.6/charts/cni/templates/clusterrole.yaml deleted file mode 100644 index 1779e0bb1..000000000 --- a/resources/v1.26.6/charts/cni/templates/clusterrole.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -- apiGroups: [""] - resources: ["pods","nodes","namespaces"] - verbs: ["get", "list", "watch"] -{{- if (eq ((coalesce .Values.platform .Values.global.platform) | default "") "openshift") }} -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -{{- end }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-repair-role - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["watch", "get", "list"] -{{- if .Values.repair.repairPods }} -{{- /* No privileges needed*/}} -{{- else if .Values.repair.deletePods }} - - apiGroups: [""] - resources: ["pods"] - verbs: ["delete"] -{{- else if .Values.repair.labelPods }} - - apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -{{- end }} -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-ambient - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -- apiGroups: ["apps"] - resources: ["daemonsets"] - resourceNames: ["{{ template "name" . }}-node"] - verbs: ["get"] -{{- end }} diff --git a/resources/v1.26.6/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.26.6/charts/cni/templates/clusterrolebinding.yaml deleted file mode 100644 index 42fedab1f..000000000 --- a/resources/v1.26.6/charts/cni/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-repair-rolebinding - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-repair-role -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-ambient - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-ambient -{{- end }} diff --git a/resources/v1.26.6/charts/cni/templates/configmap-cni.yaml b/resources/v1.26.6/charts/cni/templates/configmap-cni.yaml deleted file mode 100644 index 3deb2cb5a..000000000 --- a/resources/v1.26.6/charts/cni/templates/configmap-cni.yaml +++ /dev/null @@ -1,35 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "name" . }}-config - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -data: - CURRENT_AGENT_VERSION: {{ .Values.tag | default .Values.global.tag | quote }} - AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} - AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | quote }} - AMBIENT_IPV6: {{ .Values.ambient.ipv6 | quote }} - AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | quote }} - {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values - CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. - {{- end }} - CHAINED_CNI_PLUGIN: {{ .Values.chained | quote }} - EXCLUDE_NAMESPACES: "{{ range $idx, $ns := .Values.excludeNamespaces }}{{ if $idx }},{{ end }}{{ $ns }}{{ end }}" - REPAIR_ENABLED: {{ .Values.repair.enabled | quote }} - REPAIR_LABEL_PODS: {{ .Values.repair.labelPods | quote }} - REPAIR_DELETE_PODS: {{ .Values.repair.deletePods | quote }} - REPAIR_REPAIR_PODS: {{ .Values.repair.repairPods | quote }} - REPAIR_INIT_CONTAINER_NAME: {{ .Values.repair.initContainerName | quote }} - REPAIR_BROKEN_POD_LABEL_KEY: {{ .Values.repair.brokenPodLabelKey | quote }} - REPAIR_BROKEN_POD_LABEL_VALUE: {{ .Values.repair.brokenPodLabelValue | quote }} - {{- with .Values.env }} - {{- range $key, $val := . }} - {{ $key }}: "{{ $val }}" - {{- end }} - {{- end }} diff --git a/resources/v1.26.6/charts/cni/templates/daemonset.yaml b/resources/v1.26.6/charts/cni/templates/daemonset.yaml deleted file mode 100644 index cdccd3654..000000000 --- a/resources/v1.26.6/charts/cni/templates/daemonset.yaml +++ /dev/null @@ -1,245 +0,0 @@ -# This manifest installs the Istio install-cni container, as well -# as the Istio CNI plugin and config on -# each master and worker node in a Kubernetes cluster. -# -# $detectedBinDir exists to support a GKE-specific platform override, -# and is deprecated in favor of using the explicit `gke` platform profile. -{{- $detectedBinDir := (.Capabilities.KubeVersion.GitVersion | contains "-gke") | ternary - "/home/kubernetes/bin" - "/opt/cni/bin" -}} -{{- if .Values.cniBinDir }} -{{ $detectedBinDir = .Values.cniBinDir }} -{{- end }} -kind: DaemonSet -apiVersion: apps/v1 -metadata: - # Note that this is templated but evaluates to a fixed name - # which the CNI plugin may fall back onto in some failsafe scenarios. - # if this name is changed, CNI plugin logic that checks for this name - # format should also be updated. - name: {{ template "name" . }}-node - namespace: {{ .Release.Namespace }} - labels: - k8s-app: {{ template "name" . }}-node - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - k8s-app: {{ template "name" . }}-node - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - k8s-app: {{ template "name" . }}-node - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 8 }} - annotations: - sidecar.istio.io/inject: "false" - # Add Prometheus Scrape annotations - prometheus.io/scrape: 'true' - prometheus.io/port: "15014" - prometheus.io/path: '/metrics' - # Add AppArmor annotation - # This is required to avoid conflicts with AppArmor profiles which block certain - # privileged pod capabilities. - # Required for Kubernetes 1.29 which does not support setting appArmorProfile in the - # securityContext which is otherwise preferred. - container.apparmor.security.beta.kubernetes.io/install-cni: unconfined - # Custom annotations - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet -{{- end }} - nodeSelector: - kubernetes.io/os: linux - # Can be configured to allow for excluding istio-cni from being scheduled on specified nodes - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - tolerations: - # Make sure istio-cni-node gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: {{ template "name" . }} - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 5 - containers: - # This container installs the Istio CNI binaries - # and CNI network config file on each node. - - name: install-cni -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "install-cni" }}:{{ template "istio-tag" . }}" -{{- end }} -{{- if or .Values.pullPolicy .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.imagePullPolicy }} -{{- end }} - ports: - - containerPort: 15014 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8000 - securityContext: - privileged: false - runAsGroup: 0 - runAsUser: 0 - runAsNonRoot: false - # Both ambient and sidecar repair mode require elevated node privileges to function. - # But we don't need _everything_ in `privileged`, so explicitly set it to false and - # add capabilities based on feature. - capabilities: - drop: - - ALL - add: - # CAP_NET_ADMIN is required to allow ipset and route table access - - NET_ADMIN - # CAP_NET_RAW is required to allow iptables mutation of the `nat` table - - NET_RAW - # CAP_SYS_PTRACE is required for repair and ambient mode to describe - # the pod's network namespace. - - SYS_PTRACE - # CAP_SYS_ADMIN is required for both ambient and repair, in order to open - # network namespaces in `/proc` to obtain descriptors for entering pod network - # namespaces. There does not appear to be a more granular capability for this. - - SYS_ADMIN - # While we run as a 'root' (UID/GID 0), since we drop all capabilities we lose - # the typical ability to read/write to folders owned by others. - # This can cause problems if the hostPath mounts we use, which we require write access into, - # are owned by non-root. DAC_OVERRIDE bypasses these and gives us write access into any folder. - - DAC_OVERRIDE -{{- if .Values.seLinuxOptions }} -{{ with (merge .Values.seLinuxOptions (dict "type" "spc_t")) }} - seLinuxOptions: -{{ toYaml . | trim | indent 14 }} -{{- end }} -{{- end }} -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - command: ["install-cni"] - args: - {{- if or .Values.logging.level .Values.global.logging.level }} - - --log_output_level={{ coalesce .Values.logging.level .Values.global.logging.level }} - {{- end}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end}} - envFrom: - - configMapRef: - name: {{ template "name" . }}-config - env: - - name: REPAIR_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: REPAIR_RUN_AS_DAEMON - value: "true" - - name: REPAIR_SIDECAR_ANNOTATION - value: "sidecar.istio.io/status" - {{- if not (and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace) }} - - name: ALLOW_SWITCH_TO_HOST_NS - value: "true" - {{- end }} - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - mountPath: /host/proc - name: cni-host-procfs - readOnly: true - {{- end }} - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - - mountPath: /var/run/istio-cni - name: cni-socket-dir - {{- if .Values.ambient.enabled }} - - mountPath: /host/var/run/netns - mountPropagation: HostToContainer - name: cni-netns-dir - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - {{ end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - volumes: - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: {{ $detectedBinDir }} - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - name: cni-host-procfs - hostPath: - path: /proc - type: Directory - {{- end }} - {{- if .Values.ambient.enabled }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate - {{- end }} - - name: cni-net-dir - hostPath: - path: {{ .Values.cniConfDir }} - # Used for UDS sockets for logging, ambient eventing - - name: cni-socket-dir - hostPath: - path: /var/run/istio-cni - - name: cni-netns-dir - hostPath: - path: {{ .Values.cniNetnsDir }} - type: DirectoryOrCreate # DirectoryOrCreate instead of Directory for the following reason - CNI may not bind mount this until a non-hostnetwork pod is scheduled on the node, - # and we don't want to block CNI agent pod creation on waiting for the first non-hostnetwork pod. - # Once the CNI does mount this, it will get populated and we're good. diff --git a/resources/v1.26.6/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.26.6/charts/cni/templates/network-attachment-definition.yaml deleted file mode 100644 index 86a2eb7c0..000000000 --- a/resources/v1.26.6/charts/cni/templates/network-attachment-definition.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if eq .Values.provider "multus" }} -apiVersion: k8s.cni.cncf.io/v1 -kind: NetworkAttachmentDefinition -metadata: - name: {{ template "name" . }} - namespace: default - labels: - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.6/charts/cni/templates/resourcequota.yaml b/resources/v1.26.6/charts/cni/templates/resourcequota.yaml deleted file mode 100644 index 9a6d61ff9..000000000 --- a/resources/v1.26.6/charts/cni/templates/resourcequota.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ template "name" . }}-resource-quota - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.6/charts/cni/templates/serviceaccount.yaml b/resources/v1.26.6/charts/cni/templates/serviceaccount.yaml deleted file mode 100644 index 3193d7b74..000000000 --- a/resources/v1.26.6/charts/cni/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.6/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.26.6/charts/cni/templates/zzy_descope_legacy.yaml deleted file mode 100644 index a9584ac29..000000000 --- a/resources/v1.26.6/charts/cni/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.cni` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "cni") }} \ No newline at end of file diff --git a/resources/v1.26.6/charts/cni/templates/zzz_profile.yaml b/resources/v1.26.6/charts/cni/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.6/charts/cni/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.6/charts/cni/values.yaml b/resources/v1.26.6/charts/cni/values.yaml deleted file mode 100644 index 51050067d..000000000 --- a/resources/v1.26.6/charts/cni/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - hub: "" - tag: "" - variant: "" - image: install-cni - pullPolicy: "" - - # Same as `global.logging.level`, but will override it if set - logging: - level: "" - - # Configuration file to insert istio-cni plugin configuration - # by default this will be the first file found in the cni-conf-dir - # Example - # cniConfFileName: 10-calico.conflist - - # CNI-and-platform specific path defaults. - # These may need to be set to platform-specific values, consult - # overrides for your platform in `manifests/helm-profiles/platform-*.yaml` - cniBinDir: /opt/cni/bin - cniConfDir: /etc/cni/net.d - cniConfFileName: "" - cniNetnsDir: "/var/run/netns" - - excludeNamespaces: - - kube-system - - # Allows user to set custom affinity for the DaemonSet - affinity: {} - - # Custom annotations on pod level, if you need them - podAnnotations: {} - - # Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")? - # Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case - chained: true - - # Custom configuration happens based on the CNI provider. - # Possible values: "default", "multus" - provider: "default" - - # Configure ambient settings - ambient: - # If enabled, ambient redirection will be enabled - enabled: false - # Set ambient config dir path: defaults to /etc/ambient-config - configDir: "" - # If enabled, and ambient is enabled, DNS redirection will be enabled - dnsCapture: true - # If enabled, and ambient is enabled, enables ipv6 support - ipv6: true - # If enabled, and ambient is enabled, the CNI agent will reconcile incompatible iptables rules and chains at startup. - # This will eventually be enabled by default - reconcileIptablesOnStartup: false - # If enabled, and ambient is enabled, the CNI agent will always share the network namespace of the host node it is running on - shareHostNetworkNamespace: false - - - repair: - enabled: true - hub: "" - tag: "" - - # Repair controller has 3 modes. Pick which one meets your use cases. Note only one may be used. - # This defines the action the controller will take when a pod is detected as broken. - - # labelPods will label all pods with =. - # This is only capable of identifying broken pods; the user is responsible for fixing them (generally, by deleting them). - # Note this gives the DaemonSet a relatively high privilege, as modifying pod metadata/status can have wider impacts. - labelPods: false - # deletePods will delete any broken pod. These will then be rescheduled, hopefully onto a node that is fully ready. - # Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod. - deletePods: false - # repairPods will dynamically repair any broken pod by setting up the pod networking configuration even after it has started. - # Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. - # This requires no RBAC privilege, but does require `securityContext.privileged/CAP_SYS_ADMIN`. - repairPods: true - - initContainerName: "istio-validation" - - brokenPodLabelKey: "cni.istio.io/uninitialized" - brokenPodLabelValue: "true" - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # SELinux options to set in the istio-cni-node pods. You may need to set this to `type: spc_t` for some platforms. - seLinuxOptions: {} - - resources: - requests: - cpu: 100m - memory: 100Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # For Helm compatibility. - ownerName: "" - - global: - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - - # Default tag for Istio images. - tag: 1.26.6 - - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # change cni scope level to control logging out of istio-cni-node DaemonSet - logging: - level: info - - logAsJson: false - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Default resources allocated - defaultResources: - requests: - cpu: 100m - memory: 100Mi - - # A `key: value` mapping of environment variables to add to the pod - env: {} diff --git a/resources/v1.26.6/charts/gateway/Chart.yaml b/resources/v1.26.6/charts/gateway/Chart.yaml deleted file mode 100644 index 9ca41c9c6..000000000 --- a/resources/v1.26.6/charts/gateway/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.6 -description: Helm chart for deploying Istio gateways -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- gateways -name: gateway -sources: -- https://github.com/istio/istio -type: application -version: 1.26.6 diff --git a/resources/v1.26.6/charts/gateway/README.md b/resources/v1.26.6/charts/gateway/README.md deleted file mode 100644 index 5c064d165..000000000 --- a/resources/v1.26.6/charts/gateway/README.md +++ /dev/null @@ -1,170 +0,0 @@ -# Istio Gateway Helm Chart - -This chart installs an Istio gateway deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-ingressgateway`: - -```console -helm install istio-ingressgateway istio/gateway -``` - -## Uninstalling the Chart - -To uninstall/delete the `istio-ingressgateway` deployment: - -```console -helm delete istio-ingressgateway -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/gateway -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### OpenShift - -When deploying the gateway in an OpenShift cluster, use the `openshift` profile to override the default values, for example: - -```console -helm install istio-ingressgateway istio/gateway --set profile=openshift -``` - -### `image: auto` Information - -The image used by the chart, `auto`, may be unintuitive. -This exists because the pod spec will be automatically populated at runtime, using the same mechanism as [Sidecar Injection](istio.io/latest/docs/setup/additional-setup/sidecar-injection). -This allows the same configurations and lifecycle to apply to gateways as sidecars. - -Note: this does mean that the namespace the gateway is deployed in must not have the `istio-injection=disabled` label. -See [Controlling the injection policy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) for more info. - -### Examples - -#### Egress Gateway - -Deploying a Gateway to be used as an [Egress Gateway](https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/): - -```yaml -service: - # Egress gateways do not need an external LoadBalancer IP - type: ClusterIP -``` - -#### Multi-network/VM Gateway - -Deploying a Gateway to be used as a [Multi-network Gateway](https://istio.io/latest/docs/setup/install/multicluster/) for network `network-1`: - -```yaml -networkGateway: network-1 -``` - -### Migrating from other installation methods - -Installations from other installation methods (such as istioctl, Istio Operator, other helm charts, etc) can be migrated to use the new Helm charts -following the guidance below. -If you are able to, a clean installation is simpler. However, this often requires an external IP migration which can be challenging. - -WARNING: when installing over an existing deployment, the two deployments will be merged together by Helm, which may lead to unexpected results. - -#### Legacy Gateway Helm charts - -Istio historically offered two different charts - `manifests/charts/gateways/istio-ingress` and `manifests/charts/gateways/istio-egress`. -These are replaced by this chart. -While not required, it is recommended all new users use this chart, and existing users migrate when possible. - -This chart has the following benefits and differences: -* Designed with Helm best practices in mind (standardized values options, values schema, values are not all nested under `gateways.istio-ingressgateway.*`, release name and namespace taken into account, etc). -* Utilizes Gateway injection, simplifying upgrades, allowing gateways to run in any namespace, and avoiding repeating config for sidecars and gateways. -* Published to official Istio Helm repository. -* Single chart for all gateways (Ingress, Egress, East West). - -#### General concerns - -For a smooth migration, the resource names and `Deployment.spec.selector` labels must match. - -If you install with `helm install istio-gateway istio/gateway`, resources will be named `istio-gateway` and the `selector` labels set to: - -```yaml -app: istio-gateway -istio: gateway # the release name with leading istio- prefix stripped -``` - -If your existing installation doesn't follow these names, you can override them. For example, if you have resources named `my-custom-gateway` with `selector` labels -`foo=bar,istio=ingressgateway`: - -```yaml -name: my-custom-gateway # Override the name to match existing resources -labels: - app: "" # Unset default app selector label - istio: ingressgateway # override default istio selector label - foo: bar # Add the existing custom selector label -``` - -#### Migrating an existing Helm release - -An existing helm release can be `helm upgrade`d to this chart by using the same release name. For example, if a previous -installation was done like: - -```console -helm install istio-ingress manifests/charts/gateways/istio-ingress -n istio-system -``` - -It could be upgraded with - -```console -helm upgrade istio-ingress manifests/charts/gateway -n istio-system --set name=istio-ingressgateway --set labels.app=istio-ingressgateway --set labels.istio=ingressgateway -``` - -Note the name and labels are overridden to match the names of the existing installation. - -Warning: the helm charts here default to using port 80 and 443, while the old charts used 8080 and 8443. -If you have AuthorizationPolicies that reference port these ports, you should update them during this process, -or customize the ports to match the old defaults. -See the [security advisory](https://istio.io/latest/news/security/istio-security-2021-002/) for more information. - -#### Other migrations - -If you see errors like `rendered manifests contain a resource that already exists` during installation, you may need to forcibly take ownership. - -The script below can handle this for you. Replace `RELEASE` and `NAMESPACE` with the name and namespace of the release: - -```console -KINDS=(service deployment) -RELEASE=istio-ingressgateway -NAMESPACE=istio-system -for KIND in "${KINDS[@]}"; do - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-name=$RELEASE - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-namespace=$NAMESPACE - kubectl --namespace $NAMESPACE --overwrite=true label $KIND $RELEASE app.kubernetes.io/managed-by=Helm -done -``` - -You may ignore errors about resources not being found. diff --git a/resources/v1.26.6/charts/gateway/files/profile-ambient.yaml b/resources/v1.26.6/charts/gateway/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.6/charts/gateway/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.6/charts/gateway/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.6/charts/gateway/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.6/charts/gateway/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/gateway/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.6/charts/gateway/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.6/charts/gateway/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.6/charts/gateway/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.6/charts/gateway/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/gateway/files/profile-demo.yaml b/resources/v1.26.6/charts/gateway/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.6/charts/gateway/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.6/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.26.6/charts/gateway/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.6/charts/gateway/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.6/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.26.6/charts/gateway/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.6/charts/gateway/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.6/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.26.6/charts/gateway/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.6/charts/gateway/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.6/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.26.6/charts/gateway/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.6/charts/gateway/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.6/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.26.6/charts/gateway/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.6/charts/gateway/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.6/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.26.6/charts/gateway/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.6/charts/gateway/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.6/charts/gateway/files/profile-preview.yaml b/resources/v1.26.6/charts/gateway/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.6/charts/gateway/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.6/charts/gateway/files/profile-remote.yaml b/resources/v1.26.6/charts/gateway/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.6/charts/gateway/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.6/charts/gateway/files/profile-stable.yaml b/resources/v1.26.6/charts/gateway/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.6/charts/gateway/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.6/charts/gateway/templates/NOTES.txt b/resources/v1.26.6/charts/gateway/templates/NOTES.txt deleted file mode 100644 index fd0142911..000000000 --- a/resources/v1.26.6/charts/gateway/templates/NOTES.txt +++ /dev/null @@ -1,9 +0,0 @@ -"{{ include "gateway.name" . }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: - * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ - * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ diff --git a/resources/v1.26.6/charts/gateway/templates/_helpers.tpl b/resources/v1.26.6/charts/gateway/templates/_helpers.tpl deleted file mode 100644 index e5a0a9b3c..000000000 --- a/resources/v1.26.6/charts/gateway/templates/_helpers.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{- define "gateway.name" -}} -{{- if eq .Release.Name "RELEASE-NAME" -}} - {{- .Values.name | default "istio-ingressgateway" -}} -{{- else -}} - {{- .Values.name | default .Release.Name | default "istio-ingressgateway" -}} -{{- end -}} -{{- end }} - -{{- define "gateway.labels" -}} -{{ include "gateway.selectorLabels" . }} -{{- range $key, $val := .Values.labels }} -{{- if and (ne $key "app") (ne $key "istio") }} -{{ $key | quote }}: {{ $val | quote }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "gateway.selectorLabels" -}} -app: {{ (.Values.labels.app | quote) | default (include "gateway.name" .) }} -istio: {{ (.Values.labels.istio | quote) | default (include "gateway.name" . | trimPrefix "istio-") }} -{{- end }} - -{{/* -Keep sidecar injection labels together -https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy -*/}} -{{- define "gateway.sidecarInjectionLabels" -}} -sidecar.istio.io/inject: "true" -{{- with .Values.revision }} -istio.io/rev: {{ . | quote }} -{{- end }} -{{- end }} - -{{- define "gateway.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- .Values.serviceAccount.name | default (include "gateway.name" .) }} -{{- else }} -{{- .Values.serviceAccount.name | default "default" }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.6/charts/gateway/templates/deployment.yaml b/resources/v1.26.6/charts/gateway/templates/deployment.yaml deleted file mode 100644 index d83ff3b49..000000000 --- a/resources/v1.26.6/charts/gateway/templates/deployment.yaml +++ /dev/null @@ -1,131 +0,0 @@ -apiVersion: apps/v1 -kind: {{ .Values.kind | default "Deployment" }} -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - {{- if and (hasKey .Values "replicaCount") (ne .Values.replicaCount nil) }} - replicas: {{ .Values.replicaCount }} - {{- end }} - {{- end }} - {{- with .Values.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.minReadySeconds }} - minReadySeconds: {{ . }} - {{- end }} - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "gateway.sidecarInjectionLabels" . | nindent 8 }} - {{- include "gateway.selectorLabels" . | nindent 8 }} - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 8}} - {{- range $key, $val := .Values.labels }} - {{- if and (ne $key "app") (ne $key "istio") }} - {{ $key | quote }}: {{ $val | quote }} - {{- end }} - {{- end }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "gateway.serviceAccountName" . }} - securityContext: - {{- if .Values.securityContext }} - {{- toYaml .Values.securityContext | nindent 8 }} - {{- else }} - # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326 - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - {{- with .Values.volumes }} - volumes: - {{ toYaml . | nindent 8 }} - {{- end }} - containers: - - name: istio-proxy - # "auto" will be populated at runtime by the mutating webhook. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#customizing-injection - image: auto - {{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} - {{- end }} - securityContext: - {{- if .Values.containerSecurityContext }} - {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- else }} - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - {{- if not (eq (.Values.platform | default "") "openshift") }} - runAsUser: 1337 - runAsGroup: 1337 - {{- end }} - runAsNonRoot: true - {{- end }} - env: - {{- with .Values.networkGateway }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: "{{.}}" - {{- end }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} - {{- with .Values.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} diff --git a/resources/v1.26.6/charts/gateway/templates/hpa.yaml b/resources/v1.26.6/charts/gateway/templates/hpa.yaml deleted file mode 100644 index 64ecb6a4c..000000000 --- a/resources/v1.26.6/charts/gateway/templates/hpa.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if and (.Values.autoscaling.enabled) (eq .Values.kind "Deployment") }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: {{ .Values.kind | default "Deployment" }} - name: {{ include "gateway.name" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaling.autoscaleBehavior | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.6/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.26.6/charts/gateway/templates/poddisruptionbudget.yaml deleted file mode 100644 index b0155cdf0..000000000 --- a/resources/v1.26.6/charts/gateway/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} -spec: - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - {{- with .Values.podDisruptionBudget }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.6/charts/gateway/templates/role.yaml b/resources/v1.26.6/charts/gateway/templates/role.yaml deleted file mode 100644 index 3d1607963..000000000 --- a/resources/v1.26.6/charts/gateway/templates/role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/*Set up roles for Istio Gateway. Not required for gateway-api*/}} -{{- if .Values.rbac.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "gateway.serviceAccountName" . }} -subjects: -- kind: ServiceAccount - name: {{ include "gateway.serviceAccountName" . }} -{{- end }} diff --git a/resources/v1.26.6/charts/gateway/templates/service.yaml b/resources/v1.26.6/charts/gateway/templates/service.yaml deleted file mode 100644 index 3e28418f7..000000000 --- a/resources/v1.26.6/charts/gateway/templates/service.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if not (eq .Values.service.type "None") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - annotations: - {{- merge (deepCopy .Values.service.annotations) .Values.annotations | toYaml | nindent 4 }} -spec: -{{- with .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ . }}" -{{- end }} -{{- if eq .Values.service.type "LoadBalancer" }} - {{- if hasKey .Values.service "allocateLoadBalancerNodePorts" }} - allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }} - {{- end }} - {{- if hasKey .Values.service "loadBalancerClass" }} - loadBalancerClass: {{ .Values.service.loadBalancerClass }} - {{- end }} -{{- end }} -{{- if .Values.service.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} -{{- end }} -{{- if .Values.service.ipFamilies }} - ipFamilies: -{{- range .Values.service.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} -{{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: "{{ . }}" -{{- end }} - type: {{ .Values.service.type }} - ports: -{{- if .Values.networkGateway }} - - name: status-port - port: 15021 - targetPort: 15021 - - name: tls - port: 15443 - targetPort: 15443 - - name: tls-istiod - port: 15012 - targetPort: 15012 - - name: tls-webhook - port: 15017 - targetPort: 15017 -{{- else }} -{{ .Values.service.ports | toYaml | indent 4 }} -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: {{- range .Values.service.externalIPs }} - - {{.}} - {{- end }} -{{- end }} - selector: - {{- include "gateway.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.6/charts/gateway/templates/serviceaccount.yaml b/resources/v1.26.6/charts/gateway/templates/serviceaccount.yaml deleted file mode 100644 index c88afeadd..000000000 --- a/resources/v1.26.6/charts/gateway/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.6/charts/gateway/templates/zzz_profile.yaml b/resources/v1.26.6/charts/gateway/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.6/charts/gateway/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.6/charts/gateway/values.schema.json b/resources/v1.26.6/charts/gateway/values.schema.json deleted file mode 100644 index d81fcffaa..000000000 --- a/resources/v1.26.6/charts/gateway/values.schema.json +++ /dev/null @@ -1,368 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "$defs": { - "values": { - "type": "object", - "additionalProperties": false, - "properties": { - "_internal_defaults_do_not_set": { - "type": "object" - }, - "global": { - "type": "object" - }, - "affinity": { - "type": "object" - }, - "securityContext": { - "type": [ - "object", - "null" - ] - }, - "containerSecurityContext": { - "type": [ - "object", - "null" - ] - }, - "kind": { - "type": "string", - "enum": [ - "Deployment", - "DaemonSet" - ] - }, - "annotations": { - "additionalProperties": { - "type": [ - "string", - "integer" - ] - }, - "type": "object" - }, - "autoscaling": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxReplicas": { - "type": "integer" - }, - "minReplicas": { - "type": "integer" - }, - "targetCPUUtilizationPercentage": { - "type": "integer" - } - } - }, - "env": { - "type": "object" - }, - "envVarFrom": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "valueFrom": { - "type": "object" - } - } - } - }, - "strategy": { - "type": "object" - }, - "minReadySeconds": { - "type": [ - "null", - "integer" - ] - }, - "readinessProbe": { - "type": [ - "null", - "object" - ] - }, - "labels": { - "type": "object" - }, - "name": { - "type": "string" - }, - "nodeSelector": { - "type": "object" - }, - "podAnnotations": { - "type": "object", - "properties": { - "inject.istio.io/templates": { - "type": "string" - }, - "prometheus.io/path": { - "type": "string" - }, - "prometheus.io/port": { - "type": "string" - }, - "prometheus.io/scrape": { - "type": "string" - } - } - }, - "replicaCount": { - "type": [ - "integer", - "null" - ] - }, - "resources": { - "type": "object", - "properties": { - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - }, - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - } - } - }, - "revision": { - "type": "string" - }, - "defaultRevision": { - "type": "string" - }, - "compatibilityVersion": { - "type": "string" - }, - "profile": { - "type": "string" - }, - "platform": { - "type": "string" - }, - "pilot": { - "type": "object" - }, - "runAsRoot": { - "type": "boolean" - }, - "unprivilegedPort": { - "type": [ - "string", - "boolean" - ], - "enum": [ - true, - false, - "auto" - ] - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "loadBalancerIP": { - "type": "string" - }, - "loadBalancerSourceRanges": { - "type": "array" - }, - "ipFamilies": { - "items": { - "type": "string", - "enum": [ - "IPv4", - "IPv6" - ] - } - }, - "ipFamilyPolicy": { - "type": "string", - "enum": [ - "", - "SingleStack", - "PreferDualStack", - "RequireDualStack" - ] - }, - "ports": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "protocol": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - }, - "type": { - "type": "string" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "name": { - "type": "string" - }, - "create": { - "type": "boolean" - } - } - }, - "rbac": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "tolerations": { - "type": "array" - }, - "topologySpreadConstraints": { - "type": "array" - }, - "networkGateway": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string", - "enum": [ - "", - "Always", - "IfNotPresent", - "Never" - ] - }, - "imagePullSecrets": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - } - } - }, - "podDisruptionBudget": { - "type": "object", - "properties": { - "minAvailable": { - "type": [ - "integer", - "string" - ] - }, - "maxUnavailable": { - "type": [ - "integer", - "string" - ] - }, - "unhealthyPodEvictionPolicy": { - "type": "string", - "enum": [ - "", - "IfHealthyBudget", - "AlwaysAllow" - ] - } - } - }, - "terminationGracePeriodSeconds": { - "type": "number" - }, - "volumes": { - "type": "array", - "items": { - "type": "object" - } - }, - "volumeMounts": { - "type": "array", - "items": { - "type": "object" - } - }, - "initContainers": { - "type": "array", - "items": { - "type": "object" - } - }, - "additionalContainers": { - "type": "array", - "items": { - "type": "object" - } - }, - "priorityClassName": { - "type": "string" - } - } - } - }, - "defaults": { - "$ref": "#/$defs/values" - }, - "$ref": "#/$defs/values" -} diff --git a/resources/v1.26.6/charts/gateway/values.yaml b/resources/v1.26.6/charts/gateway/values.yaml deleted file mode 100644 index 4e65676ba..000000000 --- a/resources/v1.26.6/charts/gateway/values.yaml +++ /dev/null @@ -1,170 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Name allows overriding the release name. Generally this should not be set - name: "" - # revision declares which revision this gateway is a part of - revision: "" - - # Controls the spec.replicas setting for the Gateway deployment if set. - # Otherwise defaults to Kubernetes Deployment default (1). - replicaCount: - - kind: Deployment - - rbac: - # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed - # when using http://gateway-api.org/. - enabled: true - - serviceAccount: - # If set, a service account will be created. Otherwise, the default is used - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set, the release name is used - name: "" - - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - prometheus.io/path: "/stats/prometheus" - inject.istio.io/templates: "gateway" - sidecar.istio.io/inject: "true" - - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - containerSecurityContext: {} - - service: - # Type of service. Set to "None" to disable the service entirely - type: LoadBalancer - ports: - - name: status-port - port: 15021 - protocol: TCP - targetPort: 15021 - - name: http2 - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - annotations: {} - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalTrafficPolicy: "" - externalIPs: [] - ipFamilyPolicy: "" - ipFamilies: [] - ## Whether to automatically allocate NodePorts (only for LoadBalancers). - # allocateLoadBalancerNodePorts: false - ## Set LoadBalancer class (only for LoadBalancers). - # loadBalancerClass: "" - - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: {} - autoscaleBehavior: {} - - # Pod environment variables - env: {} - - # Deployment Update strategy - strategy: {} - - # Sets the Deployment minReadySeconds value - minReadySeconds: - - # Optionally configure a custom readinessProbe. By default the control plane - # automatically injects the readinessProbe. If you wish to override that - # behavior, you may define your own readinessProbe here. - readinessProbe: {} - - # Labels to apply to all resources - labels: - # By default, don't enroll gateways into the ambient dataplane - "istio.io/dataplane-mode": none - - # Annotations to apply to all resources - annotations: {} - - nodeSelector: {} - - tolerations: [] - - topologySpreadConstraints: [] - - affinity: {} - - # If specified, the gateway will act as a network gateway for the given network. - networkGateway: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent - imagePullPolicy: "" - - imagePullSecrets: [] - - # This value is used to configure a Kubernetes PodDisruptionBudget for the gateway. - # - # By default, the `podDisruptionBudget` is disabled (set to `{}`), - # which means that no PodDisruptionBudget resource will be created. - # - # To enable the PodDisruptionBudget, configure it by specifying the - # `minAvailable` or `maxUnavailable`. For example, to set the - # minimum number of available replicas to 1, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # - # Or, to allow a maximum of 1 unavailable replica, you can set: - # - # podDisruptionBudget: - # maxUnavailable: 1 - # - # You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`. - # For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # unhealthyPodEvictionPolicy: AlwaysAllow - # - # To disable the PodDisruptionBudget, you can leave it as an empty object `{}`: - # - # podDisruptionBudget: {} - # - podDisruptionBudget: {} - - # Sets the per-pod terminationGracePeriodSeconds setting. - terminationGracePeriodSeconds: 30 - - # A list of `Volumes` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumes: [] - - # A list of `VolumeMounts` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumeMounts: [] - - # Configure this to a higher priority class in order to make sure your Istio gateway pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" diff --git a/resources/v1.26.6/charts/istiod/Chart.yaml b/resources/v1.26.6/charts/istiod/Chart.yaml deleted file mode 100644 index 336c6e2e0..000000000 --- a/resources/v1.26.6/charts/istiod/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.6 -description: Helm chart for istio control plane -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- istiod -- istio-discovery -name: istiod -sources: -- https://github.com/istio/istio -version: 1.26.6 diff --git a/resources/v1.26.6/charts/istiod/README.md b/resources/v1.26.6/charts/istiod/README.md deleted file mode 100644 index ddbfbc8fe..000000000 --- a/resources/v1.26.6/charts/istiod/README.md +++ /dev/null @@ -1,73 +0,0 @@ -# Istiod Helm Chart - -This chart installs an Istiod deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -Before installing, ensure CRDs are installed in the cluster (from the `istio/base` chart). - -To install the chart with the release name `istiod`: - -```console -kubectl create namespace istio-system -helm install istiod istio/istiod --namespace istio-system -``` - -## Uninstalling the Chart - -To uninstall/delete the `istiod` deployment: - -```console -helm delete istiod --namespace istio-system -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istiod -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Examples - -#### Configuring mesh configuration settings - -Any [Mesh Config](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/) options can be configured like below: - -```yaml -meshConfig: - accessLogFile: /dev/stdout -``` - -#### Revisions - -Control plane revisions allow deploying multiple versions of the control plane in the same cluster. -This allows safe [canary upgrades](https://istio.io/latest/docs/setup/upgrade/canary/) - -```yaml -revision: my-revision-name -``` diff --git a/resources/v1.26.6/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.26.6/charts/istiod/files/gateway-injection-template.yaml deleted file mode 100644 index 7d23f15f9..000000000 --- a/resources/v1.26.6/charts/istiod/files/gateway-injection-template.yaml +++ /dev/null @@ -1,261 +0,0 @@ -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: - istio.io/rev: {{ .Revision | default "default" | quote }} - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}" - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}" - {{- end }} - {{- end }} -spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 4 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- end }} - securityContext: - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.6/charts/istiod/files/grpc-agent.yaml b/resources/v1.26.6/charts/istiod/files/grpc-agent.yaml deleted file mode 100644 index dda3aeaa9..000000000 --- a/resources/v1.26.6/charts/istiod/files/grpc-agent.yaml +++ /dev/null @@ -1,318 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - {{/* security.istio.io/tlsMode: istio must be set by user, if gRPC is using mTLS initialization code. We can't set it automatically. */}} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} - sidecar.istio.io/rewriteAppHTTPProbers: "false", - } -spec: - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15020 - protocol: TCP - name: mesh-metrics - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - - --url=http://localhost:15020/healthz/ready - env: - - name: ISTIO_META_GENERATOR - value: grpc - - name: OUTPUT_CERTS - value: /var/lib/istio/data - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - # grpc uses xds:/// to resolve – no need to resolve VIP - - name: ISTIO_META_DNS_CAPTURE - value: "false" - - name: DISABLE_ENVOY - value: "true" - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15020 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} -{{- range $index, $container := .Spec.Containers }} -{{ if not (eq $container.Name "istio-proxy") }} - - name: {{ $container.Name }} - env: - - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" - value: "true" - - name: "GRPC_XDS_BOOTSTRAP" - value: "/etc/istio/proxy/grpc-bootstrap.json" - volumeMounts: - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - {{- if eq $.Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} -{{- end }} -{{- end }} - volumes: - - emptyDir: - name: workload-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-xds - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.6/charts/istiod/files/grpc-simple.yaml b/resources/v1.26.6/charts/istiod/files/grpc-simple.yaml deleted file mode 100644 index 9ba0c7a46..000000000 --- a/resources/v1.26.6/charts/istiod/files/grpc-simple.yaml +++ /dev/null @@ -1,65 +0,0 @@ -metadata: - annotations: - sidecar.istio.io/rewriteAppHTTPProbers: "false" -spec: - initContainers: - - name: grpc-bootstrap-init - image: busybox:1.28 - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - env: - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_NAMESPACE - value: | - {{ .Values.global.istioNamespace }} - command: - - sh - - "-c" - - |- - NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local" - SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010" - echo ' - { - "xds_servers": [ - { - "server_uri": "'${SERVER_URI}'", - "channel_creds": [{"type": "insecure"}], - "server_features" : ["xds_v3"] - } - ], - "node": { - "id": "'${NODE_ID}'", - "metadata": { - "GENERATOR": "grpc" - } - } - }' > /var/lib/grpc/data/bootstrap.json - containers: - {{- range $index, $container := .Spec.Containers }} - - name: {{ $container.Name }} - env: - - name: GRPC_XDS_BOOTSTRAP - value: /var/lib/grpc/data/bootstrap.json - - name: GRPC_GO_LOG_VERBOSITY_LEVEL - value: "99" - - name: GRPC_GO_LOG_SEVERITY_LEVEL - value: info - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - {{- end }} - volumes: - - name: grpc-io-proxyless-bootstrap - emptyDir: {} diff --git a/resources/v1.26.6/charts/istiod/files/injection-template.yaml b/resources/v1.26.6/charts/istiod/files/injection-template.yaml deleted file mode 100644 index bfd922b04..000000000 --- a/resources/v1.26.6/charts/istiod/files/injection-template.yaml +++ /dev/null @@ -1,531 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{ $nativeSidecar := (or (and (not (isset .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`)) (eq (env "ENABLE_NATIVE_SIDECARS" "false") "true")) (eq (index .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`) "true")) }} -{{ $tproxy := (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio" | quote }} - {{- if eq (index .ProxyConfig.ProxyMetadata "ISTIO_META_ENABLE_HBONE") "true" }} - networking.istio.io/tunnel: {{ index .ObjectMeta.Labels `networking.istio.io/tunnel` | default "http" | quote }} - {{- end }} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | trunc 63 | trimSuffix "-" | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} -{{- if .Values.pilot.cni.enabled }} - {{- if eq .Values.pilot.cni.provider "multus" }} - k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `default/istio-cni` }}', - {{- end }} - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}", - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} - traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}", - {{- end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}istio.io/reroute-virtual-interfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}traffic.sidecar.istio.io/excludeInterfaces: "{{.}}",{{ end }} -{{- end }} - } -spec: - {{- $holdProxy := and - (or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts) - (not $nativeSidecar) }} - {{- $noInitContainer := and - (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE`) - (not $nativeSidecar) }} - {{ if $noInitContainer }} - initContainers: [] - {{ else -}} - initContainers: - {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} - {{ if .Values.pilot.cni.enabled -}} - - name: istio-validation - {{ else -}} - - name: istio-init - {{ end -}} - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - args: - - istio-iptables - - "-p" - - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }} - - "-z" - - {{ .MeshConfig.ProxyInboundListenPort | default "15006" | quote }} - - "-u" - - {{ if $tproxy }} "1337" {{ else }} {{ .ProxyUID | default "1337" | quote }} {{ end }} - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}" - - "-d" - {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} - - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{- else }} - - "15090,15021" - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} - - "-q" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" - {{ end -}} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}" - {{ else if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`) -}} - - "-c" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}" - {{ end -}} - - "--log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}" - {{ if .Values.global.logAsJson -}} - - "--log_as_json" - {{ end -}} - {{ if .Values.pilot.cni.enabled -}} - - "--run-validation" - - "--skip-rule-apply" - {{ else if .Values.global.proxy_init.forceApplyIptables -}} - - "--force-apply" - {{ end -}} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{- if .ProxyConfig.ProxyMetadata }} - env: - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: - {{- if not .Values.pilot.cni.enabled }} - add: - - NET_ADMIN - - NET_RAW - {{- end }} - drop: - - ALL - {{- if not .Values.pilot.cni.enabled }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - readOnlyRootFilesystem: true - runAsGroup: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyGID | default "1337" }} {{ end }} - runAsUser: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyUID | default "1337" }} {{ end }} - runAsNonRoot: true - {{- end }} - {{ end -}} - {{ end -}} - {{ if not $nativeSidecar }} - containers: - {{ end }} - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{ if $nativeSidecar }}restartPolicy: Always{{end}} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- else if $holdProxy }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - {{- else if $nativeSidecar }} - {{- /* preStop is called when the pod starts shutdown. Initialize drain. We will get SIGTERM once applications are torn down. */}} - lifecycle: - preStop: - exec: - command: - - pilot-agent - - request - - --debug-port={{(annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort)}} - - POST - - drain - {{- end }} - env: - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- with (index .ObjectMeta.Labels `service.istio.io/workload-name` | default .DeploymentMeta.Name) }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ . }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - {{ if .Values.global.proxy.startupProbe.enabled }} - startupProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: 0 - periodSeconds: 1 - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.startupProbe.failureThreshold }} - {{ end }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }} - allowPrivilegeEscalation: true - capabilities: - add: - - NET_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: true - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: false - runAsUser: 0 - {{- else }} - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - add: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - - NET_ADMIN - {{- end }} - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} - - NET_BIND_SERVICE - {{- end }} - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: true - {{ if or ($tproxy) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - runAsNonRoot: false - runAsUser: 0 - runAsGroup: 1337 - {{- else -}} - runAsNonRoot: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} - volumes: - - emptyDir: - name: workload-socket - - emptyDir: - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.6/charts/istiod/files/kube-gateway.yaml b/resources/v1.26.6/charts/istiod/files/kube-gateway.yaml deleted file mode 100644 index 447ecae83..000000000 --- a/resources/v1.26.6/charts/istiod/files/kube-gateway.yaml +++ /dev/null @@ -1,401 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": {{.Name}} - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 8 }} - spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 8 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- if .Values.gateways.seccompProfile }} - seccompProfile: - {{- toYaml .Values.gateways.seccompProfile | nindent 10 }} - {{- end }} - {{- end }} - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{- if .Values.global.proxy.resources }} - resources: - {{- toYaml .Values.global.proxy.resources | nindent 10 }} - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - securityContext: - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: true - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }} - {{- end }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: "[]" - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName .ClusterID }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- with (valueOrDefault (index .InfrastructureLabels "topology.istio.io/network") .Values.global.network) }} - - name: ISTIO_META_NETWORK - value: {{.|quote}} - {{- end }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName|quote}} - - name: ISTIO_META_OWNER - value: "kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}}" - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- with (index .InfrastructureLabels "topology.istio.io/network") }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: {{.|quote}} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq ((.Values.pilot).env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: {{.UID}} -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": {{.Name}} - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.6/charts/istiod/files/profile-ambient.yaml b/resources/v1.26.6/charts/istiod/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.6/charts/istiod/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.6/charts/istiod/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.6/charts/istiod/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.6/charts/istiod/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/istiod/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.6/charts/istiod/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.6/charts/istiod/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.6/charts/istiod/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.6/charts/istiod/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/istiod/files/profile-demo.yaml b/resources/v1.26.6/charts/istiod/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.6/charts/istiod/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.6/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.26.6/charts/istiod/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.6/charts/istiod/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.6/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.26.6/charts/istiod/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.6/charts/istiod/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.6/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.26.6/charts/istiod/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.6/charts/istiod/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.6/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.26.6/charts/istiod/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.6/charts/istiod/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.6/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.26.6/charts/istiod/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.6/charts/istiod/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.6/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.26.6/charts/istiod/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.6/charts/istiod/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.6/charts/istiod/files/profile-preview.yaml b/resources/v1.26.6/charts/istiod/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.6/charts/istiod/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.6/charts/istiod/files/profile-remote.yaml b/resources/v1.26.6/charts/istiod/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.6/charts/istiod/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.6/charts/istiod/files/profile-stable.yaml b/resources/v1.26.6/charts/istiod/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.6/charts/istiod/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.6/charts/istiod/files/waypoint.yaml b/resources/v1.26.6/charts/istiod/files/waypoint.yaml deleted file mode 100644 index 421cabeae..000000000 --- a/resources/v1.26.6/charts/istiod/files/waypoint.yaml +++ /dev/null @@ -1,396 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": "{{.Name}}" - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "istio.io/dataplane-mode" "none" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 8}} - spec: - {{- if .Values.global.waypoint.affinity }} - affinity: - {{- toYaml .Values.global.waypoint.affinity | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml .Values.global.waypoint.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.nodeSelector }} - nodeSelector: - {{- toYaml .Values.global.waypoint.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.tolerations }} - tolerations: - {{- toYaml .Values.global.waypoint.tolerations | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 2 - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - args: - - proxy - - waypoint - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - {{.ServiceAccount}}.$(POD_NAMESPACE) - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - env: - - name: ISTIO_META_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - {{- if .ProxyConfig.ProxyMetadata }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - {{- $network := valueOrDefault (index .InfrastructureLabels `topology.istio.io/network`) .Values.global.network }} - {{- if $network }} - - name: ISTIO_META_NETWORK - value: "{{ $network }}" - {{- end }} - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName}} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if .Values.global.waypoint.resources }} - resources: - {{- toYaml .Values.global.waypoint.resources | nindent 10 }} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - privileged: false - {{- if not (eq .Values.global.platform "openshift") }} - runAsGroup: 1337 - runAsUser: 1337 - {{- end }} - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.gateways.seccompProfile }} - seccompProfile: -{{- toYaml .Values.gateways.seccompProfile | nindent 12 }} -{{- end }} - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: - medium: Memory - name: go-proxy-envoy - - emptyDir: {} - name: istio-data - - emptyDir: {} - name: go-proxy-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap - (strdict "networking.istio.io/traffic-distribution" "PreferClose") - (omit .InfrastructureAnnotations - "kubectl.kubernetes.io/last-applied-configuration" - "gateway.istio.io/name-override" - "gateway.istio.io/service-account" - "gateway.istio.io/controller-version" - ) | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": "{{.Name}}" - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.6/charts/istiod/templates/NOTES.txt b/resources/v1.26.6/charts/istiod/templates/NOTES.txt deleted file mode 100644 index 0d07ea7f4..000000000 --- a/resources/v1.26.6/charts/istiod/templates/NOTES.txt +++ /dev/null @@ -1,82 +0,0 @@ -"istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: -{{- $profile := default "" .Values.profile }} -{{- if (eq $profile "ambient") }} - * Get started with ambient: https://istio.io/latest/docs/ops/ambient/getting-started/ - * Review ambient's architecture: https://istio.io/latest/docs/ops/ambient/architecture/ -{{- else }} - * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/ - * Try out our tasks to get started on common configurations: - * https://istio.io/latest/docs/tasks/traffic-management - * https://istio.io/latest/docs/tasks/security/ - * https://istio.io/latest/docs/tasks/policy-enforcement/ -{{- end }} - * Review the list of actively supported releases, CVE publications and our hardening guide: - * https://istio.io/latest/docs/releases/supported-releases/ - * https://istio.io/latest/news/security/ - * https://istio.io/latest/docs/ops/best-practices/security/ - -For further documentation see https://istio.io website - -{{- - $deps := dict - "global.outboundTrafficPolicy" "meshConfig.outboundTrafficPolicy" - "global.certificates" "meshConfig.certificates" - "global.localityLbSetting" "meshConfig.localityLbSetting" - "global.policyCheckFailOpen" "meshConfig.policyCheckFailOpen" - "global.enableTracing" "meshConfig.enableTracing" - "global.proxy.accessLogFormat" "meshConfig.accessLogFormat" - "global.proxy.accessLogFile" "meshConfig.accessLogFile" - "global.proxy.concurrency" "meshConfig.defaultConfig.concurrency" - "global.proxy.envoyAccessLogService" "meshConfig.defaultConfig.envoyAccessLogService" - "global.proxy.envoyAccessLogService.enabled" "meshConfig.enableEnvoyAccessLogService" - "global.proxy.envoyMetricsService" "meshConfig.defaultConfig.envoyMetricsService" - "global.proxy.protocolDetectionTimeout" "meshConfig.protocolDetectionTimeout" - "global.proxy.holdApplicationUntilProxyStarts" "meshConfig.defaultConfig.holdApplicationUntilProxyStarts" - "pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" - "global.mtls.enabled" "the PeerAuthentication resource" - "global.mtls.auto" "meshConfig.enableAutoMtls" - "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address" - "global.tracer.lightstep.accessToken" "meshConfig.defaultConfig.tracing.lightstep.accessToken" - "global.tracer.zipkin.address" "meshConfig.defaultConfig.tracing.zipkin.address" - "global.tracer.datadog.address" "meshConfig.defaultConfig.tracing.datadog.address" - "global.meshExpansion.enabled" "Gateway and other Istio networking resources, such as in samples/multicluster/" - "istiocoredns.enabled" "the in-proxy DNS capturing (ISTIO_META_DNS_CAPTURE)" -}} -{{- range $dep, $replace := $deps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -WARNING: {{$dep|quote}} is deprecated; use {{$replace|quote}} instead. -{{- end }} -{{- end }} -{{- - $failDeps := dict - "telemetry.v2.prometheus.configOverride" - "telemetry.v2.stackdriver.configOverride" - "telemetry.v2.stackdriver.disableOutbound" - "telemetry.v2.stackdriver.outboundAccessLogging" - "global.tracer.stackdriver.debug" "meshConfig.defaultConfig.tracing.stackdriver.debug" - "global.tracer.stackdriver.maxNumberOfAttributes" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" - "global.tracer.stackdriver.maxNumberOfAnnotations" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" - "global.tracer.stackdriver.maxNumberOfMessageEvents" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" - "meshConfig.defaultConfig.tracing.stackdriver.debug" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" "Istio supported tracers" -}} -{{- range $dep, $replace := $failDeps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -{{fail (print $dep " is removed")}} -{{- end }} -{{- end }} -{{- if eq $.Values.global.pilotCertProvider "kubernetes" }} -{{- fail "pilotCertProvider=kubernetes is not supported" }} -{{- end }} \ No newline at end of file diff --git a/resources/v1.26.6/charts/istiod/templates/_helpers.tpl b/resources/v1.26.6/charts/istiod/templates/_helpers.tpl deleted file mode 100644 index 042c92538..000000000 --- a/resources/v1.26.6/charts/istiod/templates/_helpers.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* Default Prometheus is enabled if its enabled and there are no config overrides set */}} -{{ define "default-prometheus" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.prometheus.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. Default metrics are enabled if SD is enabled */}} -{{ define "default-sd-metrics" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. */}} -{{ define "default-sd-logs" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/autoscale.yaml b/resources/v1.26.6/charts/istiod/templates/autoscale.yaml deleted file mode 100644 index 09cd6258c..000000000 --- a/resources/v1.26.6/charts/istiod/templates/autoscale.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.cpu.targetAverageUtilization }} - {{- if .Values.memory.targetAverageUtilization }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.memory.targetAverageUtilization }} - {{- end }} - {{- if .Values.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaleBehavior | nindent 4 }} - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/clusterrole.yaml b/resources/v1.26.6/charts/istiod/templates/clusterrole.yaml deleted file mode 100644 index d4d79d00f..000000000 --- a/resources/v1.26.6/charts/istiod/templates/clusterrole.yaml +++ /dev/null @@ -1,206 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - # sidecar injection controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - # configuration validation webhook controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] - - # istio configuration - # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) - # please proceed with caution - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["get", "watch", "list"] - resources: ["*"] -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["update", "patch"] - resources: - - authorizationpolicies/status - - destinationrules/status - - envoyfilters/status - - gateways/status - - peerauthentications/status - - proxyconfigs/status - - requestauthentications/status - - serviceentries/status - - sidecars/status - - telemetries/status - - virtualservices/status - - wasmplugins/status - - workloadentries/status - - workloadgroups/status -{{- end }} - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries/status", "serviceentries/status" ] - - apiGroups: ["security.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "authorizationpolicies/status" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services/status" ] - - # auto-detect installed CRD definitions - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - # discovery and routing - - apiGroups: [""] - resources: ["pods", "nodes", "services", "namespaces", "endpoints"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - -{{- if .Values.taint.enabled }} - - apiGroups: [""] - resources: ["nodes"] - verbs: ["patch"] -{{- end }} - - # ingress controller -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] -{{- end}} - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses", "ingressclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] - - # required for CA's namespace controller - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - # Istiod and bootstrap. -{{- $omitCertProvidersForClusterRole := list "istiod" "custom" "none"}} -{{- if or .Values.env.EXTERNAL_CA (not (has .Values.global.pilotCertProvider $omitCertProvidersForClusterRole)) }} - - apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete", "watch"] - - apiGroups: ["certificates.k8s.io"] - resources: - - "signers" - resourceNames: -{{- range .Values.global.certSigners }} - - {{ . | quote }} -{{- end }} - verbs: ["approve"] -{{- end}} -{{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - - apiGroups: ["certificates.k8s.io"] - resources: ["clustertrustbundles"] - verbs: ["update", "create", "delete", "list", "watch", "get"] - - apiGroups: ["certificates.k8s.io"] - resources: ["signers"] - resourceNames: ["istio.io/istiod-ca"] - verbs: ["attest"] -{{- end }} - - # Used by Istiod to verify the JWT tokens - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - # Used by Istiod to verify gateway SDS - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] - - # Use for Kubernetes Service APIs - - apiGroups: ["gateway.networking.k8s.io", "gateway.networking.x-k8s.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] - - apiGroups: ["gateway.networking.x-k8s.io"] - resources: - - xbackendtrafficpolicies/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: - - backendtlspolicies/status - - gatewayclasses/status - - gateways/status - - grpcroutes/status - - httproutes/status - - referencegrants/status - - tcproutes/status - - tlsroutes/status - - udproutes/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: ["gatewayclasses"] - verbs: ["create", "update", "patch", "delete"] - - # Needed for multicluster secret reading, possibly ingress certs in the future - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] - - # Used for MCS serviceexport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: [ "get", "watch", "list", "create", "delete"] - - # Used for MCS serviceimport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "watch", "list"] ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: ["apps"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "deployments" ] - - apiGroups: ["autoscaling"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "horizontalpodautoscalers" ] - - apiGroups: ["policy"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "poddisruptionbudgets" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "serviceaccounts"] -{{- end }} -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.26.6/charts/istiod/templates/clusterrolebinding.yaml deleted file mode 100644 index 10781b407..000000000 --- a/resources/v1.26.6/charts/istiod/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.26.6/charts/istiod/templates/configmap-jwks.yaml deleted file mode 100644 index 3505d2822..000000000 --- a/resources/v1.26.6/charts/istiod/templates/configmap-jwks.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/configmap-values.yaml b/resources/v1.26.6/charts/istiod/templates/configmap-values.yaml deleted file mode 100644 index 75e6e0bcc..000000000 --- a/resources/v1.26.6/charts/istiod/templates/configmap-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: values{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - annotations: - kubernetes.io/description: This ConfigMap contains the Helm values used during chart rendering. This ConfigMap is rendered for debugging purposes and external tooling; modifying these values has no effect. - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - original-values: |- -{{ .Values._original | toPrettyJson | indent 4 }} -{{- $_ := unset $.Values "_original" }} - merged-values: |- -{{ .Values | toPrettyJson | indent 4 }} diff --git a/resources/v1.26.6/charts/istiod/templates/configmap.yaml b/resources/v1.26.6/charts/istiod/templates/configmap.yaml deleted file mode 100644 index 3098d300f..000000000 --- a/resources/v1.26.6/charts/istiod/templates/configmap.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- define "mesh" }} - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: "cluster.local" - - # The namespace to treat as the administrative root namespace for Istio configuration. - # When processing a leaf namespace Istio will search for declarations in that namespace first - # and if none are found it will search in the root namespace. Any matching declaration found in the root namespace - # is processed as if it were declared in the leaf namespace. - rootNamespace: {{ .Values.meshConfig.rootNamespace | default .Values.global.istioNamespace }} - - {{ $prom := include "default-prometheus" . | eq "true" }} - {{ $sdMetrics := include "default-sd-metrics" . | eq "true" }} - {{ $sdLogs := include "default-sd-logs" . | eq "true" }} - {{- if or $prom $sdMetrics $sdLogs }} - defaultProviders: - {{- if or $prom $sdMetrics }} - metrics: - {{ if $prom }}- prometheus{{ end }} - {{ if and $sdMetrics $sdLogs }}- stackdriver{{ end }} - {{- end }} - {{- if and $sdMetrics $sdLogs }} - accessLogging: - - stackdriver - {{- end }} - {{- end }} - - defaultConfig: - {{- if .Values.global.meshID }} - meshId: "{{ .Values.global.meshID }}" - {{- end }} - {{- with (.Values.global.proxy.variant | default .Values.global.variant) }} - image: - imageType: {{. | quote}} - {{- end }} - {{- if not (eq .Values.global.proxy.tracer "none") }} - tracing: - {{- if eq .Values.global.proxy.tracer "lightstep" }} - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - zipkin: - # Address of the Zipkin collector - address: {{ ((.Values.global.tracer).zipkin).address | default (print "zipkin." .Values.global.istioNamespace ":9411") }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - datadog: - # Address of the Datadog Agent - address: {{ ((.Values.global.tracer).datadog).address | default "$(HOST_IP):8126" }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - stackdriver: - # enables trace output to stdout. - debug: {{ (($.Values.global.tracer).stackdriver).debug | default "false" }} - # The global default max number of attributes per span. - maxNumberOfAttributes: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAttributes | default "200" }} - # The global default max number of annotation events per span. - maxNumberOfAnnotations: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAnnotations | default "200" }} - # The global default max number of message events per span. - maxNumberOfMessageEvents: {{ (($.Values.global.tracer).stackdriver).maxNumberOfMessageEvents | default "200" }} - {{- end }} - {{- end }} - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ printf "istiod.%s.svc" .Release.Namespace }}:15012 - {{- else }} - discoveryAddress: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{.Release.Namespace}}.svc:15012 - {{- end }} -{{- end }} - -{{/* We take the mesh config above, defined with individual values.yaml, and merge with .Values.meshConfig */}} -{{/* The intent here is that meshConfig.foo becomes the API, rather than re-inventing the API in values.yaml */}} -{{- $originalMesh := include "mesh" . | fromYaml }} -{{- $mesh := mergeOverwrite $originalMesh .Values.meshConfig }} - -{{- if .Values.configMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} - - mesh: |- -{{- if .Values.meshConfig }} -{{ $mesh | toYaml | indent 4 }} -{{- else }} -{{- include "mesh" . }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/deployment.yaml b/resources/v1.26.6/charts/istiod/templates/deployment.yaml deleted file mode 100644 index 73917d860..000000000 --- a/resources/v1.26.6/charts/istiod/templates/deployment.yaml +++ /dev/null @@ -1,304 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- range $key, $val := .Values.deploymentLabels }} - {{ $key }}: "{{ $val }}" -{{- end }} -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - {{- if ne .Values.revision "" }} - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - {{- else }} - istio: pilot - {{- end }} - template: - metadata: - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - sidecar.istio.io/inject: "false" - operator.istio.io/component: "Pilot" - {{- if ne .Values.revision "" }} - istio: istiod - {{- else }} - istio: pilot - {{- end }} - {{- range $key, $val := .Values.podLabels }} - {{ $key }}: "{{ $val }}" - {{- end }} - istio.io/dataplane-mode: none - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 8 }} - annotations: - prometheus.io/port: "15014" - prometheus.io/scrape: "true" - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- with .Values.affinity }} - affinity: -{{- toYaml . | nindent 8 }} -{{- end }} - tolerations: - - key: cni.istio.io/not-ready - operator: "Exists" -{{- with .Values.tolerations }} -{{- toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{- toYaml . | nindent 8 }} -{{- end }} - serviceAccountName: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- with .Values.initContainers }} - initContainers: - {{- tpl (toYaml .) $ | nindent 8 }} -{{- end }} - containers: - - name: discovery -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "pilot" }}:{{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}}" -{{- end }} -{{- if .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} -{{- end }} - args: - - "discovery" - - --monitoringAddr=:15014 -{{- if .Values.global.logging.level }} - - --log_output_level={{ .Values.global.logging.level }} -{{- end}} -{{- if .Values.global.logAsJson }} - - --log_as_json -{{- end }} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.taint.namespace }} - - --cniNamespace={{ .Values.taint.namespace }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" -{{- if .Values.extraContainerArgs }} - {{- with .Values.extraContainerArgs }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- end }} - ports: - - containerPort: 8080 - protocol: TCP - name: http-debug - - containerPort: 15010 - protocol: TCP - name: grpc-xds - - containerPort: 15012 - protocol: TCP - name: tls-xds - - containerPort: 15017 - protocol: TCP - name: https-webhooks - - containerPort: 15014 - protocol: TCP - name: http-monitoring - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 1 - periodSeconds: 3 - timeoutSeconds: 5 - env: - - name: REVISION - value: "{{ .Values.revision | default `default` }}" - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.serviceAccountName - - name: KUBECONFIG - value: /var/run/secrets/remote/config - # If you explicitly told us where ztunnel lives, use that. - # Otherwise, assume it lives in our namespace - # Also, check for an explicit ENV override (legacy approach) and prefer that - # if present - {{ $ztTrustedNS := or .Values.trustedZtunnelNamespace .Release.Namespace }} - {{ $ztTrustedName := or .Values.trustedZtunnelName "ztunnel" }} - {{- if not .Values.env.CA_TRUSTED_NODE_ACCOUNTS }} - - name: CA_TRUSTED_NODE_ACCOUNTS - value: "{{ $ztTrustedNS }}/{{ $ztTrustedName }}" - {{- end }} - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - {{- with .Values.envVarFrom }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} -# If externalIstiod is set via Values.Global, then enable the pilot env variable. However, if it's set via Values.pilot.env, then -# don't set it here to avoid duplication. -# TODO (nshankar13): Move from Helm chart to code: https://github.com/istio/istio/issues/52449 -{{- if and .Values.global.externalIstiod (not (and .Values.env .Values.env.EXTERNAL_ISTIOD)) }} - - name: EXTERNAL_ISTIOD - value: "{{ .Values.global.externalIstiod }}" -{{- end }} - - name: PILOT_ENABLE_ANALYSIS - value: "{{ .Values.global.istiod.enableAnalysis }}" - - name: CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - divisor: "1" - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - divisor: "1" - - name: PLATFORM - value: "{{ coalesce .Values.global.platform .Values.platform }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - volumeMounts: - - name: istio-token - mountPath: /var/run/secrets/tokens - readOnly: true - - name: local-certs - mountPath: /var/run/secrets/istio-dns - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - - name: istio-kubeconfig - mountPath: /var/run/secrets/remote - readOnly: true - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts - {{- end }} - - name: istio-csr-dns-cert - mountPath: /var/run/secrets/istiod/tls - readOnly: true - - name: istio-csr-ca-configmap - mountPath: /var/run/secrets/istiod/ca - readOnly: true - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 10 }} - {{- end }} - volumes: - # Technically not needed on this pod - but it helps debugging/testing SDS - # Should be removed after everything works. - - emptyDir: - medium: Memory - name: local-certs - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ .Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - # Optional: user-generated root - - name: cacerts - secret: - secretName: cacerts - optional: true - - name: istio-kubeconfig - secret: - secretName: istio-kubeconfig - optional: true - # Optional: istio-csr dns pilot certs - - name: istio-csr-dns-cert - secret: - secretName: istiod-tls - optional: true - - name: istio-csr-ca-configmap - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - optional: true - {{- else }} - configMap: - name: istio-ca-root-cert - defaultMode: 420 - optional: true - {{- end }} - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} - ---- -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.26.6/charts/istiod/templates/gateway-class-configmap.yaml deleted file mode 100644 index 6b23d716a..000000000 --- a/resources/v1.26.6/charts/istiod/templates/gateway-class-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ range $key, $value := .Values.gatewayClasses }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-{{ $.Values.revision | default "default" }}-gatewayclass-{{$key}} - namespace: {{ $.Release.Namespace }} - labels: - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - gateway.istio.io/defaults-for-class: {{$key|quote}} - {{- include "istio.labels" $ | nindent 4 }} -data: -{{ range $kind, $overlay := $value }} - {{$kind}}: | -{{$overlay|toYaml|trim|indent 4}} -{{ end }} ---- -{{ end }} diff --git a/resources/v1.26.6/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.26.6/charts/istiod/templates/istiod-injector-configmap.yaml deleted file mode 100644 index 171aff886..000000000 --- a/resources/v1.26.6/charts/istiod/templates/istiod-injector-configmap.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: -{{/* Scope the values to just top level fields used in the template, to reduce the size. */}} - values: |- -{{ $vals := pick .Values "global" "sidecarInjectorWebhook" "revision" -}} -{{ $pilotVals := pick .Values "cni" "env" -}} -{{ $vals = set $vals "pilot" $pilotVals -}} -{{ $gatewayVals := pick .Values.gateways "securityContext" "seccompProfile" -}} -{{ $vals = set $vals "gateways" $gatewayVals -}} -{{ $vals | toPrettyJson | indent 4 }} - - # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching - # and istiod webhook functionality. - # - # New fields should not use Values - it is a 'primary' config object, users should be able - # to fine tune it or use it with kube-inject. - config: |- - # defaultTemplates defines the default template to use for pods that do not explicitly specify a template - {{- if .Values.sidecarInjectorWebhook.defaultTemplates }} - defaultTemplates: -{{- range .Values.sidecarInjectorWebhook.defaultTemplates}} - - {{ . }} -{{- end }} - {{- else }} - defaultTemplates: [sidecar] - {{- end }} - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": {{ $val | quote }} - {{- end }} - {{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template - which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined". - This should make it obvious that their installation is broken. - */}} - template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }} - templates: -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }} - sidecar: | -{{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }} - gateway: | -{{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }} - grpc-simple: | -{{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }} - grpc-agent: | -{{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "waypoint") }} - waypoint: | -{{ .Files.Get "files/waypoint.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "kube-gateway") }} - kube-gateway: | -{{ .Files.Get "files/kube-gateway.yaml" | trim | indent 8 }} -{{- end }} -{{- with .Values.sidecarInjectorWebhook.templates }} -{{ toYaml . | trim | indent 6 }} -{{- end }} - -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.26.6/charts/istiod/templates/mutatingwebhook.yaml deleted file mode 100644 index 22160f70a..000000000 --- a/resources/v1.26.6/charts/istiod/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- /* Core defines the common configuration used by all webhook segments */}} -{{/* Copy just what we need to avoid expensive deepCopy */}} -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "caBundle" .Values.istiodRemote.injectionCABundle - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - {{- if .caBundle }} - caBundle: "{{ .caBundle }}" - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- /* Installed for each revision - not installed for cluster resources ( cluster roles, bindings, crds) */}} -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq .Release.Namespace "istio-system"}} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- else }} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -{{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- /* Set up the selectors. First section is for revision, rest is for "default" revision */}} - -{{- /* Case 1: namespace selector matches, and object doesn't disable */}} -{{- /* Note: if both revision and legacy selector, we give precedence to the legacy one */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: No namespace selector, but object selects our revision (and doesn't disable) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - -{{- /* Webhooks for default revision */}} -{{- if (eq .Values.revision "") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if .Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.26.6/charts/istiod/templates/poddisruptionbudget.yaml deleted file mode 100644 index 1eacf16e6..000000000 --- a/resources/v1.26.6/charts/istiod/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - istio: pilot - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - minAvailable: 1 - selector: - matchLabels: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - istio: pilot - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.26.6/charts/istiod/templates/reader-clusterrole.yaml deleted file mode 100644 index 4707c7e9f..000000000 --- a/resources/v1.26.6/charts/istiod/templates/reader-clusterrole.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: - - "config.istio.io" - - "security.istio.io" - - "networking.istio.io" - - "authentication.istio.io" - - "rbac.istio.io" - - "telemetry.istio.io" - - "extensions.istio.io" - resources: ["*"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - # TODO(keithmattix): See if we can conditionally give permission to read secrets and configmaps iff externalIstiod - # is enabled. Best I can tell, these two resources are only needed for configuring proxy TLS (i.e. CA certs). - resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets", "configmaps"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] - resources: ["gateways"] - verbs: ["get", "watch", "list"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] -{{- if .Values.istiodRemote.enabled }} - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] -{{- end}} diff --git a/resources/v1.26.6/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.26.6/charts/istiod/templates/reader-clusterrolebinding.yaml deleted file mode 100644 index aea9f01f7..000000000 --- a/resources/v1.26.6/charts/istiod/templates/reader-clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} diff --git a/resources/v1.26.6/charts/istiod/templates/remote-istiod-endpoints.yaml b/resources/v1.26.6/charts/istiod/templates/remote-istiod-endpoints.yaml deleted file mode 100644 index a6de571da..000000000 --- a/resources/v1.26.6/charts/istiod/templates/remote-istiod-endpoints.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.istiodRemote.enabled }} -# if the remotePilotAddress is an IP addr -{{- if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 15017 - name: tcp-webhook - protocol: TCP ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.26.6/charts/istiod/templates/remote-istiod-service.yaml deleted file mode 100644 index d3f872f74..000000000 --- a/resources/v1.26.6/charts/istiod/templates/remote-istiod-service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 443 - targetPort: 15017 - name: tcp-webhook - protocol: TCP - {{- if and .Values.global.remotePilotAddress (not (regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress)) }} - # if the remotePilotAddress is not an IP addr, we use ExternalName - type: ExternalName - externalName: {{ .Values.global.remotePilotAddress }} - {{- end }} -{{- if .Values.global.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy }} -{{- end }} -{{- if .Values.global.ipFamilies }} - ipFamilies: -{{- range .Values.global.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/revision-tags.yaml b/resources/v1.26.6/charts/istiod/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.6/charts/istiod/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/role.yaml b/resources/v1.26.6/charts/istiod/templates/role.yaml deleted file mode 100644 index 10d89e8d1..000000000 --- a/resources/v1.26.6/charts/istiod/templates/role.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: -# permissions to verify the webhook is ready and rejecting -# invalid config. We use --server-dry-run so no config is persisted. -- apiGroups: ["networking.istio.io"] - verbs: ["create"] - resources: ["gateways"] - -# For storing CA secret -- apiGroups: [""] - resources: ["secrets"] - # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config - verbs: ["create", "get", "watch", "list", "update", "delete"] - -# For status controller, so it can delete the distribution report configmap -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["delete"] - -# For gateway deployment controller -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "update", "patch", "create"] -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/rolebinding.yaml b/resources/v1.26.6/charts/istiod/templates/rolebinding.yaml deleted file mode 100644 index a42f4ec44..000000000 --- a/resources/v1.26.6/charts/istiod/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/service.yaml b/resources/v1.26.6/charts/istiod/templates/service.yaml deleted file mode 100644 index 30d5b8912..000000000 --- a/resources/v1.26.6/charts/istiod/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.serviceAnnotations }} - annotations: -{{ toYaml .Values.serviceAnnotations | indent 4 }} - {{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: istiod - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15010 - name: grpc-xds # plaintext - protocol: TCP - - port: 15012 - name: https-dns # mTLS with k8s-signed cert - protocol: TCP - - port: 443 - name: https-webhook # validation and injection - targetPort: 15017 - protocol: TCP - - port: 15014 - name: http-monitoring # prometheus stats - protocol: TCP - selector: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - # Label used by the 'default' service. For versioned deployments we match with app and version. - # This avoids default deployment picking the canary - istio: pilot - {{- end }} - {{- if .Values.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.ipFamilyPolicy }} - {{- end }} - {{- if .Values.ipFamilies }} - ipFamilies: - {{- range .Values.ipFamilies }} - - {{ . }} - {{- end }} - {{- end }} ---- -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/serviceaccount.yaml b/resources/v1.26.6/charts/istiod/templates/serviceaccount.yaml deleted file mode 100644 index a673a4d07..000000000 --- a/resources/v1.26.6/charts/istiod/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} - {{- if .Values.serviceAccountAnnotations }} - annotations: -{{- toYaml .Values.serviceAccountAnnotations | nindent 4 }} - {{- end }} -{{- end }} ---- diff --git a/resources/v1.26.6/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.26.6/charts/istiod/templates/validatingadmissionpolicy.yaml deleted file mode 100644 index d36eef68e..000000000 --- a/resources/v1.26.6/charts/istiod/templates/validatingadmissionpolicy.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.experimental.stableValidationPolicy }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-policy-binding{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" -spec: - policyName: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - validationActions: [Deny] -{{- end }} -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.26.6/charts/istiod/templates/validatingwebhookconfiguration.yaml deleted file mode 100644 index fb28836a0..000000000 --- a/resources/v1.26.6/charts/istiod/templates/validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.global.configValidation }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-validator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - # Webhook handling per-revision validation. Mostly here so we can determine whether webhooks - # are rejecting invalid configs on a per-revision basis. - - name: rev.validation.istio.io - clientConfig: - # Should change from base but cannot for API compat - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.6/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.26.6/charts/istiod/templates/zzy_descope_legacy.yaml deleted file mode 100644 index ae8fced29..000000000 --- a/resources/v1.26.6/charts/istiod/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.pilot` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "pilot") }} \ No newline at end of file diff --git a/resources/v1.26.6/charts/istiod/templates/zzz_profile.yaml b/resources/v1.26.6/charts/istiod/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.6/charts/istiod/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.6/charts/istiod/values.yaml b/resources/v1.26.6/charts/istiod/values.yaml deleted file mode 100644 index dc9187775..000000000 --- a/resources/v1.26.6/charts/istiod/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.6 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.6/charts/revisiontags/Chart.yaml b/resources/v1.26.6/charts/revisiontags/Chart.yaml deleted file mode 100644 index 518159271..000000000 --- a/resources/v1.26.6/charts/revisiontags/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.6 -description: Helm chart for istio revision tags -name: revisiontags -sources: -- https://github.com/istio-ecosystem/sail-operator -version: 0.1.0 - diff --git a/resources/v1.26.6/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.26.6/charts/revisiontags/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.6/charts/revisiontags/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.6/charts/revisiontags/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.6/charts/revisiontags/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.6/charts/revisiontags/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/revisiontags/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.6/charts/revisiontags/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.6/charts/revisiontags/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.6/charts/revisiontags/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.6/charts/revisiontags/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/revisiontags/files/profile-demo.yaml b/resources/v1.26.6/charts/revisiontags/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.6/charts/revisiontags/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.6/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.26.6/charts/revisiontags/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.6/charts/revisiontags/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.6/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.26.6/charts/revisiontags/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.6/charts/revisiontags/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.6/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.26.6/charts/revisiontags/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.6/charts/revisiontags/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.6/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.26.6/charts/revisiontags/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.6/charts/revisiontags/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.6/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.26.6/charts/revisiontags/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.6/charts/revisiontags/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.6/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.26.6/charts/revisiontags/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.6/charts/revisiontags/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.6/charts/revisiontags/files/profile-preview.yaml b/resources/v1.26.6/charts/revisiontags/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.6/charts/revisiontags/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.6/charts/revisiontags/files/profile-remote.yaml b/resources/v1.26.6/charts/revisiontags/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.6/charts/revisiontags/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.6/charts/revisiontags/files/profile-stable.yaml b/resources/v1.26.6/charts/revisiontags/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.6/charts/revisiontags/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.6/charts/revisiontags/templates/revision-tags.yaml b/resources/v1.26.6/charts/revisiontags/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.6/charts/revisiontags/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.6/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.26.6/charts/revisiontags/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.6/charts/revisiontags/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.6/charts/revisiontags/values.yaml b/resources/v1.26.6/charts/revisiontags/values.yaml deleted file mode 100644 index dc9187775..000000000 --- a/resources/v1.26.6/charts/revisiontags/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.6 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.6/charts/ztunnel/Chart.yaml b/resources/v1.26.6/charts/ztunnel/Chart.yaml deleted file mode 100644 index 8fbec7309..000000000 --- a/resources/v1.26.6/charts/ztunnel/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.6 -description: Helm chart for istio ztunnel components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-ztunnel -- istio -name: ztunnel -sources: -- https://github.com/istio/istio -version: 1.26.6 diff --git a/resources/v1.26.6/charts/ztunnel/README.md b/resources/v1.26.6/charts/ztunnel/README.md deleted file mode 100644 index ffe0b94fe..000000000 --- a/resources/v1.26.6/charts/ztunnel/README.md +++ /dev/null @@ -1,50 +0,0 @@ -# Istio Ztunnel Helm Chart - -This chart installs an Istio ztunnel. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart: - -```console -helm install ztunnel istio/ztunnel -``` - -## Uninstalling the Chart - -To uninstall/delete the chart: - -```console -helm delete ztunnel -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/ztunnel -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.6/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.26.6/charts/ztunnel/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.6/charts/ztunnel/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.6/charts/ztunnel/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.6/charts/ztunnel/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.6/charts/ztunnel/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/ztunnel/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.6/charts/ztunnel/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.6/charts/ztunnel/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.6/charts/ztunnel/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.6/charts/ztunnel/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.6/charts/ztunnel/files/profile-demo.yaml b/resources/v1.26.6/charts/ztunnel/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.6/charts/ztunnel/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.6/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.26.6/charts/ztunnel/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.6/charts/ztunnel/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.6/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.26.6/charts/ztunnel/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.6/charts/ztunnel/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.6/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.26.6/charts/ztunnel/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.6/charts/ztunnel/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.6/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.26.6/charts/ztunnel/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.6/charts/ztunnel/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.6/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.26.6/charts/ztunnel/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.6/charts/ztunnel/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.6/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.26.6/charts/ztunnel/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.6/charts/ztunnel/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.6/charts/ztunnel/files/profile-preview.yaml b/resources/v1.26.6/charts/ztunnel/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.6/charts/ztunnel/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.6/charts/ztunnel/files/profile-remote.yaml b/resources/v1.26.6/charts/ztunnel/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.6/charts/ztunnel/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.6/charts/ztunnel/files/profile-stable.yaml b/resources/v1.26.6/charts/ztunnel/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.6/charts/ztunnel/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.6/charts/ztunnel/templates/NOTES.txt b/resources/v1.26.6/charts/ztunnel/templates/NOTES.txt deleted file mode 100644 index 244f59db0..000000000 --- a/resources/v1.26.6/charts/ztunnel/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -ztunnel successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.6/charts/ztunnel/templates/_helpers.tpl b/resources/v1.26.6/charts/ztunnel/templates/_helpers.tpl deleted file mode 100644 index 46a7a0b79..000000000 --- a/resources/v1.26.6/charts/ztunnel/templates/_helpers.tpl +++ /dev/null @@ -1 +0,0 @@ -{{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }} diff --git a/resources/v1.26.6/charts/ztunnel/templates/daemonset.yaml b/resources/v1.26.6/charts/ztunnel/templates/daemonset.yaml deleted file mode 100644 index 720970c97..000000000 --- a/resources/v1.26.6/charts/ztunnel/templates/daemonset.yaml +++ /dev/null @@ -1,205 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -spec: - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - app: ztunnel - template: - metadata: - labels: - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app: ztunnel - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 8}} -{{ with .Values.podLabels -}}{{ toYaml . | indent 8 }}{{ end }} - annotations: - sidecar.istio.io/inject: "false" -{{- if .Values.revision }} - istio.io/rev: {{ .Values.revision }} -{{- end }} -{{ with .Values.podAnnotations -}}{{ toYaml . | indent 8 }}{{ end }} - spec: - nodeSelector: - kubernetes.io/os: linux -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | trim | indent 8 }} -{{- end }} - serviceAccountName: {{ include "ztunnel.release-name" . }} - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - containers: - - name: istio-proxy -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub }}/{{ .Values.image | default "ztunnel" }}:{{ .Values.tag }}{{with (.Values.variant )}}-{{.}}{{end}}" -{{- end }} - ports: - - containerPort: 15020 - name: ztunnel-stats - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 10 }} -{{- end }} -{{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} -{{- end }} - securityContext: - # K8S docs are clear that CAP_SYS_ADMIN *or* privileged: true - # both force this to `true`: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - # But there is a K8S validation bug that doesn't propery catch this: https://github.com/kubernetes/kubernetes/issues/119568 - allowPrivilegeEscalation: true - privileged: false - capabilities: - drop: - - ALL - add: # See https://man7.org/linux/man-pages/man7/capabilities.7.html - - NET_ADMIN # Required for TPROXY and setsockopt - - SYS_ADMIN # Required for `setns` - doing things in other netns - - NET_RAW # Required for RAW/PACKET sockets, TPROXY - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: false - runAsUser: 0 -{{- if .Values.seLinuxOptions }} - seLinuxOptions: -{{ toYaml .Values.seLinuxOptions | trim | indent 12 }} -{{- end }} - readinessProbe: - httpGet: - port: 15021 - path: /healthz/ready - args: - - proxy - - ztunnel - env: - - name: CA_ADDRESS - {{- if .Values.caAddress }} - value: {{ .Values.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - - name: XDS_ADDRESS - {{- if .Values.xdsAddress }} - value: {{ .Values.xdsAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - {{- if .Values.logAsJson }} - - name: LOG_FORMAT - value: json - {{- end}} - - name: RUST_LOG - value: {{ .Values.logLevel | quote }} - - name: RUST_BACKTRACE - value: "1" - - name: ISTIO_META_CLUSTER_ID - value: {{ .Values.multiCluster.clusterName | default "Kubernetes" }} - - name: INPOD_ENABLED - value: "true" - - name: TERMINATION_GRACE_PERIOD_SECONDS - value: "{{ .Values.terminationGracePeriodSeconds }}" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.meshConfig.defaultConfig.proxyMetadata }} - {{- range $key, $value := .Values.meshConfig.defaultConfig.proxyMetadata}} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- with .Values.env }} - {{- range $key, $val := . }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - volumeMounts: - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - - mountPath: /tmp - name: tmp - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 8 }} - {{- end }} - priorityClassName: system-node-critical - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - volumes: - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: istio-ca - - name: istiod-ca-cert - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate # ideally this would be a socket, but istio-cni may not have started yet. - # pprof needs a writable /tmp, and we don't have that thanks to `readOnlyRootFilesystem: true`, so mount one - - name: tmp - emptyDir: {} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} diff --git a/resources/v1.26.6/charts/ztunnel/templates/rbac.yaml b/resources/v1.26.6/charts/ztunnel/templates/rbac.yaml deleted file mode 100644 index 0a8138c9a..000000000 --- a/resources/v1.26.6/charts/ztunnel/templates/rbac.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount - {{- with .Values.imagePullSecrets }} -imagePullSecrets: - {{- range . }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} ---- -{{- if (eq (.Values.platform | default "") "openshift") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ztunnel.release-name" . }} -subjects: -- kind: ServiceAccount - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} -{{- end }} ---- diff --git a/resources/v1.26.6/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.26.6/charts/ztunnel/templates/resourcequota.yaml deleted file mode 100644 index a1c0e5496..000000000 --- a/resources/v1.26.6/charts/ztunnel/templates/resourcequota.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.6/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.26.6/charts/ztunnel/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.6/charts/ztunnel/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.6/charts/ztunnel/values.yaml b/resources/v1.26.6/charts/ztunnel/values.yaml deleted file mode 100644 index 24a28fd3a..000000000 --- a/resources/v1.26.6/charts/ztunnel/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Hub to pull from. Image will be `Hub/Image:Tag-Variant` - hub: gcr.io/istio-release - # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.26.6 - # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. - variant: "" - - # Image name to pull from. Image will be `Hub/Image:Tag-Variant` - # If Image contains a "/", it will replace the entire `image` in the pod. - image: ztunnel - - # resourceName, if set, will override the naming of resources. If not set, will default to 'ztunnel'. - # If you set this, you MUST also set `trustedZtunnelName` in the `istiod` chart. - resourceName: "" - - # Labels to apply to all top level resources - labels: {} - # Annotations to apply to all top level resources - annotations: {} - - # Additional volumeMounts to the ztunnel container - volumeMounts: [] - - # Additional volumes to the ztunnel pod - volumes: [] - - # Annotations added to each pod. The default annotations are required for scraping prometheus (in most environments). - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - - # Additional labels to apply on the pod level - podLabels: {} - - # Pod resource configuration - resources: - requests: - cpu: 200m - # Ztunnel memory scales with the size of the cluster and traffic load - # While there are many factors, this is enough for ~200k pod cluster or 100k concurrently open connections. - memory: 512Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # List of secret names to add to the service account as image pull secrets - imagePullSecrets: [] - - # A `key: value` mapping of environment variables to add to the pod - env: {} - - # Override for the pod imagePullPolicy - imagePullPolicy: "" - - # Settings for multicluster - multiCluster: - # The name of the cluster we are installing in. Note this is a user-defined name, which must be consistent - # with Istiod configuration. - clusterName: "" - - # meshConfig defines runtime configuration of components. - # For ztunnel, only defaultConfig is used, but this is nested under `meshConfig` for consistency with other - # components. - # TODO: https://github.com/istio/istio/issues/43248 - meshConfig: - defaultConfig: - proxyMetadata: {} - - # This value defines: - # 1. how many seconds kube waits for ztunnel pod to gracefully exit before forcibly terminating it (this value) - # 2. how many seconds ztunnel waits to drain its own connections (this value - 1 sec) - # Default K8S value is 30 seconds - terminationGracePeriodSeconds: 30 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set explicitly. - revision: "" - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - caAddress: "" - - # The customized XDS address to retrieve configuration. - # This should include the port - 15012 for Istiod. TLS will be used with the certificates in "istiod-ca-cert" secret. - # By default, it is istiod.istio-system.svc:15012 if revision is not set, or istiod-..svc:15012 - xdsAddress: "" - - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set. - istioNamespace: istio-system - - # Configuration log level of ztunnel binary, default is info. - # Valid values are: trace, debug, info, warn, error - logLevel: info - - # To output all logs in json format - logAsJson: false - - # Set to `type: RuntimeDefault` to use the default profile if available. - seLinuxOptions: {} - # TODO Ambient inpod - for OpenShift, set to the following to get writable sockets in hostmounts to work, eventually consider CSI driver instead - #seLinuxOptions: - # type: spc_t - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 diff --git a/resources/v1.26.6/cni-1.26.6.tgz.etag b/resources/v1.26.6/cni-1.26.6.tgz.etag deleted file mode 100644 index cc317a401..000000000 --- a/resources/v1.26.6/cni-1.26.6.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -9b655cbb7050bb2547228fb03afa021c diff --git a/resources/v1.26.6/commit b/resources/v1.26.6/commit deleted file mode 100644 index f250c8f60..000000000 --- a/resources/v1.26.6/commit +++ /dev/null @@ -1 +0,0 @@ -1.26.6 diff --git a/resources/v1.26.6/gateway-1.26.6.tgz.etag b/resources/v1.26.6/gateway-1.26.6.tgz.etag deleted file mode 100644 index 91a0915a4..000000000 --- a/resources/v1.26.6/gateway-1.26.6.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -af068856ca5a6f5b4c49b4c008f8024d diff --git a/resources/v1.26.6/istiod-1.26.6.tgz.etag b/resources/v1.26.6/istiod-1.26.6.tgz.etag deleted file mode 100644 index 2b30205fc..000000000 --- a/resources/v1.26.6/istiod-1.26.6.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -85be991425ebab65f9e821ce49429e61 diff --git a/resources/v1.26.6/profiles/ambient.yaml b/resources/v1.26.6/profiles/ambient.yaml deleted file mode 100644 index 71ea784a8..000000000 --- a/resources/v1.26.6/profiles/ambient.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient diff --git a/resources/v1.26.6/profiles/default.yaml b/resources/v1.26.6/profiles/default.yaml deleted file mode 100644 index 8f1ef1967..000000000 --- a/resources/v1.26.6/profiles/default.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - # Most default values come from the helm chart's values.yaml - # Below are the things that differ - values: - defaultRevision: "" - global: - istioNamespace: istio-system - configValidation: true - ztunnel: - resourceName: ztunnel diff --git a/resources/v1.26.6/profiles/demo.yaml b/resources/v1.26.6/profiles/demo.yaml deleted file mode 100644 index 53c4b4163..000000000 --- a/resources/v1.26.6/profiles/demo.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: demo diff --git a/resources/v1.26.6/profiles/empty.yaml b/resources/v1.26.6/profiles/empty.yaml deleted file mode 100644 index 4477cb1fe..000000000 --- a/resources/v1.26.6/profiles/empty.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# The empty profile has everything disabled -# This is useful as a base for custom user configuration -apiVersion: sailoperator.io/v1 -kind: Istio -spec: {} diff --git a/resources/v1.26.6/profiles/openshift-ambient.yaml b/resources/v1.26.6/profiles/openshift-ambient.yaml deleted file mode 100644 index 76edf00cd..000000000 --- a/resources/v1.26.6/profiles/openshift-ambient.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient - global: - platform: openshift diff --git a/resources/v1.26.6/profiles/openshift.yaml b/resources/v1.26.6/profiles/openshift.yaml deleted file mode 100644 index 41492660f..000000000 --- a/resources/v1.26.6/profiles/openshift.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - global: - platform: openshift diff --git a/resources/v1.26.6/profiles/preview.yaml b/resources/v1.26.6/profiles/preview.yaml deleted file mode 100644 index 59d545c84..000000000 --- a/resources/v1.26.6/profiles/preview.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: preview diff --git a/resources/v1.26.6/profiles/remote.yaml b/resources/v1.26.6/profiles/remote.yaml deleted file mode 100644 index 54c65c8ba..000000000 --- a/resources/v1.26.6/profiles/remote.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The remote profile is used to configure a mesh cluster without a locally deployed control plane. -# Only the injector mutating webhook configuration is installed. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: remote diff --git a/resources/v1.26.6/profiles/stable.yaml b/resources/v1.26.6/profiles/stable.yaml deleted file mode 100644 index 285feba24..000000000 --- a/resources/v1.26.6/profiles/stable.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: stable diff --git a/resources/v1.26.6/ztunnel-1.26.6.tgz.etag b/resources/v1.26.6/ztunnel-1.26.6.tgz.etag deleted file mode 100644 index 0626c69a2..000000000 --- a/resources/v1.26.6/ztunnel-1.26.6.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -938951c3e7e1a6c423d527ae8378abb4 diff --git a/resources/v1.26.7/base-1.26.7.tgz.etag b/resources/v1.26.7/base-1.26.7.tgz.etag deleted file mode 100644 index 88e50dd3b..000000000 --- a/resources/v1.26.7/base-1.26.7.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -a04d23d476eb084e17c9b85e73491aa6 diff --git a/resources/v1.26.7/charts/base/Chart.yaml b/resources/v1.26.7/charts/base/Chart.yaml deleted file mode 100644 index 46ebeab4b..000000000 --- a/resources/v1.26.7/charts/base/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.7 -description: Helm chart for deploying Istio cluster resources and CRDs -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -name: base -sources: -- https://github.com/istio/istio -version: 1.26.7 diff --git a/resources/v1.26.7/charts/base/README.md b/resources/v1.26.7/charts/base/README.md deleted file mode 100644 index ae8f6d5b0..000000000 --- a/resources/v1.26.7/charts/base/README.md +++ /dev/null @@ -1,35 +0,0 @@ -# Istio base Helm Chart - -This chart installs resources shared by all Istio revisions. This includes Istio CRDs. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-base`: - -```console -kubectl create namespace istio-system -helm install istio-base istio/base -n istio-system -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.7/charts/base/files/profile-ambient.yaml b/resources/v1.26.7/charts/base/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.7/charts/base/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.7/charts/base/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.7/charts/base/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.7/charts/base/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/base/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.7/charts/base/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.7/charts/base/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.7/charts/base/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.7/charts/base/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/base/files/profile-demo.yaml b/resources/v1.26.7/charts/base/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.7/charts/base/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.7/charts/base/files/profile-platform-gke.yaml b/resources/v1.26.7/charts/base/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.7/charts/base/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.7/charts/base/files/profile-platform-k3d.yaml b/resources/v1.26.7/charts/base/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.7/charts/base/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.7/charts/base/files/profile-platform-k3s.yaml b/resources/v1.26.7/charts/base/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.7/charts/base/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.7/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.26.7/charts/base/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.7/charts/base/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.7/charts/base/files/profile-platform-minikube.yaml b/resources/v1.26.7/charts/base/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.7/charts/base/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.7/charts/base/files/profile-platform-openshift.yaml b/resources/v1.26.7/charts/base/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.7/charts/base/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.7/charts/base/files/profile-preview.yaml b/resources/v1.26.7/charts/base/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.7/charts/base/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.7/charts/base/files/profile-remote.yaml b/resources/v1.26.7/charts/base/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.7/charts/base/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.7/charts/base/files/profile-stable.yaml b/resources/v1.26.7/charts/base/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.7/charts/base/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.7/charts/base/templates/NOTES.txt b/resources/v1.26.7/charts/base/templates/NOTES.txt deleted file mode 100644 index f12616f57..000000000 --- a/resources/v1.26.7/charts/base/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -Istio base successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.7/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.26.7/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml deleted file mode 100644 index 2616b09c9..000000000 --- a/resources/v1.26.7/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if and .Values.experimental.stableValidationPolicy (not (eq .Values.defaultRevision "")) }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-default-policy.istio.io" - labels: - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision }} - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-default-policy-binding.istio.io" -spec: - policyName: "stable-channel-default-policy.istio.io" - validationActions: [Deny] -{{- end }} diff --git a/resources/v1.26.7/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.26.7/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml deleted file mode 100644 index 8cb76fd77..000000000 --- a/resources/v1.26.7/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if not (eq .Values.defaultRevision "") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istiod-default-validator - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - - name: validation.istio.io - clientConfig: - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - {{- if (eq .Values.defaultRevision "default") }} - name: istiod - {{- else }} - name: istiod-{{ .Values.defaultRevision }} - {{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] -{{- end }} diff --git a/resources/v1.26.7/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.26.7/charts/base/templates/reader-serviceaccount.yaml deleted file mode 100644 index ba829a6bf..000000000 --- a/resources/v1.26.7/charts/base/templates/reader-serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# This singleton service account aggregates reader permissions for the revisions in a given cluster -# ATM this is a singleton per cluster with Istio installed, and is not revisioned. It maybe should be, -# as otherwise compromising the token for this SA would give you access to *every* installed revision. -# Should be used for remote secret creation. -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.7/charts/base/templates/zzz_profile.yaml b/resources/v1.26.7/charts/base/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.7/charts/base/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.7/charts/base/values.yaml b/resources/v1.26.7/charts/base/values.yaml deleted file mode 100644 index d18296f00..000000000 --- a/resources/v1.26.7/charts/base/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - global: - - # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - - # Used to locate istiod. - istioNamespace: istio-system - base: - # A list of CRDs to exclude. Requires `enableCRDTemplates` to be true. - # Example: `excludedCRDs: ["envoyfilters.networking.istio.io"]`. - # Note: when installing with `istioctl`, `enableIstioConfigCRDs=false` must also be set. - excludedCRDs: [] - # Helm (as of V3) does not support upgrading CRDs, because it is not universally - # safe for them to support this. - # Istio as a project enforces certain backwards-compat guarantees that allow us - # to safely upgrade CRDs in spite of this, so we default to self-managing CRDs - # as standard K8S resources in Helm, and disable Helm's CRD management. See also: - # https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts - enableCRDTemplates: true - - # Validation webhook configuration url - # For example: https://$remotePilotAddress:15017/validate - validationURL: "" - # Validation webhook caBundle value. Useful when running pilot with a well known cert - validationCABundle: "" - - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - defaultRevision: "default" - experimental: - stableValidationPolicy: false diff --git a/resources/v1.26.7/charts/cni/Chart.yaml b/resources/v1.26.7/charts/cni/Chart.yaml deleted file mode 100644 index 0b2e8b7c0..000000000 --- a/resources/v1.26.7/charts/cni/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.7 -description: Helm chart for istio-cni components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-cni -- istio -name: cni -sources: -- https://github.com/istio/istio -version: 1.26.7 diff --git a/resources/v1.26.7/charts/cni/README.md b/resources/v1.26.7/charts/cni/README.md deleted file mode 100644 index a8b78d5bd..000000000 --- a/resources/v1.26.7/charts/cni/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# Istio CNI Helm Chart - -This chart installs the Istio CNI Plugin. See the [CNI installation guide](https://istio.io/latest/docs/setup/additional-setup/cni/) -for more information. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-cni`: - -```console -helm install istio-cni istio/cni -n kube-system -``` - -Installation in `kube-system` is recommended to ensure the [`system-node-critical`](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) -`priorityClassName` can be used. You can install in other namespace only on K8S clusters that allow -'system-node-critical' outside of kube-system. - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istio-cni -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Ambient - -To enable ambient, you can use the ambient profile: `--set profile=ambient`. - -#### Calico - -For Calico, you must also modify the settings to allow source spoofing: - -- if deployed by operator, `kubectl patch felixconfigurations default --type='json' -p='[{"op": "add", "path": "/spec/workloadSourceSpoofing", "value": "Any"}]'` -- if deployed by manifest, add env `FELIX_WORKLOADSOURCESPOOFING` with value `Any` in `spec.template.spec.containers.env` for daemonset `calico-node`. (This will allow PODs with specified annotation to skip the rpf check. ) - -### GKE notes - -On GKE, 'kube-system' is required. - -If using `helm template`, `--set cni.cniBinDir=/home/kubernetes/bin` is required - with `helm install` -it is auto-detected. diff --git a/resources/v1.26.7/charts/cni/files/profile-ambient.yaml b/resources/v1.26.7/charts/cni/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.7/charts/cni/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.7/charts/cni/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.7/charts/cni/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.7/charts/cni/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/cni/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.7/charts/cni/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.7/charts/cni/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.7/charts/cni/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.7/charts/cni/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/cni/files/profile-demo.yaml b/resources/v1.26.7/charts/cni/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.7/charts/cni/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.7/charts/cni/files/profile-platform-gke.yaml b/resources/v1.26.7/charts/cni/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.7/charts/cni/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.7/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.26.7/charts/cni/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.7/charts/cni/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.7/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.26.7/charts/cni/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.7/charts/cni/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.7/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.26.7/charts/cni/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.7/charts/cni/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.7/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.26.7/charts/cni/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.7/charts/cni/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.7/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.26.7/charts/cni/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.7/charts/cni/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.7/charts/cni/files/profile-preview.yaml b/resources/v1.26.7/charts/cni/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.7/charts/cni/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.7/charts/cni/files/profile-remote.yaml b/resources/v1.26.7/charts/cni/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.7/charts/cni/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.7/charts/cni/files/profile-stable.yaml b/resources/v1.26.7/charts/cni/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.7/charts/cni/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.7/charts/cni/templates/NOTES.txt b/resources/v1.26.7/charts/cni/templates/NOTES.txt deleted file mode 100644 index fb35525b9..000000000 --- a/resources/v1.26.7/charts/cni/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -"{{ .Release.Name }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.7/charts/cni/templates/_helpers.tpl b/resources/v1.26.7/charts/cni/templates/_helpers.tpl deleted file mode 100644 index 73cc17b2f..000000000 --- a/resources/v1.26.7/charts/cni/templates/_helpers.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{- define "name" -}} - istio-cni -{{- end }} - - -{{- define "istio-tag" -}} - {{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}} -{{- end }} diff --git a/resources/v1.26.7/charts/cni/templates/clusterrole.yaml b/resources/v1.26.7/charts/cni/templates/clusterrole.yaml deleted file mode 100644 index 1779e0bb1..000000000 --- a/resources/v1.26.7/charts/cni/templates/clusterrole.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -- apiGroups: [""] - resources: ["pods","nodes","namespaces"] - verbs: ["get", "list", "watch"] -{{- if (eq ((coalesce .Values.platform .Values.global.platform) | default "") "openshift") }} -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -{{- end }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-repair-role - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["watch", "get", "list"] -{{- if .Values.repair.repairPods }} -{{- /* No privileges needed*/}} -{{- else if .Values.repair.deletePods }} - - apiGroups: [""] - resources: ["pods"] - verbs: ["delete"] -{{- else if .Values.repair.labelPods }} - - apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -{{- end }} -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-ambient - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -- apiGroups: ["apps"] - resources: ["daemonsets"] - resourceNames: ["{{ template "name" . }}-node"] - verbs: ["get"] -{{- end }} diff --git a/resources/v1.26.7/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.26.7/charts/cni/templates/clusterrolebinding.yaml deleted file mode 100644 index 42fedab1f..000000000 --- a/resources/v1.26.7/charts/cni/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-repair-rolebinding - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-repair-role -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-ambient - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-ambient -{{- end }} diff --git a/resources/v1.26.7/charts/cni/templates/configmap-cni.yaml b/resources/v1.26.7/charts/cni/templates/configmap-cni.yaml deleted file mode 100644 index 3deb2cb5a..000000000 --- a/resources/v1.26.7/charts/cni/templates/configmap-cni.yaml +++ /dev/null @@ -1,35 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "name" . }}-config - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -data: - CURRENT_AGENT_VERSION: {{ .Values.tag | default .Values.global.tag | quote }} - AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} - AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | quote }} - AMBIENT_IPV6: {{ .Values.ambient.ipv6 | quote }} - AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | quote }} - {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values - CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. - {{- end }} - CHAINED_CNI_PLUGIN: {{ .Values.chained | quote }} - EXCLUDE_NAMESPACES: "{{ range $idx, $ns := .Values.excludeNamespaces }}{{ if $idx }},{{ end }}{{ $ns }}{{ end }}" - REPAIR_ENABLED: {{ .Values.repair.enabled | quote }} - REPAIR_LABEL_PODS: {{ .Values.repair.labelPods | quote }} - REPAIR_DELETE_PODS: {{ .Values.repair.deletePods | quote }} - REPAIR_REPAIR_PODS: {{ .Values.repair.repairPods | quote }} - REPAIR_INIT_CONTAINER_NAME: {{ .Values.repair.initContainerName | quote }} - REPAIR_BROKEN_POD_LABEL_KEY: {{ .Values.repair.brokenPodLabelKey | quote }} - REPAIR_BROKEN_POD_LABEL_VALUE: {{ .Values.repair.brokenPodLabelValue | quote }} - {{- with .Values.env }} - {{- range $key, $val := . }} - {{ $key }}: "{{ $val }}" - {{- end }} - {{- end }} diff --git a/resources/v1.26.7/charts/cni/templates/daemonset.yaml b/resources/v1.26.7/charts/cni/templates/daemonset.yaml deleted file mode 100644 index cdccd3654..000000000 --- a/resources/v1.26.7/charts/cni/templates/daemonset.yaml +++ /dev/null @@ -1,245 +0,0 @@ -# This manifest installs the Istio install-cni container, as well -# as the Istio CNI plugin and config on -# each master and worker node in a Kubernetes cluster. -# -# $detectedBinDir exists to support a GKE-specific platform override, -# and is deprecated in favor of using the explicit `gke` platform profile. -{{- $detectedBinDir := (.Capabilities.KubeVersion.GitVersion | contains "-gke") | ternary - "/home/kubernetes/bin" - "/opt/cni/bin" -}} -{{- if .Values.cniBinDir }} -{{ $detectedBinDir = .Values.cniBinDir }} -{{- end }} -kind: DaemonSet -apiVersion: apps/v1 -metadata: - # Note that this is templated but evaluates to a fixed name - # which the CNI plugin may fall back onto in some failsafe scenarios. - # if this name is changed, CNI plugin logic that checks for this name - # format should also be updated. - name: {{ template "name" . }}-node - namespace: {{ .Release.Namespace }} - labels: - k8s-app: {{ template "name" . }}-node - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - k8s-app: {{ template "name" . }}-node - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - k8s-app: {{ template "name" . }}-node - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 8 }} - annotations: - sidecar.istio.io/inject: "false" - # Add Prometheus Scrape annotations - prometheus.io/scrape: 'true' - prometheus.io/port: "15014" - prometheus.io/path: '/metrics' - # Add AppArmor annotation - # This is required to avoid conflicts with AppArmor profiles which block certain - # privileged pod capabilities. - # Required for Kubernetes 1.29 which does not support setting appArmorProfile in the - # securityContext which is otherwise preferred. - container.apparmor.security.beta.kubernetes.io/install-cni: unconfined - # Custom annotations - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet -{{- end }} - nodeSelector: - kubernetes.io/os: linux - # Can be configured to allow for excluding istio-cni from being scheduled on specified nodes - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - tolerations: - # Make sure istio-cni-node gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: {{ template "name" . }} - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 5 - containers: - # This container installs the Istio CNI binaries - # and CNI network config file on each node. - - name: install-cni -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "install-cni" }}:{{ template "istio-tag" . }}" -{{- end }} -{{- if or .Values.pullPolicy .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.imagePullPolicy }} -{{- end }} - ports: - - containerPort: 15014 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8000 - securityContext: - privileged: false - runAsGroup: 0 - runAsUser: 0 - runAsNonRoot: false - # Both ambient and sidecar repair mode require elevated node privileges to function. - # But we don't need _everything_ in `privileged`, so explicitly set it to false and - # add capabilities based on feature. - capabilities: - drop: - - ALL - add: - # CAP_NET_ADMIN is required to allow ipset and route table access - - NET_ADMIN - # CAP_NET_RAW is required to allow iptables mutation of the `nat` table - - NET_RAW - # CAP_SYS_PTRACE is required for repair and ambient mode to describe - # the pod's network namespace. - - SYS_PTRACE - # CAP_SYS_ADMIN is required for both ambient and repair, in order to open - # network namespaces in `/proc` to obtain descriptors for entering pod network - # namespaces. There does not appear to be a more granular capability for this. - - SYS_ADMIN - # While we run as a 'root' (UID/GID 0), since we drop all capabilities we lose - # the typical ability to read/write to folders owned by others. - # This can cause problems if the hostPath mounts we use, which we require write access into, - # are owned by non-root. DAC_OVERRIDE bypasses these and gives us write access into any folder. - - DAC_OVERRIDE -{{- if .Values.seLinuxOptions }} -{{ with (merge .Values.seLinuxOptions (dict "type" "spc_t")) }} - seLinuxOptions: -{{ toYaml . | trim | indent 14 }} -{{- end }} -{{- end }} -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - command: ["install-cni"] - args: - {{- if or .Values.logging.level .Values.global.logging.level }} - - --log_output_level={{ coalesce .Values.logging.level .Values.global.logging.level }} - {{- end}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end}} - envFrom: - - configMapRef: - name: {{ template "name" . }}-config - env: - - name: REPAIR_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: REPAIR_RUN_AS_DAEMON - value: "true" - - name: REPAIR_SIDECAR_ANNOTATION - value: "sidecar.istio.io/status" - {{- if not (and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace) }} - - name: ALLOW_SWITCH_TO_HOST_NS - value: "true" - {{- end }} - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - mountPath: /host/proc - name: cni-host-procfs - readOnly: true - {{- end }} - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - - mountPath: /var/run/istio-cni - name: cni-socket-dir - {{- if .Values.ambient.enabled }} - - mountPath: /host/var/run/netns - mountPropagation: HostToContainer - name: cni-netns-dir - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - {{ end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - volumes: - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: {{ $detectedBinDir }} - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - name: cni-host-procfs - hostPath: - path: /proc - type: Directory - {{- end }} - {{- if .Values.ambient.enabled }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate - {{- end }} - - name: cni-net-dir - hostPath: - path: {{ .Values.cniConfDir }} - # Used for UDS sockets for logging, ambient eventing - - name: cni-socket-dir - hostPath: - path: /var/run/istio-cni - - name: cni-netns-dir - hostPath: - path: {{ .Values.cniNetnsDir }} - type: DirectoryOrCreate # DirectoryOrCreate instead of Directory for the following reason - CNI may not bind mount this until a non-hostnetwork pod is scheduled on the node, - # and we don't want to block CNI agent pod creation on waiting for the first non-hostnetwork pod. - # Once the CNI does mount this, it will get populated and we're good. diff --git a/resources/v1.26.7/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.26.7/charts/cni/templates/network-attachment-definition.yaml deleted file mode 100644 index 86a2eb7c0..000000000 --- a/resources/v1.26.7/charts/cni/templates/network-attachment-definition.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if eq .Values.provider "multus" }} -apiVersion: k8s.cni.cncf.io/v1 -kind: NetworkAttachmentDefinition -metadata: - name: {{ template "name" . }} - namespace: default - labels: - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.7/charts/cni/templates/resourcequota.yaml b/resources/v1.26.7/charts/cni/templates/resourcequota.yaml deleted file mode 100644 index 9a6d61ff9..000000000 --- a/resources/v1.26.7/charts/cni/templates/resourcequota.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ template "name" . }}-resource-quota - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.7/charts/cni/templates/serviceaccount.yaml b/resources/v1.26.7/charts/cni/templates/serviceaccount.yaml deleted file mode 100644 index 3193d7b74..000000000 --- a/resources/v1.26.7/charts/cni/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.7/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.26.7/charts/cni/templates/zzy_descope_legacy.yaml deleted file mode 100644 index a9584ac29..000000000 --- a/resources/v1.26.7/charts/cni/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.cni` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "cni") }} \ No newline at end of file diff --git a/resources/v1.26.7/charts/cni/templates/zzz_profile.yaml b/resources/v1.26.7/charts/cni/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.7/charts/cni/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.7/charts/cni/values.yaml b/resources/v1.26.7/charts/cni/values.yaml deleted file mode 100644 index eb6b2f1c1..000000000 --- a/resources/v1.26.7/charts/cni/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - hub: "" - tag: "" - variant: "" - image: install-cni - pullPolicy: "" - - # Same as `global.logging.level`, but will override it if set - logging: - level: "" - - # Configuration file to insert istio-cni plugin configuration - # by default this will be the first file found in the cni-conf-dir - # Example - # cniConfFileName: 10-calico.conflist - - # CNI-and-platform specific path defaults. - # These may need to be set to platform-specific values, consult - # overrides for your platform in `manifests/helm-profiles/platform-*.yaml` - cniBinDir: /opt/cni/bin - cniConfDir: /etc/cni/net.d - cniConfFileName: "" - cniNetnsDir: "/var/run/netns" - - excludeNamespaces: - - kube-system - - # Allows user to set custom affinity for the DaemonSet - affinity: {} - - # Custom annotations on pod level, if you need them - podAnnotations: {} - - # Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")? - # Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case - chained: true - - # Custom configuration happens based on the CNI provider. - # Possible values: "default", "multus" - provider: "default" - - # Configure ambient settings - ambient: - # If enabled, ambient redirection will be enabled - enabled: false - # Set ambient config dir path: defaults to /etc/ambient-config - configDir: "" - # If enabled, and ambient is enabled, DNS redirection will be enabled - dnsCapture: true - # If enabled, and ambient is enabled, enables ipv6 support - ipv6: true - # If enabled, and ambient is enabled, the CNI agent will reconcile incompatible iptables rules and chains at startup. - # This will eventually be enabled by default - reconcileIptablesOnStartup: false - # If enabled, and ambient is enabled, the CNI agent will always share the network namespace of the host node it is running on - shareHostNetworkNamespace: false - - - repair: - enabled: true - hub: "" - tag: "" - - # Repair controller has 3 modes. Pick which one meets your use cases. Note only one may be used. - # This defines the action the controller will take when a pod is detected as broken. - - # labelPods will label all pods with =. - # This is only capable of identifying broken pods; the user is responsible for fixing them (generally, by deleting them). - # Note this gives the DaemonSet a relatively high privilege, as modifying pod metadata/status can have wider impacts. - labelPods: false - # deletePods will delete any broken pod. These will then be rescheduled, hopefully onto a node that is fully ready. - # Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod. - deletePods: false - # repairPods will dynamically repair any broken pod by setting up the pod networking configuration even after it has started. - # Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. - # This requires no RBAC privilege, but does require `securityContext.privileged/CAP_SYS_ADMIN`. - repairPods: true - - initContainerName: "istio-validation" - - brokenPodLabelKey: "cni.istio.io/uninitialized" - brokenPodLabelValue: "true" - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # SELinux options to set in the istio-cni-node pods. You may need to set this to `type: spc_t` for some platforms. - seLinuxOptions: {} - - resources: - requests: - cpu: 100m - memory: 100Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # For Helm compatibility. - ownerName: "" - - global: - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - - # Default tag for Istio images. - tag: 1.26.7 - - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # change cni scope level to control logging out of istio-cni-node DaemonSet - logging: - level: info - - logAsJson: false - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Default resources allocated - defaultResources: - requests: - cpu: 100m - memory: 100Mi - - # A `key: value` mapping of environment variables to add to the pod - env: {} diff --git a/resources/v1.26.7/charts/gateway/Chart.yaml b/resources/v1.26.7/charts/gateway/Chart.yaml deleted file mode 100644 index 8c98690ed..000000000 --- a/resources/v1.26.7/charts/gateway/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.7 -description: Helm chart for deploying Istio gateways -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- gateways -name: gateway -sources: -- https://github.com/istio/istio -type: application -version: 1.26.7 diff --git a/resources/v1.26.7/charts/gateway/README.md b/resources/v1.26.7/charts/gateway/README.md deleted file mode 100644 index 5c064d165..000000000 --- a/resources/v1.26.7/charts/gateway/README.md +++ /dev/null @@ -1,170 +0,0 @@ -# Istio Gateway Helm Chart - -This chart installs an Istio gateway deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-ingressgateway`: - -```console -helm install istio-ingressgateway istio/gateway -``` - -## Uninstalling the Chart - -To uninstall/delete the `istio-ingressgateway` deployment: - -```console -helm delete istio-ingressgateway -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/gateway -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### OpenShift - -When deploying the gateway in an OpenShift cluster, use the `openshift` profile to override the default values, for example: - -```console -helm install istio-ingressgateway istio/gateway --set profile=openshift -``` - -### `image: auto` Information - -The image used by the chart, `auto`, may be unintuitive. -This exists because the pod spec will be automatically populated at runtime, using the same mechanism as [Sidecar Injection](istio.io/latest/docs/setup/additional-setup/sidecar-injection). -This allows the same configurations and lifecycle to apply to gateways as sidecars. - -Note: this does mean that the namespace the gateway is deployed in must not have the `istio-injection=disabled` label. -See [Controlling the injection policy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) for more info. - -### Examples - -#### Egress Gateway - -Deploying a Gateway to be used as an [Egress Gateway](https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/): - -```yaml -service: - # Egress gateways do not need an external LoadBalancer IP - type: ClusterIP -``` - -#### Multi-network/VM Gateway - -Deploying a Gateway to be used as a [Multi-network Gateway](https://istio.io/latest/docs/setup/install/multicluster/) for network `network-1`: - -```yaml -networkGateway: network-1 -``` - -### Migrating from other installation methods - -Installations from other installation methods (such as istioctl, Istio Operator, other helm charts, etc) can be migrated to use the new Helm charts -following the guidance below. -If you are able to, a clean installation is simpler. However, this often requires an external IP migration which can be challenging. - -WARNING: when installing over an existing deployment, the two deployments will be merged together by Helm, which may lead to unexpected results. - -#### Legacy Gateway Helm charts - -Istio historically offered two different charts - `manifests/charts/gateways/istio-ingress` and `manifests/charts/gateways/istio-egress`. -These are replaced by this chart. -While not required, it is recommended all new users use this chart, and existing users migrate when possible. - -This chart has the following benefits and differences: -* Designed with Helm best practices in mind (standardized values options, values schema, values are not all nested under `gateways.istio-ingressgateway.*`, release name and namespace taken into account, etc). -* Utilizes Gateway injection, simplifying upgrades, allowing gateways to run in any namespace, and avoiding repeating config for sidecars and gateways. -* Published to official Istio Helm repository. -* Single chart for all gateways (Ingress, Egress, East West). - -#### General concerns - -For a smooth migration, the resource names and `Deployment.spec.selector` labels must match. - -If you install with `helm install istio-gateway istio/gateway`, resources will be named `istio-gateway` and the `selector` labels set to: - -```yaml -app: istio-gateway -istio: gateway # the release name with leading istio- prefix stripped -``` - -If your existing installation doesn't follow these names, you can override them. For example, if you have resources named `my-custom-gateway` with `selector` labels -`foo=bar,istio=ingressgateway`: - -```yaml -name: my-custom-gateway # Override the name to match existing resources -labels: - app: "" # Unset default app selector label - istio: ingressgateway # override default istio selector label - foo: bar # Add the existing custom selector label -``` - -#### Migrating an existing Helm release - -An existing helm release can be `helm upgrade`d to this chart by using the same release name. For example, if a previous -installation was done like: - -```console -helm install istio-ingress manifests/charts/gateways/istio-ingress -n istio-system -``` - -It could be upgraded with - -```console -helm upgrade istio-ingress manifests/charts/gateway -n istio-system --set name=istio-ingressgateway --set labels.app=istio-ingressgateway --set labels.istio=ingressgateway -``` - -Note the name and labels are overridden to match the names of the existing installation. - -Warning: the helm charts here default to using port 80 and 443, while the old charts used 8080 and 8443. -If you have AuthorizationPolicies that reference port these ports, you should update them during this process, -or customize the ports to match the old defaults. -See the [security advisory](https://istio.io/latest/news/security/istio-security-2021-002/) for more information. - -#### Other migrations - -If you see errors like `rendered manifests contain a resource that already exists` during installation, you may need to forcibly take ownership. - -The script below can handle this for you. Replace `RELEASE` and `NAMESPACE` with the name and namespace of the release: - -```console -KINDS=(service deployment) -RELEASE=istio-ingressgateway -NAMESPACE=istio-system -for KIND in "${KINDS[@]}"; do - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-name=$RELEASE - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-namespace=$NAMESPACE - kubectl --namespace $NAMESPACE --overwrite=true label $KIND $RELEASE app.kubernetes.io/managed-by=Helm -done -``` - -You may ignore errors about resources not being found. diff --git a/resources/v1.26.7/charts/gateway/files/profile-ambient.yaml b/resources/v1.26.7/charts/gateway/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.7/charts/gateway/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.7/charts/gateway/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.7/charts/gateway/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.7/charts/gateway/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/gateway/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.7/charts/gateway/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.7/charts/gateway/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.7/charts/gateway/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.7/charts/gateway/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/gateway/files/profile-demo.yaml b/resources/v1.26.7/charts/gateway/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.7/charts/gateway/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.7/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.26.7/charts/gateway/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.7/charts/gateway/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.7/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.26.7/charts/gateway/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.7/charts/gateway/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.7/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.26.7/charts/gateway/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.7/charts/gateway/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.7/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.26.7/charts/gateway/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.7/charts/gateway/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.7/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.26.7/charts/gateway/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.7/charts/gateway/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.7/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.26.7/charts/gateway/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.7/charts/gateway/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.7/charts/gateway/files/profile-preview.yaml b/resources/v1.26.7/charts/gateway/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.7/charts/gateway/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.7/charts/gateway/files/profile-remote.yaml b/resources/v1.26.7/charts/gateway/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.7/charts/gateway/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.7/charts/gateway/files/profile-stable.yaml b/resources/v1.26.7/charts/gateway/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.7/charts/gateway/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.7/charts/gateway/templates/NOTES.txt b/resources/v1.26.7/charts/gateway/templates/NOTES.txt deleted file mode 100644 index fd0142911..000000000 --- a/resources/v1.26.7/charts/gateway/templates/NOTES.txt +++ /dev/null @@ -1,9 +0,0 @@ -"{{ include "gateway.name" . }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: - * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ - * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ diff --git a/resources/v1.26.7/charts/gateway/templates/_helpers.tpl b/resources/v1.26.7/charts/gateway/templates/_helpers.tpl deleted file mode 100644 index e5a0a9b3c..000000000 --- a/resources/v1.26.7/charts/gateway/templates/_helpers.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{- define "gateway.name" -}} -{{- if eq .Release.Name "RELEASE-NAME" -}} - {{- .Values.name | default "istio-ingressgateway" -}} -{{- else -}} - {{- .Values.name | default .Release.Name | default "istio-ingressgateway" -}} -{{- end -}} -{{- end }} - -{{- define "gateway.labels" -}} -{{ include "gateway.selectorLabels" . }} -{{- range $key, $val := .Values.labels }} -{{- if and (ne $key "app") (ne $key "istio") }} -{{ $key | quote }}: {{ $val | quote }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "gateway.selectorLabels" -}} -app: {{ (.Values.labels.app | quote) | default (include "gateway.name" .) }} -istio: {{ (.Values.labels.istio | quote) | default (include "gateway.name" . | trimPrefix "istio-") }} -{{- end }} - -{{/* -Keep sidecar injection labels together -https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy -*/}} -{{- define "gateway.sidecarInjectionLabels" -}} -sidecar.istio.io/inject: "true" -{{- with .Values.revision }} -istio.io/rev: {{ . | quote }} -{{- end }} -{{- end }} - -{{- define "gateway.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- .Values.serviceAccount.name | default (include "gateway.name" .) }} -{{- else }} -{{- .Values.serviceAccount.name | default "default" }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.7/charts/gateway/templates/deployment.yaml b/resources/v1.26.7/charts/gateway/templates/deployment.yaml deleted file mode 100644 index d83ff3b49..000000000 --- a/resources/v1.26.7/charts/gateway/templates/deployment.yaml +++ /dev/null @@ -1,131 +0,0 @@ -apiVersion: apps/v1 -kind: {{ .Values.kind | default "Deployment" }} -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - {{- if and (hasKey .Values "replicaCount") (ne .Values.replicaCount nil) }} - replicas: {{ .Values.replicaCount }} - {{- end }} - {{- end }} - {{- with .Values.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.minReadySeconds }} - minReadySeconds: {{ . }} - {{- end }} - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "gateway.sidecarInjectionLabels" . | nindent 8 }} - {{- include "gateway.selectorLabels" . | nindent 8 }} - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 8}} - {{- range $key, $val := .Values.labels }} - {{- if and (ne $key "app") (ne $key "istio") }} - {{ $key | quote }}: {{ $val | quote }} - {{- end }} - {{- end }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "gateway.serviceAccountName" . }} - securityContext: - {{- if .Values.securityContext }} - {{- toYaml .Values.securityContext | nindent 8 }} - {{- else }} - # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326 - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - {{- with .Values.volumes }} - volumes: - {{ toYaml . | nindent 8 }} - {{- end }} - containers: - - name: istio-proxy - # "auto" will be populated at runtime by the mutating webhook. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#customizing-injection - image: auto - {{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} - {{- end }} - securityContext: - {{- if .Values.containerSecurityContext }} - {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- else }} - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - {{- if not (eq (.Values.platform | default "") "openshift") }} - runAsUser: 1337 - runAsGroup: 1337 - {{- end }} - runAsNonRoot: true - {{- end }} - env: - {{- with .Values.networkGateway }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: "{{.}}" - {{- end }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} - {{- with .Values.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} diff --git a/resources/v1.26.7/charts/gateway/templates/hpa.yaml b/resources/v1.26.7/charts/gateway/templates/hpa.yaml deleted file mode 100644 index 64ecb6a4c..000000000 --- a/resources/v1.26.7/charts/gateway/templates/hpa.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if and (.Values.autoscaling.enabled) (eq .Values.kind "Deployment") }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: {{ .Values.kind | default "Deployment" }} - name: {{ include "gateway.name" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaling.autoscaleBehavior | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.7/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.26.7/charts/gateway/templates/poddisruptionbudget.yaml deleted file mode 100644 index b0155cdf0..000000000 --- a/resources/v1.26.7/charts/gateway/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} -spec: - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - {{- with .Values.podDisruptionBudget }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.7/charts/gateway/templates/role.yaml b/resources/v1.26.7/charts/gateway/templates/role.yaml deleted file mode 100644 index 3d1607963..000000000 --- a/resources/v1.26.7/charts/gateway/templates/role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/*Set up roles for Istio Gateway. Not required for gateway-api*/}} -{{- if .Values.rbac.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "gateway.serviceAccountName" . }} -subjects: -- kind: ServiceAccount - name: {{ include "gateway.serviceAccountName" . }} -{{- end }} diff --git a/resources/v1.26.7/charts/gateway/templates/service.yaml b/resources/v1.26.7/charts/gateway/templates/service.yaml deleted file mode 100644 index 3e28418f7..000000000 --- a/resources/v1.26.7/charts/gateway/templates/service.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if not (eq .Values.service.type "None") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - annotations: - {{- merge (deepCopy .Values.service.annotations) .Values.annotations | toYaml | nindent 4 }} -spec: -{{- with .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ . }}" -{{- end }} -{{- if eq .Values.service.type "LoadBalancer" }} - {{- if hasKey .Values.service "allocateLoadBalancerNodePorts" }} - allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }} - {{- end }} - {{- if hasKey .Values.service "loadBalancerClass" }} - loadBalancerClass: {{ .Values.service.loadBalancerClass }} - {{- end }} -{{- end }} -{{- if .Values.service.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} -{{- end }} -{{- if .Values.service.ipFamilies }} - ipFamilies: -{{- range .Values.service.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} -{{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: "{{ . }}" -{{- end }} - type: {{ .Values.service.type }} - ports: -{{- if .Values.networkGateway }} - - name: status-port - port: 15021 - targetPort: 15021 - - name: tls - port: 15443 - targetPort: 15443 - - name: tls-istiod - port: 15012 - targetPort: 15012 - - name: tls-webhook - port: 15017 - targetPort: 15017 -{{- else }} -{{ .Values.service.ports | toYaml | indent 4 }} -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: {{- range .Values.service.externalIPs }} - - {{.}} - {{- end }} -{{- end }} - selector: - {{- include "gateway.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.7/charts/gateway/templates/serviceaccount.yaml b/resources/v1.26.7/charts/gateway/templates/serviceaccount.yaml deleted file mode 100644 index c88afeadd..000000000 --- a/resources/v1.26.7/charts/gateway/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.7/charts/gateway/templates/zzz_profile.yaml b/resources/v1.26.7/charts/gateway/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.7/charts/gateway/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.7/charts/gateway/values.schema.json b/resources/v1.26.7/charts/gateway/values.schema.json deleted file mode 100644 index d81fcffaa..000000000 --- a/resources/v1.26.7/charts/gateway/values.schema.json +++ /dev/null @@ -1,368 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "$defs": { - "values": { - "type": "object", - "additionalProperties": false, - "properties": { - "_internal_defaults_do_not_set": { - "type": "object" - }, - "global": { - "type": "object" - }, - "affinity": { - "type": "object" - }, - "securityContext": { - "type": [ - "object", - "null" - ] - }, - "containerSecurityContext": { - "type": [ - "object", - "null" - ] - }, - "kind": { - "type": "string", - "enum": [ - "Deployment", - "DaemonSet" - ] - }, - "annotations": { - "additionalProperties": { - "type": [ - "string", - "integer" - ] - }, - "type": "object" - }, - "autoscaling": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxReplicas": { - "type": "integer" - }, - "minReplicas": { - "type": "integer" - }, - "targetCPUUtilizationPercentage": { - "type": "integer" - } - } - }, - "env": { - "type": "object" - }, - "envVarFrom": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "valueFrom": { - "type": "object" - } - } - } - }, - "strategy": { - "type": "object" - }, - "minReadySeconds": { - "type": [ - "null", - "integer" - ] - }, - "readinessProbe": { - "type": [ - "null", - "object" - ] - }, - "labels": { - "type": "object" - }, - "name": { - "type": "string" - }, - "nodeSelector": { - "type": "object" - }, - "podAnnotations": { - "type": "object", - "properties": { - "inject.istio.io/templates": { - "type": "string" - }, - "prometheus.io/path": { - "type": "string" - }, - "prometheus.io/port": { - "type": "string" - }, - "prometheus.io/scrape": { - "type": "string" - } - } - }, - "replicaCount": { - "type": [ - "integer", - "null" - ] - }, - "resources": { - "type": "object", - "properties": { - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - }, - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - } - } - }, - "revision": { - "type": "string" - }, - "defaultRevision": { - "type": "string" - }, - "compatibilityVersion": { - "type": "string" - }, - "profile": { - "type": "string" - }, - "platform": { - "type": "string" - }, - "pilot": { - "type": "object" - }, - "runAsRoot": { - "type": "boolean" - }, - "unprivilegedPort": { - "type": [ - "string", - "boolean" - ], - "enum": [ - true, - false, - "auto" - ] - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "loadBalancerIP": { - "type": "string" - }, - "loadBalancerSourceRanges": { - "type": "array" - }, - "ipFamilies": { - "items": { - "type": "string", - "enum": [ - "IPv4", - "IPv6" - ] - } - }, - "ipFamilyPolicy": { - "type": "string", - "enum": [ - "", - "SingleStack", - "PreferDualStack", - "RequireDualStack" - ] - }, - "ports": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "protocol": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - }, - "type": { - "type": "string" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "name": { - "type": "string" - }, - "create": { - "type": "boolean" - } - } - }, - "rbac": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "tolerations": { - "type": "array" - }, - "topologySpreadConstraints": { - "type": "array" - }, - "networkGateway": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string", - "enum": [ - "", - "Always", - "IfNotPresent", - "Never" - ] - }, - "imagePullSecrets": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - } - } - }, - "podDisruptionBudget": { - "type": "object", - "properties": { - "minAvailable": { - "type": [ - "integer", - "string" - ] - }, - "maxUnavailable": { - "type": [ - "integer", - "string" - ] - }, - "unhealthyPodEvictionPolicy": { - "type": "string", - "enum": [ - "", - "IfHealthyBudget", - "AlwaysAllow" - ] - } - } - }, - "terminationGracePeriodSeconds": { - "type": "number" - }, - "volumes": { - "type": "array", - "items": { - "type": "object" - } - }, - "volumeMounts": { - "type": "array", - "items": { - "type": "object" - } - }, - "initContainers": { - "type": "array", - "items": { - "type": "object" - } - }, - "additionalContainers": { - "type": "array", - "items": { - "type": "object" - } - }, - "priorityClassName": { - "type": "string" - } - } - } - }, - "defaults": { - "$ref": "#/$defs/values" - }, - "$ref": "#/$defs/values" -} diff --git a/resources/v1.26.7/charts/gateway/values.yaml b/resources/v1.26.7/charts/gateway/values.yaml deleted file mode 100644 index 4e65676ba..000000000 --- a/resources/v1.26.7/charts/gateway/values.yaml +++ /dev/null @@ -1,170 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Name allows overriding the release name. Generally this should not be set - name: "" - # revision declares which revision this gateway is a part of - revision: "" - - # Controls the spec.replicas setting for the Gateway deployment if set. - # Otherwise defaults to Kubernetes Deployment default (1). - replicaCount: - - kind: Deployment - - rbac: - # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed - # when using http://gateway-api.org/. - enabled: true - - serviceAccount: - # If set, a service account will be created. Otherwise, the default is used - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set, the release name is used - name: "" - - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - prometheus.io/path: "/stats/prometheus" - inject.istio.io/templates: "gateway" - sidecar.istio.io/inject: "true" - - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - containerSecurityContext: {} - - service: - # Type of service. Set to "None" to disable the service entirely - type: LoadBalancer - ports: - - name: status-port - port: 15021 - protocol: TCP - targetPort: 15021 - - name: http2 - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - annotations: {} - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalTrafficPolicy: "" - externalIPs: [] - ipFamilyPolicy: "" - ipFamilies: [] - ## Whether to automatically allocate NodePorts (only for LoadBalancers). - # allocateLoadBalancerNodePorts: false - ## Set LoadBalancer class (only for LoadBalancers). - # loadBalancerClass: "" - - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: {} - autoscaleBehavior: {} - - # Pod environment variables - env: {} - - # Deployment Update strategy - strategy: {} - - # Sets the Deployment minReadySeconds value - minReadySeconds: - - # Optionally configure a custom readinessProbe. By default the control plane - # automatically injects the readinessProbe. If you wish to override that - # behavior, you may define your own readinessProbe here. - readinessProbe: {} - - # Labels to apply to all resources - labels: - # By default, don't enroll gateways into the ambient dataplane - "istio.io/dataplane-mode": none - - # Annotations to apply to all resources - annotations: {} - - nodeSelector: {} - - tolerations: [] - - topologySpreadConstraints: [] - - affinity: {} - - # If specified, the gateway will act as a network gateway for the given network. - networkGateway: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent - imagePullPolicy: "" - - imagePullSecrets: [] - - # This value is used to configure a Kubernetes PodDisruptionBudget for the gateway. - # - # By default, the `podDisruptionBudget` is disabled (set to `{}`), - # which means that no PodDisruptionBudget resource will be created. - # - # To enable the PodDisruptionBudget, configure it by specifying the - # `minAvailable` or `maxUnavailable`. For example, to set the - # minimum number of available replicas to 1, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # - # Or, to allow a maximum of 1 unavailable replica, you can set: - # - # podDisruptionBudget: - # maxUnavailable: 1 - # - # You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`. - # For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # unhealthyPodEvictionPolicy: AlwaysAllow - # - # To disable the PodDisruptionBudget, you can leave it as an empty object `{}`: - # - # podDisruptionBudget: {} - # - podDisruptionBudget: {} - - # Sets the per-pod terminationGracePeriodSeconds setting. - terminationGracePeriodSeconds: 30 - - # A list of `Volumes` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumes: [] - - # A list of `VolumeMounts` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumeMounts: [] - - # Configure this to a higher priority class in order to make sure your Istio gateway pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" diff --git a/resources/v1.26.7/charts/istiod/Chart.yaml b/resources/v1.26.7/charts/istiod/Chart.yaml deleted file mode 100644 index b6f037d19..000000000 --- a/resources/v1.26.7/charts/istiod/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.7 -description: Helm chart for istio control plane -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- istiod -- istio-discovery -name: istiod -sources: -- https://github.com/istio/istio -version: 1.26.7 diff --git a/resources/v1.26.7/charts/istiod/README.md b/resources/v1.26.7/charts/istiod/README.md deleted file mode 100644 index ddbfbc8fe..000000000 --- a/resources/v1.26.7/charts/istiod/README.md +++ /dev/null @@ -1,73 +0,0 @@ -# Istiod Helm Chart - -This chart installs an Istiod deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -Before installing, ensure CRDs are installed in the cluster (from the `istio/base` chart). - -To install the chart with the release name `istiod`: - -```console -kubectl create namespace istio-system -helm install istiod istio/istiod --namespace istio-system -``` - -## Uninstalling the Chart - -To uninstall/delete the `istiod` deployment: - -```console -helm delete istiod --namespace istio-system -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istiod -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Examples - -#### Configuring mesh configuration settings - -Any [Mesh Config](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/) options can be configured like below: - -```yaml -meshConfig: - accessLogFile: /dev/stdout -``` - -#### Revisions - -Control plane revisions allow deploying multiple versions of the control plane in the same cluster. -This allows safe [canary upgrades](https://istio.io/latest/docs/setup/upgrade/canary/) - -```yaml -revision: my-revision-name -``` diff --git a/resources/v1.26.7/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.26.7/charts/istiod/files/gateway-injection-template.yaml deleted file mode 100644 index 7d23f15f9..000000000 --- a/resources/v1.26.7/charts/istiod/files/gateway-injection-template.yaml +++ /dev/null @@ -1,261 +0,0 @@ -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: - istio.io/rev: {{ .Revision | default "default" | quote }} - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}" - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}" - {{- end }} - {{- end }} -spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 4 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- end }} - securityContext: - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.7/charts/istiod/files/grpc-agent.yaml b/resources/v1.26.7/charts/istiod/files/grpc-agent.yaml deleted file mode 100644 index dda3aeaa9..000000000 --- a/resources/v1.26.7/charts/istiod/files/grpc-agent.yaml +++ /dev/null @@ -1,318 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - {{/* security.istio.io/tlsMode: istio must be set by user, if gRPC is using mTLS initialization code. We can't set it automatically. */}} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} - sidecar.istio.io/rewriteAppHTTPProbers: "false", - } -spec: - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15020 - protocol: TCP - name: mesh-metrics - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - - --url=http://localhost:15020/healthz/ready - env: - - name: ISTIO_META_GENERATOR - value: grpc - - name: OUTPUT_CERTS - value: /var/lib/istio/data - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - # grpc uses xds:/// to resolve – no need to resolve VIP - - name: ISTIO_META_DNS_CAPTURE - value: "false" - - name: DISABLE_ENVOY - value: "true" - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15020 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} -{{- range $index, $container := .Spec.Containers }} -{{ if not (eq $container.Name "istio-proxy") }} - - name: {{ $container.Name }} - env: - - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" - value: "true" - - name: "GRPC_XDS_BOOTSTRAP" - value: "/etc/istio/proxy/grpc-bootstrap.json" - volumeMounts: - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - {{- if eq $.Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} -{{- end }} -{{- end }} - volumes: - - emptyDir: - name: workload-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-xds - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.7/charts/istiod/files/grpc-simple.yaml b/resources/v1.26.7/charts/istiod/files/grpc-simple.yaml deleted file mode 100644 index 9ba0c7a46..000000000 --- a/resources/v1.26.7/charts/istiod/files/grpc-simple.yaml +++ /dev/null @@ -1,65 +0,0 @@ -metadata: - annotations: - sidecar.istio.io/rewriteAppHTTPProbers: "false" -spec: - initContainers: - - name: grpc-bootstrap-init - image: busybox:1.28 - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - env: - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_NAMESPACE - value: | - {{ .Values.global.istioNamespace }} - command: - - sh - - "-c" - - |- - NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local" - SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010" - echo ' - { - "xds_servers": [ - { - "server_uri": "'${SERVER_URI}'", - "channel_creds": [{"type": "insecure"}], - "server_features" : ["xds_v3"] - } - ], - "node": { - "id": "'${NODE_ID}'", - "metadata": { - "GENERATOR": "grpc" - } - } - }' > /var/lib/grpc/data/bootstrap.json - containers: - {{- range $index, $container := .Spec.Containers }} - - name: {{ $container.Name }} - env: - - name: GRPC_XDS_BOOTSTRAP - value: /var/lib/grpc/data/bootstrap.json - - name: GRPC_GO_LOG_VERBOSITY_LEVEL - value: "99" - - name: GRPC_GO_LOG_SEVERITY_LEVEL - value: info - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - {{- end }} - volumes: - - name: grpc-io-proxyless-bootstrap - emptyDir: {} diff --git a/resources/v1.26.7/charts/istiod/files/injection-template.yaml b/resources/v1.26.7/charts/istiod/files/injection-template.yaml deleted file mode 100644 index bfd922b04..000000000 --- a/resources/v1.26.7/charts/istiod/files/injection-template.yaml +++ /dev/null @@ -1,531 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{ $nativeSidecar := (or (and (not (isset .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`)) (eq (env "ENABLE_NATIVE_SIDECARS" "false") "true")) (eq (index .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`) "true")) }} -{{ $tproxy := (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio" | quote }} - {{- if eq (index .ProxyConfig.ProxyMetadata "ISTIO_META_ENABLE_HBONE") "true" }} - networking.istio.io/tunnel: {{ index .ObjectMeta.Labels `networking.istio.io/tunnel` | default "http" | quote }} - {{- end }} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | trunc 63 | trimSuffix "-" | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} -{{- if .Values.pilot.cni.enabled }} - {{- if eq .Values.pilot.cni.provider "multus" }} - k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `default/istio-cni` }}', - {{- end }} - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}", - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} - traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}", - {{- end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}istio.io/reroute-virtual-interfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}traffic.sidecar.istio.io/excludeInterfaces: "{{.}}",{{ end }} -{{- end }} - } -spec: - {{- $holdProxy := and - (or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts) - (not $nativeSidecar) }} - {{- $noInitContainer := and - (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE`) - (not $nativeSidecar) }} - {{ if $noInitContainer }} - initContainers: [] - {{ else -}} - initContainers: - {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} - {{ if .Values.pilot.cni.enabled -}} - - name: istio-validation - {{ else -}} - - name: istio-init - {{ end -}} - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - args: - - istio-iptables - - "-p" - - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }} - - "-z" - - {{ .MeshConfig.ProxyInboundListenPort | default "15006" | quote }} - - "-u" - - {{ if $tproxy }} "1337" {{ else }} {{ .ProxyUID | default "1337" | quote }} {{ end }} - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}" - - "-d" - {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} - - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{- else }} - - "15090,15021" - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} - - "-q" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" - {{ end -}} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}" - {{ else if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`) -}} - - "-c" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}" - {{ end -}} - - "--log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}" - {{ if .Values.global.logAsJson -}} - - "--log_as_json" - {{ end -}} - {{ if .Values.pilot.cni.enabled -}} - - "--run-validation" - - "--skip-rule-apply" - {{ else if .Values.global.proxy_init.forceApplyIptables -}} - - "--force-apply" - {{ end -}} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{- if .ProxyConfig.ProxyMetadata }} - env: - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: - {{- if not .Values.pilot.cni.enabled }} - add: - - NET_ADMIN - - NET_RAW - {{- end }} - drop: - - ALL - {{- if not .Values.pilot.cni.enabled }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - readOnlyRootFilesystem: true - runAsGroup: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyGID | default "1337" }} {{ end }} - runAsUser: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyUID | default "1337" }} {{ end }} - runAsNonRoot: true - {{- end }} - {{ end -}} - {{ end -}} - {{ if not $nativeSidecar }} - containers: - {{ end }} - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{ if $nativeSidecar }}restartPolicy: Always{{end}} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- else if $holdProxy }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - {{- else if $nativeSidecar }} - {{- /* preStop is called when the pod starts shutdown. Initialize drain. We will get SIGTERM once applications are torn down. */}} - lifecycle: - preStop: - exec: - command: - - pilot-agent - - request - - --debug-port={{(annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort)}} - - POST - - drain - {{- end }} - env: - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- with (index .ObjectMeta.Labels `service.istio.io/workload-name` | default .DeploymentMeta.Name) }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ . }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - {{ if .Values.global.proxy.startupProbe.enabled }} - startupProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: 0 - periodSeconds: 1 - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.startupProbe.failureThreshold }} - {{ end }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }} - allowPrivilegeEscalation: true - capabilities: - add: - - NET_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: true - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: false - runAsUser: 0 - {{- else }} - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - add: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - - NET_ADMIN - {{- end }} - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} - - NET_BIND_SERVICE - {{- end }} - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: true - {{ if or ($tproxy) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - runAsNonRoot: false - runAsUser: 0 - runAsGroup: 1337 - {{- else -}} - runAsNonRoot: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} - volumes: - - emptyDir: - name: workload-socket - - emptyDir: - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.7/charts/istiod/files/kube-gateway.yaml b/resources/v1.26.7/charts/istiod/files/kube-gateway.yaml deleted file mode 100644 index 447ecae83..000000000 --- a/resources/v1.26.7/charts/istiod/files/kube-gateway.yaml +++ /dev/null @@ -1,401 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": {{.Name}} - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 8 }} - spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 8 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- if .Values.gateways.seccompProfile }} - seccompProfile: - {{- toYaml .Values.gateways.seccompProfile | nindent 10 }} - {{- end }} - {{- end }} - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{- if .Values.global.proxy.resources }} - resources: - {{- toYaml .Values.global.proxy.resources | nindent 10 }} - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - securityContext: - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: true - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }} - {{- end }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: "[]" - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName .ClusterID }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- with (valueOrDefault (index .InfrastructureLabels "topology.istio.io/network") .Values.global.network) }} - - name: ISTIO_META_NETWORK - value: {{.|quote}} - {{- end }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName|quote}} - - name: ISTIO_META_OWNER - value: "kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}}" - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- with (index .InfrastructureLabels "topology.istio.io/network") }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: {{.|quote}} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq ((.Values.pilot).env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: {{.UID}} -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": {{.Name}} - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.7/charts/istiod/files/profile-ambient.yaml b/resources/v1.26.7/charts/istiod/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.7/charts/istiod/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.7/charts/istiod/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.7/charts/istiod/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.7/charts/istiod/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/istiod/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.7/charts/istiod/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.7/charts/istiod/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.7/charts/istiod/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.7/charts/istiod/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/istiod/files/profile-demo.yaml b/resources/v1.26.7/charts/istiod/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.7/charts/istiod/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.7/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.26.7/charts/istiod/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.7/charts/istiod/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.7/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.26.7/charts/istiod/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.7/charts/istiod/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.7/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.26.7/charts/istiod/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.7/charts/istiod/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.7/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.26.7/charts/istiod/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.7/charts/istiod/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.7/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.26.7/charts/istiod/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.7/charts/istiod/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.7/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.26.7/charts/istiod/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.7/charts/istiod/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.7/charts/istiod/files/profile-preview.yaml b/resources/v1.26.7/charts/istiod/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.7/charts/istiod/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.7/charts/istiod/files/profile-remote.yaml b/resources/v1.26.7/charts/istiod/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.7/charts/istiod/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.7/charts/istiod/files/profile-stable.yaml b/resources/v1.26.7/charts/istiod/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.7/charts/istiod/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.7/charts/istiod/files/waypoint.yaml b/resources/v1.26.7/charts/istiod/files/waypoint.yaml deleted file mode 100644 index 421cabeae..000000000 --- a/resources/v1.26.7/charts/istiod/files/waypoint.yaml +++ /dev/null @@ -1,396 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": "{{.Name}}" - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "istio.io/dataplane-mode" "none" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 8}} - spec: - {{- if .Values.global.waypoint.affinity }} - affinity: - {{- toYaml .Values.global.waypoint.affinity | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml .Values.global.waypoint.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.nodeSelector }} - nodeSelector: - {{- toYaml .Values.global.waypoint.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.tolerations }} - tolerations: - {{- toYaml .Values.global.waypoint.tolerations | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 2 - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - args: - - proxy - - waypoint - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - {{.ServiceAccount}}.$(POD_NAMESPACE) - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - env: - - name: ISTIO_META_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - {{- if .ProxyConfig.ProxyMetadata }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - {{- $network := valueOrDefault (index .InfrastructureLabels `topology.istio.io/network`) .Values.global.network }} - {{- if $network }} - - name: ISTIO_META_NETWORK - value: "{{ $network }}" - {{- end }} - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName}} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if .Values.global.waypoint.resources }} - resources: - {{- toYaml .Values.global.waypoint.resources | nindent 10 }} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - privileged: false - {{- if not (eq .Values.global.platform "openshift") }} - runAsGroup: 1337 - runAsUser: 1337 - {{- end }} - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.gateways.seccompProfile }} - seccompProfile: -{{- toYaml .Values.gateways.seccompProfile | nindent 12 }} -{{- end }} - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: - medium: Memory - name: go-proxy-envoy - - emptyDir: {} - name: istio-data - - emptyDir: {} - name: go-proxy-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap - (strdict "networking.istio.io/traffic-distribution" "PreferClose") - (omit .InfrastructureAnnotations - "kubectl.kubernetes.io/last-applied-configuration" - "gateway.istio.io/name-override" - "gateway.istio.io/service-account" - "gateway.istio.io/controller-version" - ) | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": "{{.Name}}" - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.7/charts/istiod/templates/NOTES.txt b/resources/v1.26.7/charts/istiod/templates/NOTES.txt deleted file mode 100644 index 0d07ea7f4..000000000 --- a/resources/v1.26.7/charts/istiod/templates/NOTES.txt +++ /dev/null @@ -1,82 +0,0 @@ -"istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: -{{- $profile := default "" .Values.profile }} -{{- if (eq $profile "ambient") }} - * Get started with ambient: https://istio.io/latest/docs/ops/ambient/getting-started/ - * Review ambient's architecture: https://istio.io/latest/docs/ops/ambient/architecture/ -{{- else }} - * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/ - * Try out our tasks to get started on common configurations: - * https://istio.io/latest/docs/tasks/traffic-management - * https://istio.io/latest/docs/tasks/security/ - * https://istio.io/latest/docs/tasks/policy-enforcement/ -{{- end }} - * Review the list of actively supported releases, CVE publications and our hardening guide: - * https://istio.io/latest/docs/releases/supported-releases/ - * https://istio.io/latest/news/security/ - * https://istio.io/latest/docs/ops/best-practices/security/ - -For further documentation see https://istio.io website - -{{- - $deps := dict - "global.outboundTrafficPolicy" "meshConfig.outboundTrafficPolicy" - "global.certificates" "meshConfig.certificates" - "global.localityLbSetting" "meshConfig.localityLbSetting" - "global.policyCheckFailOpen" "meshConfig.policyCheckFailOpen" - "global.enableTracing" "meshConfig.enableTracing" - "global.proxy.accessLogFormat" "meshConfig.accessLogFormat" - "global.proxy.accessLogFile" "meshConfig.accessLogFile" - "global.proxy.concurrency" "meshConfig.defaultConfig.concurrency" - "global.proxy.envoyAccessLogService" "meshConfig.defaultConfig.envoyAccessLogService" - "global.proxy.envoyAccessLogService.enabled" "meshConfig.enableEnvoyAccessLogService" - "global.proxy.envoyMetricsService" "meshConfig.defaultConfig.envoyMetricsService" - "global.proxy.protocolDetectionTimeout" "meshConfig.protocolDetectionTimeout" - "global.proxy.holdApplicationUntilProxyStarts" "meshConfig.defaultConfig.holdApplicationUntilProxyStarts" - "pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" - "global.mtls.enabled" "the PeerAuthentication resource" - "global.mtls.auto" "meshConfig.enableAutoMtls" - "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address" - "global.tracer.lightstep.accessToken" "meshConfig.defaultConfig.tracing.lightstep.accessToken" - "global.tracer.zipkin.address" "meshConfig.defaultConfig.tracing.zipkin.address" - "global.tracer.datadog.address" "meshConfig.defaultConfig.tracing.datadog.address" - "global.meshExpansion.enabled" "Gateway and other Istio networking resources, such as in samples/multicluster/" - "istiocoredns.enabled" "the in-proxy DNS capturing (ISTIO_META_DNS_CAPTURE)" -}} -{{- range $dep, $replace := $deps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -WARNING: {{$dep|quote}} is deprecated; use {{$replace|quote}} instead. -{{- end }} -{{- end }} -{{- - $failDeps := dict - "telemetry.v2.prometheus.configOverride" - "telemetry.v2.stackdriver.configOverride" - "telemetry.v2.stackdriver.disableOutbound" - "telemetry.v2.stackdriver.outboundAccessLogging" - "global.tracer.stackdriver.debug" "meshConfig.defaultConfig.tracing.stackdriver.debug" - "global.tracer.stackdriver.maxNumberOfAttributes" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" - "global.tracer.stackdriver.maxNumberOfAnnotations" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" - "global.tracer.stackdriver.maxNumberOfMessageEvents" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" - "meshConfig.defaultConfig.tracing.stackdriver.debug" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" "Istio supported tracers" -}} -{{- range $dep, $replace := $failDeps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -{{fail (print $dep " is removed")}} -{{- end }} -{{- end }} -{{- if eq $.Values.global.pilotCertProvider "kubernetes" }} -{{- fail "pilotCertProvider=kubernetes is not supported" }} -{{- end }} \ No newline at end of file diff --git a/resources/v1.26.7/charts/istiod/templates/_helpers.tpl b/resources/v1.26.7/charts/istiod/templates/_helpers.tpl deleted file mode 100644 index 042c92538..000000000 --- a/resources/v1.26.7/charts/istiod/templates/_helpers.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* Default Prometheus is enabled if its enabled and there are no config overrides set */}} -{{ define "default-prometheus" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.prometheus.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. Default metrics are enabled if SD is enabled */}} -{{ define "default-sd-metrics" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. */}} -{{ define "default-sd-logs" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/autoscale.yaml b/resources/v1.26.7/charts/istiod/templates/autoscale.yaml deleted file mode 100644 index 09cd6258c..000000000 --- a/resources/v1.26.7/charts/istiod/templates/autoscale.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.cpu.targetAverageUtilization }} - {{- if .Values.memory.targetAverageUtilization }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.memory.targetAverageUtilization }} - {{- end }} - {{- if .Values.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaleBehavior | nindent 4 }} - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/clusterrole.yaml b/resources/v1.26.7/charts/istiod/templates/clusterrole.yaml deleted file mode 100644 index d4d79d00f..000000000 --- a/resources/v1.26.7/charts/istiod/templates/clusterrole.yaml +++ /dev/null @@ -1,206 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - # sidecar injection controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - # configuration validation webhook controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] - - # istio configuration - # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) - # please proceed with caution - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["get", "watch", "list"] - resources: ["*"] -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["update", "patch"] - resources: - - authorizationpolicies/status - - destinationrules/status - - envoyfilters/status - - gateways/status - - peerauthentications/status - - proxyconfigs/status - - requestauthentications/status - - serviceentries/status - - sidecars/status - - telemetries/status - - virtualservices/status - - wasmplugins/status - - workloadentries/status - - workloadgroups/status -{{- end }} - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries/status", "serviceentries/status" ] - - apiGroups: ["security.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "authorizationpolicies/status" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services/status" ] - - # auto-detect installed CRD definitions - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - # discovery and routing - - apiGroups: [""] - resources: ["pods", "nodes", "services", "namespaces", "endpoints"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - -{{- if .Values.taint.enabled }} - - apiGroups: [""] - resources: ["nodes"] - verbs: ["patch"] -{{- end }} - - # ingress controller -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] -{{- end}} - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses", "ingressclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] - - # required for CA's namespace controller - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - # Istiod and bootstrap. -{{- $omitCertProvidersForClusterRole := list "istiod" "custom" "none"}} -{{- if or .Values.env.EXTERNAL_CA (not (has .Values.global.pilotCertProvider $omitCertProvidersForClusterRole)) }} - - apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete", "watch"] - - apiGroups: ["certificates.k8s.io"] - resources: - - "signers" - resourceNames: -{{- range .Values.global.certSigners }} - - {{ . | quote }} -{{- end }} - verbs: ["approve"] -{{- end}} -{{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - - apiGroups: ["certificates.k8s.io"] - resources: ["clustertrustbundles"] - verbs: ["update", "create", "delete", "list", "watch", "get"] - - apiGroups: ["certificates.k8s.io"] - resources: ["signers"] - resourceNames: ["istio.io/istiod-ca"] - verbs: ["attest"] -{{- end }} - - # Used by Istiod to verify the JWT tokens - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - # Used by Istiod to verify gateway SDS - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] - - # Use for Kubernetes Service APIs - - apiGroups: ["gateway.networking.k8s.io", "gateway.networking.x-k8s.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] - - apiGroups: ["gateway.networking.x-k8s.io"] - resources: - - xbackendtrafficpolicies/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: - - backendtlspolicies/status - - gatewayclasses/status - - gateways/status - - grpcroutes/status - - httproutes/status - - referencegrants/status - - tcproutes/status - - tlsroutes/status - - udproutes/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: ["gatewayclasses"] - verbs: ["create", "update", "patch", "delete"] - - # Needed for multicluster secret reading, possibly ingress certs in the future - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] - - # Used for MCS serviceexport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: [ "get", "watch", "list", "create", "delete"] - - # Used for MCS serviceimport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "watch", "list"] ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: ["apps"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "deployments" ] - - apiGroups: ["autoscaling"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "horizontalpodautoscalers" ] - - apiGroups: ["policy"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "poddisruptionbudgets" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "serviceaccounts"] -{{- end }} -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.26.7/charts/istiod/templates/clusterrolebinding.yaml deleted file mode 100644 index 10781b407..000000000 --- a/resources/v1.26.7/charts/istiod/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.26.7/charts/istiod/templates/configmap-jwks.yaml deleted file mode 100644 index 3505d2822..000000000 --- a/resources/v1.26.7/charts/istiod/templates/configmap-jwks.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/configmap-values.yaml b/resources/v1.26.7/charts/istiod/templates/configmap-values.yaml deleted file mode 100644 index 75e6e0bcc..000000000 --- a/resources/v1.26.7/charts/istiod/templates/configmap-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: values{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - annotations: - kubernetes.io/description: This ConfigMap contains the Helm values used during chart rendering. This ConfigMap is rendered for debugging purposes and external tooling; modifying these values has no effect. - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - original-values: |- -{{ .Values._original | toPrettyJson | indent 4 }} -{{- $_ := unset $.Values "_original" }} - merged-values: |- -{{ .Values | toPrettyJson | indent 4 }} diff --git a/resources/v1.26.7/charts/istiod/templates/configmap.yaml b/resources/v1.26.7/charts/istiod/templates/configmap.yaml deleted file mode 100644 index 3098d300f..000000000 --- a/resources/v1.26.7/charts/istiod/templates/configmap.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- define "mesh" }} - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: "cluster.local" - - # The namespace to treat as the administrative root namespace for Istio configuration. - # When processing a leaf namespace Istio will search for declarations in that namespace first - # and if none are found it will search in the root namespace. Any matching declaration found in the root namespace - # is processed as if it were declared in the leaf namespace. - rootNamespace: {{ .Values.meshConfig.rootNamespace | default .Values.global.istioNamespace }} - - {{ $prom := include "default-prometheus" . | eq "true" }} - {{ $sdMetrics := include "default-sd-metrics" . | eq "true" }} - {{ $sdLogs := include "default-sd-logs" . | eq "true" }} - {{- if or $prom $sdMetrics $sdLogs }} - defaultProviders: - {{- if or $prom $sdMetrics }} - metrics: - {{ if $prom }}- prometheus{{ end }} - {{ if and $sdMetrics $sdLogs }}- stackdriver{{ end }} - {{- end }} - {{- if and $sdMetrics $sdLogs }} - accessLogging: - - stackdriver - {{- end }} - {{- end }} - - defaultConfig: - {{- if .Values.global.meshID }} - meshId: "{{ .Values.global.meshID }}" - {{- end }} - {{- with (.Values.global.proxy.variant | default .Values.global.variant) }} - image: - imageType: {{. | quote}} - {{- end }} - {{- if not (eq .Values.global.proxy.tracer "none") }} - tracing: - {{- if eq .Values.global.proxy.tracer "lightstep" }} - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - zipkin: - # Address of the Zipkin collector - address: {{ ((.Values.global.tracer).zipkin).address | default (print "zipkin." .Values.global.istioNamespace ":9411") }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - datadog: - # Address of the Datadog Agent - address: {{ ((.Values.global.tracer).datadog).address | default "$(HOST_IP):8126" }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - stackdriver: - # enables trace output to stdout. - debug: {{ (($.Values.global.tracer).stackdriver).debug | default "false" }} - # The global default max number of attributes per span. - maxNumberOfAttributes: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAttributes | default "200" }} - # The global default max number of annotation events per span. - maxNumberOfAnnotations: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAnnotations | default "200" }} - # The global default max number of message events per span. - maxNumberOfMessageEvents: {{ (($.Values.global.tracer).stackdriver).maxNumberOfMessageEvents | default "200" }} - {{- end }} - {{- end }} - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ printf "istiod.%s.svc" .Release.Namespace }}:15012 - {{- else }} - discoveryAddress: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{.Release.Namespace}}.svc:15012 - {{- end }} -{{- end }} - -{{/* We take the mesh config above, defined with individual values.yaml, and merge with .Values.meshConfig */}} -{{/* The intent here is that meshConfig.foo becomes the API, rather than re-inventing the API in values.yaml */}} -{{- $originalMesh := include "mesh" . | fromYaml }} -{{- $mesh := mergeOverwrite $originalMesh .Values.meshConfig }} - -{{- if .Values.configMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} - - mesh: |- -{{- if .Values.meshConfig }} -{{ $mesh | toYaml | indent 4 }} -{{- else }} -{{- include "mesh" . }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/deployment.yaml b/resources/v1.26.7/charts/istiod/templates/deployment.yaml deleted file mode 100644 index 73917d860..000000000 --- a/resources/v1.26.7/charts/istiod/templates/deployment.yaml +++ /dev/null @@ -1,304 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- range $key, $val := .Values.deploymentLabels }} - {{ $key }}: "{{ $val }}" -{{- end }} -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - {{- if ne .Values.revision "" }} - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - {{- else }} - istio: pilot - {{- end }} - template: - metadata: - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - sidecar.istio.io/inject: "false" - operator.istio.io/component: "Pilot" - {{- if ne .Values.revision "" }} - istio: istiod - {{- else }} - istio: pilot - {{- end }} - {{- range $key, $val := .Values.podLabels }} - {{ $key }}: "{{ $val }}" - {{- end }} - istio.io/dataplane-mode: none - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 8 }} - annotations: - prometheus.io/port: "15014" - prometheus.io/scrape: "true" - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- with .Values.affinity }} - affinity: -{{- toYaml . | nindent 8 }} -{{- end }} - tolerations: - - key: cni.istio.io/not-ready - operator: "Exists" -{{- with .Values.tolerations }} -{{- toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{- toYaml . | nindent 8 }} -{{- end }} - serviceAccountName: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- with .Values.initContainers }} - initContainers: - {{- tpl (toYaml .) $ | nindent 8 }} -{{- end }} - containers: - - name: discovery -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "pilot" }}:{{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}}" -{{- end }} -{{- if .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} -{{- end }} - args: - - "discovery" - - --monitoringAddr=:15014 -{{- if .Values.global.logging.level }} - - --log_output_level={{ .Values.global.logging.level }} -{{- end}} -{{- if .Values.global.logAsJson }} - - --log_as_json -{{- end }} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.taint.namespace }} - - --cniNamespace={{ .Values.taint.namespace }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" -{{- if .Values.extraContainerArgs }} - {{- with .Values.extraContainerArgs }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- end }} - ports: - - containerPort: 8080 - protocol: TCP - name: http-debug - - containerPort: 15010 - protocol: TCP - name: grpc-xds - - containerPort: 15012 - protocol: TCP - name: tls-xds - - containerPort: 15017 - protocol: TCP - name: https-webhooks - - containerPort: 15014 - protocol: TCP - name: http-monitoring - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 1 - periodSeconds: 3 - timeoutSeconds: 5 - env: - - name: REVISION - value: "{{ .Values.revision | default `default` }}" - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.serviceAccountName - - name: KUBECONFIG - value: /var/run/secrets/remote/config - # If you explicitly told us where ztunnel lives, use that. - # Otherwise, assume it lives in our namespace - # Also, check for an explicit ENV override (legacy approach) and prefer that - # if present - {{ $ztTrustedNS := or .Values.trustedZtunnelNamespace .Release.Namespace }} - {{ $ztTrustedName := or .Values.trustedZtunnelName "ztunnel" }} - {{- if not .Values.env.CA_TRUSTED_NODE_ACCOUNTS }} - - name: CA_TRUSTED_NODE_ACCOUNTS - value: "{{ $ztTrustedNS }}/{{ $ztTrustedName }}" - {{- end }} - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - {{- with .Values.envVarFrom }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} -# If externalIstiod is set via Values.Global, then enable the pilot env variable. However, if it's set via Values.pilot.env, then -# don't set it here to avoid duplication. -# TODO (nshankar13): Move from Helm chart to code: https://github.com/istio/istio/issues/52449 -{{- if and .Values.global.externalIstiod (not (and .Values.env .Values.env.EXTERNAL_ISTIOD)) }} - - name: EXTERNAL_ISTIOD - value: "{{ .Values.global.externalIstiod }}" -{{- end }} - - name: PILOT_ENABLE_ANALYSIS - value: "{{ .Values.global.istiod.enableAnalysis }}" - - name: CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - divisor: "1" - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - divisor: "1" - - name: PLATFORM - value: "{{ coalesce .Values.global.platform .Values.platform }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - volumeMounts: - - name: istio-token - mountPath: /var/run/secrets/tokens - readOnly: true - - name: local-certs - mountPath: /var/run/secrets/istio-dns - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - - name: istio-kubeconfig - mountPath: /var/run/secrets/remote - readOnly: true - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts - {{- end }} - - name: istio-csr-dns-cert - mountPath: /var/run/secrets/istiod/tls - readOnly: true - - name: istio-csr-ca-configmap - mountPath: /var/run/secrets/istiod/ca - readOnly: true - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 10 }} - {{- end }} - volumes: - # Technically not needed on this pod - but it helps debugging/testing SDS - # Should be removed after everything works. - - emptyDir: - medium: Memory - name: local-certs - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ .Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - # Optional: user-generated root - - name: cacerts - secret: - secretName: cacerts - optional: true - - name: istio-kubeconfig - secret: - secretName: istio-kubeconfig - optional: true - # Optional: istio-csr dns pilot certs - - name: istio-csr-dns-cert - secret: - secretName: istiod-tls - optional: true - - name: istio-csr-ca-configmap - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - optional: true - {{- else }} - configMap: - name: istio-ca-root-cert - defaultMode: 420 - optional: true - {{- end }} - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} - ---- -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.26.7/charts/istiod/templates/gateway-class-configmap.yaml deleted file mode 100644 index 6b23d716a..000000000 --- a/resources/v1.26.7/charts/istiod/templates/gateway-class-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ range $key, $value := .Values.gatewayClasses }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-{{ $.Values.revision | default "default" }}-gatewayclass-{{$key}} - namespace: {{ $.Release.Namespace }} - labels: - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - gateway.istio.io/defaults-for-class: {{$key|quote}} - {{- include "istio.labels" $ | nindent 4 }} -data: -{{ range $kind, $overlay := $value }} - {{$kind}}: | -{{$overlay|toYaml|trim|indent 4}} -{{ end }} ---- -{{ end }} diff --git a/resources/v1.26.7/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.26.7/charts/istiod/templates/istiod-injector-configmap.yaml deleted file mode 100644 index 171aff886..000000000 --- a/resources/v1.26.7/charts/istiod/templates/istiod-injector-configmap.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: -{{/* Scope the values to just top level fields used in the template, to reduce the size. */}} - values: |- -{{ $vals := pick .Values "global" "sidecarInjectorWebhook" "revision" -}} -{{ $pilotVals := pick .Values "cni" "env" -}} -{{ $vals = set $vals "pilot" $pilotVals -}} -{{ $gatewayVals := pick .Values.gateways "securityContext" "seccompProfile" -}} -{{ $vals = set $vals "gateways" $gatewayVals -}} -{{ $vals | toPrettyJson | indent 4 }} - - # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching - # and istiod webhook functionality. - # - # New fields should not use Values - it is a 'primary' config object, users should be able - # to fine tune it or use it with kube-inject. - config: |- - # defaultTemplates defines the default template to use for pods that do not explicitly specify a template - {{- if .Values.sidecarInjectorWebhook.defaultTemplates }} - defaultTemplates: -{{- range .Values.sidecarInjectorWebhook.defaultTemplates}} - - {{ . }} -{{- end }} - {{- else }} - defaultTemplates: [sidecar] - {{- end }} - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": {{ $val | quote }} - {{- end }} - {{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template - which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined". - This should make it obvious that their installation is broken. - */}} - template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }} - templates: -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }} - sidecar: | -{{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }} - gateway: | -{{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }} - grpc-simple: | -{{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }} - grpc-agent: | -{{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "waypoint") }} - waypoint: | -{{ .Files.Get "files/waypoint.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "kube-gateway") }} - kube-gateway: | -{{ .Files.Get "files/kube-gateway.yaml" | trim | indent 8 }} -{{- end }} -{{- with .Values.sidecarInjectorWebhook.templates }} -{{ toYaml . | trim | indent 6 }} -{{- end }} - -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.26.7/charts/istiod/templates/mutatingwebhook.yaml deleted file mode 100644 index 22160f70a..000000000 --- a/resources/v1.26.7/charts/istiod/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- /* Core defines the common configuration used by all webhook segments */}} -{{/* Copy just what we need to avoid expensive deepCopy */}} -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "caBundle" .Values.istiodRemote.injectionCABundle - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - {{- if .caBundle }} - caBundle: "{{ .caBundle }}" - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- /* Installed for each revision - not installed for cluster resources ( cluster roles, bindings, crds) */}} -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq .Release.Namespace "istio-system"}} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- else }} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -{{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- /* Set up the selectors. First section is for revision, rest is for "default" revision */}} - -{{- /* Case 1: namespace selector matches, and object doesn't disable */}} -{{- /* Note: if both revision and legacy selector, we give precedence to the legacy one */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: No namespace selector, but object selects our revision (and doesn't disable) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - -{{- /* Webhooks for default revision */}} -{{- if (eq .Values.revision "") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if .Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.26.7/charts/istiod/templates/poddisruptionbudget.yaml deleted file mode 100644 index 1eacf16e6..000000000 --- a/resources/v1.26.7/charts/istiod/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - istio: pilot - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - minAvailable: 1 - selector: - matchLabels: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - istio: pilot - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.26.7/charts/istiod/templates/reader-clusterrole.yaml deleted file mode 100644 index 4707c7e9f..000000000 --- a/resources/v1.26.7/charts/istiod/templates/reader-clusterrole.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: - - "config.istio.io" - - "security.istio.io" - - "networking.istio.io" - - "authentication.istio.io" - - "rbac.istio.io" - - "telemetry.istio.io" - - "extensions.istio.io" - resources: ["*"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - # TODO(keithmattix): See if we can conditionally give permission to read secrets and configmaps iff externalIstiod - # is enabled. Best I can tell, these two resources are only needed for configuring proxy TLS (i.e. CA certs). - resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets", "configmaps"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] - resources: ["gateways"] - verbs: ["get", "watch", "list"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] -{{- if .Values.istiodRemote.enabled }} - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] -{{- end}} diff --git a/resources/v1.26.7/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.26.7/charts/istiod/templates/reader-clusterrolebinding.yaml deleted file mode 100644 index aea9f01f7..000000000 --- a/resources/v1.26.7/charts/istiod/templates/reader-clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} diff --git a/resources/v1.26.7/charts/istiod/templates/remote-istiod-endpoints.yaml b/resources/v1.26.7/charts/istiod/templates/remote-istiod-endpoints.yaml deleted file mode 100644 index a6de571da..000000000 --- a/resources/v1.26.7/charts/istiod/templates/remote-istiod-endpoints.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.istiodRemote.enabled }} -# if the remotePilotAddress is an IP addr -{{- if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 15017 - name: tcp-webhook - protocol: TCP ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.26.7/charts/istiod/templates/remote-istiod-service.yaml deleted file mode 100644 index d3f872f74..000000000 --- a/resources/v1.26.7/charts/istiod/templates/remote-istiod-service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 443 - targetPort: 15017 - name: tcp-webhook - protocol: TCP - {{- if and .Values.global.remotePilotAddress (not (regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress)) }} - # if the remotePilotAddress is not an IP addr, we use ExternalName - type: ExternalName - externalName: {{ .Values.global.remotePilotAddress }} - {{- end }} -{{- if .Values.global.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy }} -{{- end }} -{{- if .Values.global.ipFamilies }} - ipFamilies: -{{- range .Values.global.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/revision-tags.yaml b/resources/v1.26.7/charts/istiod/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.7/charts/istiod/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/role.yaml b/resources/v1.26.7/charts/istiod/templates/role.yaml deleted file mode 100644 index 10d89e8d1..000000000 --- a/resources/v1.26.7/charts/istiod/templates/role.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: -# permissions to verify the webhook is ready and rejecting -# invalid config. We use --server-dry-run so no config is persisted. -- apiGroups: ["networking.istio.io"] - verbs: ["create"] - resources: ["gateways"] - -# For storing CA secret -- apiGroups: [""] - resources: ["secrets"] - # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config - verbs: ["create", "get", "watch", "list", "update", "delete"] - -# For status controller, so it can delete the distribution report configmap -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["delete"] - -# For gateway deployment controller -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "update", "patch", "create"] -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/rolebinding.yaml b/resources/v1.26.7/charts/istiod/templates/rolebinding.yaml deleted file mode 100644 index a42f4ec44..000000000 --- a/resources/v1.26.7/charts/istiod/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/service.yaml b/resources/v1.26.7/charts/istiod/templates/service.yaml deleted file mode 100644 index 30d5b8912..000000000 --- a/resources/v1.26.7/charts/istiod/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.serviceAnnotations }} - annotations: -{{ toYaml .Values.serviceAnnotations | indent 4 }} - {{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: istiod - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15010 - name: grpc-xds # plaintext - protocol: TCP - - port: 15012 - name: https-dns # mTLS with k8s-signed cert - protocol: TCP - - port: 443 - name: https-webhook # validation and injection - targetPort: 15017 - protocol: TCP - - port: 15014 - name: http-monitoring # prometheus stats - protocol: TCP - selector: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - # Label used by the 'default' service. For versioned deployments we match with app and version. - # This avoids default deployment picking the canary - istio: pilot - {{- end }} - {{- if .Values.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.ipFamilyPolicy }} - {{- end }} - {{- if .Values.ipFamilies }} - ipFamilies: - {{- range .Values.ipFamilies }} - - {{ . }} - {{- end }} - {{- end }} ---- -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/serviceaccount.yaml b/resources/v1.26.7/charts/istiod/templates/serviceaccount.yaml deleted file mode 100644 index a673a4d07..000000000 --- a/resources/v1.26.7/charts/istiod/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} - {{- if .Values.serviceAccountAnnotations }} - annotations: -{{- toYaml .Values.serviceAccountAnnotations | nindent 4 }} - {{- end }} -{{- end }} ---- diff --git a/resources/v1.26.7/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.26.7/charts/istiod/templates/validatingadmissionpolicy.yaml deleted file mode 100644 index d36eef68e..000000000 --- a/resources/v1.26.7/charts/istiod/templates/validatingadmissionpolicy.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.experimental.stableValidationPolicy }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-policy-binding{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" -spec: - policyName: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - validationActions: [Deny] -{{- end }} -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.26.7/charts/istiod/templates/validatingwebhookconfiguration.yaml deleted file mode 100644 index fb28836a0..000000000 --- a/resources/v1.26.7/charts/istiod/templates/validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.global.configValidation }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-validator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - # Webhook handling per-revision validation. Mostly here so we can determine whether webhooks - # are rejecting invalid configs on a per-revision basis. - - name: rev.validation.istio.io - clientConfig: - # Should change from base but cannot for API compat - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.7/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.26.7/charts/istiod/templates/zzy_descope_legacy.yaml deleted file mode 100644 index ae8fced29..000000000 --- a/resources/v1.26.7/charts/istiod/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.pilot` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "pilot") }} \ No newline at end of file diff --git a/resources/v1.26.7/charts/istiod/templates/zzz_profile.yaml b/resources/v1.26.7/charts/istiod/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.7/charts/istiod/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.7/charts/istiod/values.yaml b/resources/v1.26.7/charts/istiod/values.yaml deleted file mode 100644 index c8ef03315..000000000 --- a/resources/v1.26.7/charts/istiod/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.7 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.7/charts/revisiontags/Chart.yaml b/resources/v1.26.7/charts/revisiontags/Chart.yaml deleted file mode 100644 index 76b150070..000000000 --- a/resources/v1.26.7/charts/revisiontags/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.7 -description: Helm chart for istio revision tags -name: revisiontags -sources: -- https://github.com/istio-ecosystem/sail-operator -version: 0.1.0 - diff --git a/resources/v1.26.7/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.26.7/charts/revisiontags/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.7/charts/revisiontags/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.7/charts/revisiontags/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.7/charts/revisiontags/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.7/charts/revisiontags/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/revisiontags/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.7/charts/revisiontags/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.7/charts/revisiontags/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.7/charts/revisiontags/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.7/charts/revisiontags/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/revisiontags/files/profile-demo.yaml b/resources/v1.26.7/charts/revisiontags/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.7/charts/revisiontags/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.7/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.26.7/charts/revisiontags/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.7/charts/revisiontags/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.7/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.26.7/charts/revisiontags/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.7/charts/revisiontags/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.7/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.26.7/charts/revisiontags/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.7/charts/revisiontags/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.7/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.26.7/charts/revisiontags/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.7/charts/revisiontags/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.7/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.26.7/charts/revisiontags/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.7/charts/revisiontags/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.7/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.26.7/charts/revisiontags/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.7/charts/revisiontags/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.7/charts/revisiontags/files/profile-preview.yaml b/resources/v1.26.7/charts/revisiontags/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.7/charts/revisiontags/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.7/charts/revisiontags/files/profile-remote.yaml b/resources/v1.26.7/charts/revisiontags/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.7/charts/revisiontags/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.7/charts/revisiontags/files/profile-stable.yaml b/resources/v1.26.7/charts/revisiontags/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.7/charts/revisiontags/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.7/charts/revisiontags/templates/revision-tags.yaml b/resources/v1.26.7/charts/revisiontags/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.7/charts/revisiontags/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.7/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.26.7/charts/revisiontags/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.7/charts/revisiontags/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.7/charts/revisiontags/values.yaml b/resources/v1.26.7/charts/revisiontags/values.yaml deleted file mode 100644 index c8ef03315..000000000 --- a/resources/v1.26.7/charts/revisiontags/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.7 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.7/charts/ztunnel/Chart.yaml b/resources/v1.26.7/charts/ztunnel/Chart.yaml deleted file mode 100644 index feaf7a333..000000000 --- a/resources/v1.26.7/charts/ztunnel/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.7 -description: Helm chart for istio ztunnel components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-ztunnel -- istio -name: ztunnel -sources: -- https://github.com/istio/istio -version: 1.26.7 diff --git a/resources/v1.26.7/charts/ztunnel/README.md b/resources/v1.26.7/charts/ztunnel/README.md deleted file mode 100644 index ffe0b94fe..000000000 --- a/resources/v1.26.7/charts/ztunnel/README.md +++ /dev/null @@ -1,50 +0,0 @@ -# Istio Ztunnel Helm Chart - -This chart installs an Istio ztunnel. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart: - -```console -helm install ztunnel istio/ztunnel -``` - -## Uninstalling the Chart - -To uninstall/delete the chart: - -```console -helm delete ztunnel -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/ztunnel -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.7/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.26.7/charts/ztunnel/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.7/charts/ztunnel/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.7/charts/ztunnel/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.7/charts/ztunnel/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.7/charts/ztunnel/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/ztunnel/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.7/charts/ztunnel/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.7/charts/ztunnel/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.7/charts/ztunnel/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.7/charts/ztunnel/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.7/charts/ztunnel/files/profile-demo.yaml b/resources/v1.26.7/charts/ztunnel/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.7/charts/ztunnel/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.7/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.26.7/charts/ztunnel/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.7/charts/ztunnel/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.7/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.26.7/charts/ztunnel/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.7/charts/ztunnel/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.7/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.26.7/charts/ztunnel/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.7/charts/ztunnel/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.7/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.26.7/charts/ztunnel/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.7/charts/ztunnel/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.7/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.26.7/charts/ztunnel/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.7/charts/ztunnel/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.7/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.26.7/charts/ztunnel/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.7/charts/ztunnel/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.7/charts/ztunnel/files/profile-preview.yaml b/resources/v1.26.7/charts/ztunnel/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.7/charts/ztunnel/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.7/charts/ztunnel/files/profile-remote.yaml b/resources/v1.26.7/charts/ztunnel/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.7/charts/ztunnel/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.7/charts/ztunnel/files/profile-stable.yaml b/resources/v1.26.7/charts/ztunnel/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.7/charts/ztunnel/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.7/charts/ztunnel/templates/NOTES.txt b/resources/v1.26.7/charts/ztunnel/templates/NOTES.txt deleted file mode 100644 index 244f59db0..000000000 --- a/resources/v1.26.7/charts/ztunnel/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -ztunnel successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.7/charts/ztunnel/templates/_helpers.tpl b/resources/v1.26.7/charts/ztunnel/templates/_helpers.tpl deleted file mode 100644 index 46a7a0b79..000000000 --- a/resources/v1.26.7/charts/ztunnel/templates/_helpers.tpl +++ /dev/null @@ -1 +0,0 @@ -{{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }} diff --git a/resources/v1.26.7/charts/ztunnel/templates/daemonset.yaml b/resources/v1.26.7/charts/ztunnel/templates/daemonset.yaml deleted file mode 100644 index 720970c97..000000000 --- a/resources/v1.26.7/charts/ztunnel/templates/daemonset.yaml +++ /dev/null @@ -1,205 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -spec: - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - app: ztunnel - template: - metadata: - labels: - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app: ztunnel - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 8}} -{{ with .Values.podLabels -}}{{ toYaml . | indent 8 }}{{ end }} - annotations: - sidecar.istio.io/inject: "false" -{{- if .Values.revision }} - istio.io/rev: {{ .Values.revision }} -{{- end }} -{{ with .Values.podAnnotations -}}{{ toYaml . | indent 8 }}{{ end }} - spec: - nodeSelector: - kubernetes.io/os: linux -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | trim | indent 8 }} -{{- end }} - serviceAccountName: {{ include "ztunnel.release-name" . }} - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - containers: - - name: istio-proxy -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub }}/{{ .Values.image | default "ztunnel" }}:{{ .Values.tag }}{{with (.Values.variant )}}-{{.}}{{end}}" -{{- end }} - ports: - - containerPort: 15020 - name: ztunnel-stats - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 10 }} -{{- end }} -{{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} -{{- end }} - securityContext: - # K8S docs are clear that CAP_SYS_ADMIN *or* privileged: true - # both force this to `true`: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - # But there is a K8S validation bug that doesn't propery catch this: https://github.com/kubernetes/kubernetes/issues/119568 - allowPrivilegeEscalation: true - privileged: false - capabilities: - drop: - - ALL - add: # See https://man7.org/linux/man-pages/man7/capabilities.7.html - - NET_ADMIN # Required for TPROXY and setsockopt - - SYS_ADMIN # Required for `setns` - doing things in other netns - - NET_RAW # Required for RAW/PACKET sockets, TPROXY - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: false - runAsUser: 0 -{{- if .Values.seLinuxOptions }} - seLinuxOptions: -{{ toYaml .Values.seLinuxOptions | trim | indent 12 }} -{{- end }} - readinessProbe: - httpGet: - port: 15021 - path: /healthz/ready - args: - - proxy - - ztunnel - env: - - name: CA_ADDRESS - {{- if .Values.caAddress }} - value: {{ .Values.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - - name: XDS_ADDRESS - {{- if .Values.xdsAddress }} - value: {{ .Values.xdsAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - {{- if .Values.logAsJson }} - - name: LOG_FORMAT - value: json - {{- end}} - - name: RUST_LOG - value: {{ .Values.logLevel | quote }} - - name: RUST_BACKTRACE - value: "1" - - name: ISTIO_META_CLUSTER_ID - value: {{ .Values.multiCluster.clusterName | default "Kubernetes" }} - - name: INPOD_ENABLED - value: "true" - - name: TERMINATION_GRACE_PERIOD_SECONDS - value: "{{ .Values.terminationGracePeriodSeconds }}" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.meshConfig.defaultConfig.proxyMetadata }} - {{- range $key, $value := .Values.meshConfig.defaultConfig.proxyMetadata}} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- with .Values.env }} - {{- range $key, $val := . }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - volumeMounts: - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - - mountPath: /tmp - name: tmp - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 8 }} - {{- end }} - priorityClassName: system-node-critical - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - volumes: - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: istio-ca - - name: istiod-ca-cert - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate # ideally this would be a socket, but istio-cni may not have started yet. - # pprof needs a writable /tmp, and we don't have that thanks to `readOnlyRootFilesystem: true`, so mount one - - name: tmp - emptyDir: {} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} diff --git a/resources/v1.26.7/charts/ztunnel/templates/rbac.yaml b/resources/v1.26.7/charts/ztunnel/templates/rbac.yaml deleted file mode 100644 index 0a8138c9a..000000000 --- a/resources/v1.26.7/charts/ztunnel/templates/rbac.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount - {{- with .Values.imagePullSecrets }} -imagePullSecrets: - {{- range . }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} ---- -{{- if (eq (.Values.platform | default "") "openshift") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ztunnel.release-name" . }} -subjects: -- kind: ServiceAccount - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} -{{- end }} ---- diff --git a/resources/v1.26.7/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.26.7/charts/ztunnel/templates/resourcequota.yaml deleted file mode 100644 index a1c0e5496..000000000 --- a/resources/v1.26.7/charts/ztunnel/templates/resourcequota.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.7/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.26.7/charts/ztunnel/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.7/charts/ztunnel/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.7/charts/ztunnel/values.yaml b/resources/v1.26.7/charts/ztunnel/values.yaml deleted file mode 100644 index accc7257d..000000000 --- a/resources/v1.26.7/charts/ztunnel/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Hub to pull from. Image will be `Hub/Image:Tag-Variant` - hub: gcr.io/istio-release - # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.26.7 - # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. - variant: "" - - # Image name to pull from. Image will be `Hub/Image:Tag-Variant` - # If Image contains a "/", it will replace the entire `image` in the pod. - image: ztunnel - - # resourceName, if set, will override the naming of resources. If not set, will default to 'ztunnel'. - # If you set this, you MUST also set `trustedZtunnelName` in the `istiod` chart. - resourceName: "" - - # Labels to apply to all top level resources - labels: {} - # Annotations to apply to all top level resources - annotations: {} - - # Additional volumeMounts to the ztunnel container - volumeMounts: [] - - # Additional volumes to the ztunnel pod - volumes: [] - - # Annotations added to each pod. The default annotations are required for scraping prometheus (in most environments). - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - - # Additional labels to apply on the pod level - podLabels: {} - - # Pod resource configuration - resources: - requests: - cpu: 200m - # Ztunnel memory scales with the size of the cluster and traffic load - # While there are many factors, this is enough for ~200k pod cluster or 100k concurrently open connections. - memory: 512Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # List of secret names to add to the service account as image pull secrets - imagePullSecrets: [] - - # A `key: value` mapping of environment variables to add to the pod - env: {} - - # Override for the pod imagePullPolicy - imagePullPolicy: "" - - # Settings for multicluster - multiCluster: - # The name of the cluster we are installing in. Note this is a user-defined name, which must be consistent - # with Istiod configuration. - clusterName: "" - - # meshConfig defines runtime configuration of components. - # For ztunnel, only defaultConfig is used, but this is nested under `meshConfig` for consistency with other - # components. - # TODO: https://github.com/istio/istio/issues/43248 - meshConfig: - defaultConfig: - proxyMetadata: {} - - # This value defines: - # 1. how many seconds kube waits for ztunnel pod to gracefully exit before forcibly terminating it (this value) - # 2. how many seconds ztunnel waits to drain its own connections (this value - 1 sec) - # Default K8S value is 30 seconds - terminationGracePeriodSeconds: 30 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set explicitly. - revision: "" - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - caAddress: "" - - # The customized XDS address to retrieve configuration. - # This should include the port - 15012 for Istiod. TLS will be used with the certificates in "istiod-ca-cert" secret. - # By default, it is istiod.istio-system.svc:15012 if revision is not set, or istiod-..svc:15012 - xdsAddress: "" - - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set. - istioNamespace: istio-system - - # Configuration log level of ztunnel binary, default is info. - # Valid values are: trace, debug, info, warn, error - logLevel: info - - # To output all logs in json format - logAsJson: false - - # Set to `type: RuntimeDefault` to use the default profile if available. - seLinuxOptions: {} - # TODO Ambient inpod - for OpenShift, set to the following to get writable sockets in hostmounts to work, eventually consider CSI driver instead - #seLinuxOptions: - # type: spc_t - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 diff --git a/resources/v1.26.7/cni-1.26.7.tgz.etag b/resources/v1.26.7/cni-1.26.7.tgz.etag deleted file mode 100644 index a0dcb4403..000000000 --- a/resources/v1.26.7/cni-1.26.7.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -5421ebdc49fa9ec094cc3db427a95202 diff --git a/resources/v1.26.7/commit b/resources/v1.26.7/commit deleted file mode 100644 index ad7c780d0..000000000 --- a/resources/v1.26.7/commit +++ /dev/null @@ -1 +0,0 @@ -1.26.7 diff --git a/resources/v1.26.7/gateway-1.26.7.tgz.etag b/resources/v1.26.7/gateway-1.26.7.tgz.etag deleted file mode 100644 index 1f2773f4a..000000000 --- a/resources/v1.26.7/gateway-1.26.7.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -2d85d1d03df96152080acafd78f1e424 diff --git a/resources/v1.26.7/istiod-1.26.7.tgz.etag b/resources/v1.26.7/istiod-1.26.7.tgz.etag deleted file mode 100644 index cde2fcd77..000000000 --- a/resources/v1.26.7/istiod-1.26.7.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -85edc6aec8d3f34ddb131df61f118bcd diff --git a/resources/v1.26.7/profiles/ambient.yaml b/resources/v1.26.7/profiles/ambient.yaml deleted file mode 100644 index 71ea784a8..000000000 --- a/resources/v1.26.7/profiles/ambient.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient diff --git a/resources/v1.26.7/profiles/default.yaml b/resources/v1.26.7/profiles/default.yaml deleted file mode 100644 index 8f1ef1967..000000000 --- a/resources/v1.26.7/profiles/default.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - # Most default values come from the helm chart's values.yaml - # Below are the things that differ - values: - defaultRevision: "" - global: - istioNamespace: istio-system - configValidation: true - ztunnel: - resourceName: ztunnel diff --git a/resources/v1.26.7/profiles/demo.yaml b/resources/v1.26.7/profiles/demo.yaml deleted file mode 100644 index 53c4b4163..000000000 --- a/resources/v1.26.7/profiles/demo.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: demo diff --git a/resources/v1.26.7/profiles/empty.yaml b/resources/v1.26.7/profiles/empty.yaml deleted file mode 100644 index 4477cb1fe..000000000 --- a/resources/v1.26.7/profiles/empty.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# The empty profile has everything disabled -# This is useful as a base for custom user configuration -apiVersion: sailoperator.io/v1 -kind: Istio -spec: {} diff --git a/resources/v1.26.7/profiles/openshift-ambient.yaml b/resources/v1.26.7/profiles/openshift-ambient.yaml deleted file mode 100644 index 76edf00cd..000000000 --- a/resources/v1.26.7/profiles/openshift-ambient.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient - global: - platform: openshift diff --git a/resources/v1.26.7/profiles/openshift.yaml b/resources/v1.26.7/profiles/openshift.yaml deleted file mode 100644 index 41492660f..000000000 --- a/resources/v1.26.7/profiles/openshift.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - global: - platform: openshift diff --git a/resources/v1.26.7/profiles/preview.yaml b/resources/v1.26.7/profiles/preview.yaml deleted file mode 100644 index 59d545c84..000000000 --- a/resources/v1.26.7/profiles/preview.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: preview diff --git a/resources/v1.26.7/profiles/remote.yaml b/resources/v1.26.7/profiles/remote.yaml deleted file mode 100644 index 54c65c8ba..000000000 --- a/resources/v1.26.7/profiles/remote.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The remote profile is used to configure a mesh cluster without a locally deployed control plane. -# Only the injector mutating webhook configuration is installed. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: remote diff --git a/resources/v1.26.7/profiles/stable.yaml b/resources/v1.26.7/profiles/stable.yaml deleted file mode 100644 index 285feba24..000000000 --- a/resources/v1.26.7/profiles/stable.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: stable diff --git a/resources/v1.26.7/ztunnel-1.26.7.tgz.etag b/resources/v1.26.7/ztunnel-1.26.7.tgz.etag deleted file mode 100644 index 26e2c997e..000000000 --- a/resources/v1.26.7/ztunnel-1.26.7.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -c46916b74e3704e61ff14f7fd48d5fc1 diff --git a/resources/v1.26.8/base-1.26.8.tgz.etag b/resources/v1.26.8/base-1.26.8.tgz.etag deleted file mode 100644 index f9205e6c2..000000000 --- a/resources/v1.26.8/base-1.26.8.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -839761235303733b92f133f7d0388fdf diff --git a/resources/v1.26.8/charts/base/Chart.yaml b/resources/v1.26.8/charts/base/Chart.yaml deleted file mode 100644 index d631eda33..000000000 --- a/resources/v1.26.8/charts/base/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.8 -description: Helm chart for deploying Istio cluster resources and CRDs -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -name: base -sources: -- https://github.com/istio/istio -version: 1.26.8 diff --git a/resources/v1.26.8/charts/base/README.md b/resources/v1.26.8/charts/base/README.md deleted file mode 100644 index ae8f6d5b0..000000000 --- a/resources/v1.26.8/charts/base/README.md +++ /dev/null @@ -1,35 +0,0 @@ -# Istio base Helm Chart - -This chart installs resources shared by all Istio revisions. This includes Istio CRDs. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-base`: - -```console -kubectl create namespace istio-system -helm install istio-base istio/base -n istio-system -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.8/charts/base/files/profile-ambient.yaml b/resources/v1.26.8/charts/base/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.8/charts/base/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.8/charts/base/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.8/charts/base/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.8/charts/base/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/base/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.8/charts/base/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.8/charts/base/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.8/charts/base/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.8/charts/base/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/base/files/profile-demo.yaml b/resources/v1.26.8/charts/base/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.8/charts/base/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.8/charts/base/files/profile-platform-gke.yaml b/resources/v1.26.8/charts/base/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.8/charts/base/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.8/charts/base/files/profile-platform-k3d.yaml b/resources/v1.26.8/charts/base/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.8/charts/base/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.8/charts/base/files/profile-platform-k3s.yaml b/resources/v1.26.8/charts/base/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.8/charts/base/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.8/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.26.8/charts/base/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.8/charts/base/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.8/charts/base/files/profile-platform-minikube.yaml b/resources/v1.26.8/charts/base/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.8/charts/base/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.8/charts/base/files/profile-platform-openshift.yaml b/resources/v1.26.8/charts/base/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.8/charts/base/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.8/charts/base/files/profile-preview.yaml b/resources/v1.26.8/charts/base/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.8/charts/base/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.8/charts/base/files/profile-remote.yaml b/resources/v1.26.8/charts/base/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.8/charts/base/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.8/charts/base/files/profile-stable.yaml b/resources/v1.26.8/charts/base/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.8/charts/base/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.8/charts/base/templates/NOTES.txt b/resources/v1.26.8/charts/base/templates/NOTES.txt deleted file mode 100644 index f12616f57..000000000 --- a/resources/v1.26.8/charts/base/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -Istio base successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.8/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.26.8/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml deleted file mode 100644 index 2616b09c9..000000000 --- a/resources/v1.26.8/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if and .Values.experimental.stableValidationPolicy (not (eq .Values.defaultRevision "")) }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-default-policy.istio.io" - labels: - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision }} - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-default-policy-binding.istio.io" -spec: - policyName: "stable-channel-default-policy.istio.io" - validationActions: [Deny] -{{- end }} diff --git a/resources/v1.26.8/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.26.8/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml deleted file mode 100644 index 8cb76fd77..000000000 --- a/resources/v1.26.8/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if not (eq .Values.defaultRevision "") }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istiod-default-validator - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.defaultRevision | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - - name: validation.istio.io - clientConfig: - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - {{- if (eq .Values.defaultRevision "default") }} - name: istiod - {{- else }} - name: istiod-{{ .Values.defaultRevision }} - {{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] -{{- end }} diff --git a/resources/v1.26.8/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.26.8/charts/base/templates/reader-serviceaccount.yaml deleted file mode 100644 index ba829a6bf..000000000 --- a/resources/v1.26.8/charts/base/templates/reader-serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# This singleton service account aggregates reader permissions for the revisions in a given cluster -# ATM this is a singleton per cluster with Istio installed, and is not revisioned. It maybe should be, -# as otherwise compromising the token for this SA would give you access to *every* installed revision. -# Should be used for remote secret creation. -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.8/charts/base/templates/zzz_profile.yaml b/resources/v1.26.8/charts/base/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.8/charts/base/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.8/charts/base/values.yaml b/resources/v1.26.8/charts/base/values.yaml deleted file mode 100644 index d18296f00..000000000 --- a/resources/v1.26.8/charts/base/values.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - global: - - # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - - # Used to locate istiod. - istioNamespace: istio-system - base: - # A list of CRDs to exclude. Requires `enableCRDTemplates` to be true. - # Example: `excludedCRDs: ["envoyfilters.networking.istio.io"]`. - # Note: when installing with `istioctl`, `enableIstioConfigCRDs=false` must also be set. - excludedCRDs: [] - # Helm (as of V3) does not support upgrading CRDs, because it is not universally - # safe for them to support this. - # Istio as a project enforces certain backwards-compat guarantees that allow us - # to safely upgrade CRDs in spite of this, so we default to self-managing CRDs - # as standard K8S resources in Helm, and disable Helm's CRD management. See also: - # https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts - enableCRDTemplates: true - - # Validation webhook configuration url - # For example: https://$remotePilotAddress:15017/validate - validationURL: "" - # Validation webhook caBundle value. Useful when running pilot with a well known cert - validationCABundle: "" - - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - defaultRevision: "default" - experimental: - stableValidationPolicy: false diff --git a/resources/v1.26.8/charts/cni/Chart.yaml b/resources/v1.26.8/charts/cni/Chart.yaml deleted file mode 100644 index 17c864fcb..000000000 --- a/resources/v1.26.8/charts/cni/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.8 -description: Helm chart for istio-cni components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-cni -- istio -name: cni -sources: -- https://github.com/istio/istio -version: 1.26.8 diff --git a/resources/v1.26.8/charts/cni/README.md b/resources/v1.26.8/charts/cni/README.md deleted file mode 100644 index a8b78d5bd..000000000 --- a/resources/v1.26.8/charts/cni/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# Istio CNI Helm Chart - -This chart installs the Istio CNI Plugin. See the [CNI installation guide](https://istio.io/latest/docs/setup/additional-setup/cni/) -for more information. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-cni`: - -```console -helm install istio-cni istio/cni -n kube-system -``` - -Installation in `kube-system` is recommended to ensure the [`system-node-critical`](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) -`priorityClassName` can be used. You can install in other namespace only on K8S clusters that allow -'system-node-critical' outside of kube-system. - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istio-cni -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Ambient - -To enable ambient, you can use the ambient profile: `--set profile=ambient`. - -#### Calico - -For Calico, you must also modify the settings to allow source spoofing: - -- if deployed by operator, `kubectl patch felixconfigurations default --type='json' -p='[{"op": "add", "path": "/spec/workloadSourceSpoofing", "value": "Any"}]'` -- if deployed by manifest, add env `FELIX_WORKLOADSOURCESPOOFING` with value `Any` in `spec.template.spec.containers.env` for daemonset `calico-node`. (This will allow PODs with specified annotation to skip the rpf check. ) - -### GKE notes - -On GKE, 'kube-system' is required. - -If using `helm template`, `--set cni.cniBinDir=/home/kubernetes/bin` is required - with `helm install` -it is auto-detected. diff --git a/resources/v1.26.8/charts/cni/files/profile-ambient.yaml b/resources/v1.26.8/charts/cni/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.8/charts/cni/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.8/charts/cni/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.8/charts/cni/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.8/charts/cni/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/cni/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.8/charts/cni/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.8/charts/cni/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.8/charts/cni/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.8/charts/cni/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/cni/files/profile-demo.yaml b/resources/v1.26.8/charts/cni/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.8/charts/cni/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.8/charts/cni/files/profile-platform-gke.yaml b/resources/v1.26.8/charts/cni/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.8/charts/cni/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.8/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.26.8/charts/cni/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.8/charts/cni/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.8/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.26.8/charts/cni/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.8/charts/cni/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.8/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.26.8/charts/cni/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.8/charts/cni/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.8/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.26.8/charts/cni/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.8/charts/cni/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.8/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.26.8/charts/cni/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.8/charts/cni/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.8/charts/cni/files/profile-preview.yaml b/resources/v1.26.8/charts/cni/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.8/charts/cni/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.8/charts/cni/files/profile-remote.yaml b/resources/v1.26.8/charts/cni/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.8/charts/cni/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.8/charts/cni/files/profile-stable.yaml b/resources/v1.26.8/charts/cni/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.8/charts/cni/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.8/charts/cni/templates/NOTES.txt b/resources/v1.26.8/charts/cni/templates/NOTES.txt deleted file mode 100644 index fb35525b9..000000000 --- a/resources/v1.26.8/charts/cni/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -"{{ .Release.Name }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.8/charts/cni/templates/_helpers.tpl b/resources/v1.26.8/charts/cni/templates/_helpers.tpl deleted file mode 100644 index 73cc17b2f..000000000 --- a/resources/v1.26.8/charts/cni/templates/_helpers.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{- define "name" -}} - istio-cni -{{- end }} - - -{{- define "istio-tag" -}} - {{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}} -{{- end }} diff --git a/resources/v1.26.8/charts/cni/templates/clusterrole.yaml b/resources/v1.26.8/charts/cni/templates/clusterrole.yaml deleted file mode 100644 index 1779e0bb1..000000000 --- a/resources/v1.26.8/charts/cni/templates/clusterrole.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -- apiGroups: [""] - resources: ["pods","nodes","namespaces"] - verbs: ["get", "list", "watch"] -{{- if (eq ((coalesce .Values.platform .Values.global.platform) | default "") "openshift") }} -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] -{{- end }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-repair-role - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["watch", "get", "list"] -{{- if .Values.repair.repairPods }} -{{- /* No privileges needed*/}} -{{- else if .Values.repair.deletePods }} - - apiGroups: [""] - resources: ["pods"] - verbs: ["delete"] -{{- else if .Values.repair.labelPods }} - - apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -{{- end }} -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "name" . }}-ambient - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -rules: -- apiGroups: [""] - {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} - resources: ["pods/status"] - verbs: ["patch", "update"] -- apiGroups: ["apps"] - resources: ["daemonsets"] - resourceNames: ["{{ template "name" . }}-node"] - verbs: ["get"] -{{- end }} diff --git a/resources/v1.26.8/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.26.8/charts/cni/templates/clusterrolebinding.yaml deleted file mode 100644 index 42fedab1f..000000000 --- a/resources/v1.26.8/charts/cni/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} ---- -{{- if .Values.repair.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-repair-rolebinding - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-repair-role -{{- end }} ---- -{{- if .Values.ambient.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "name" . }}-ambient - labels: - k8s-app: {{ template "name" . }}-repair - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ template "name" . }} - namespace: {{ .Release.Namespace}} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "name" . }}-ambient -{{- end }} diff --git a/resources/v1.26.8/charts/cni/templates/configmap-cni.yaml b/resources/v1.26.8/charts/cni/templates/configmap-cni.yaml deleted file mode 100644 index 3deb2cb5a..000000000 --- a/resources/v1.26.8/charts/cni/templates/configmap-cni.yaml +++ /dev/null @@ -1,35 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: {{ template "name" . }}-config - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -data: - CURRENT_AGENT_VERSION: {{ .Values.tag | default .Values.global.tag | quote }} - AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} - AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | quote }} - AMBIENT_IPV6: {{ .Values.ambient.ipv6 | quote }} - AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | quote }} - {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values - CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. - {{- end }} - CHAINED_CNI_PLUGIN: {{ .Values.chained | quote }} - EXCLUDE_NAMESPACES: "{{ range $idx, $ns := .Values.excludeNamespaces }}{{ if $idx }},{{ end }}{{ $ns }}{{ end }}" - REPAIR_ENABLED: {{ .Values.repair.enabled | quote }} - REPAIR_LABEL_PODS: {{ .Values.repair.labelPods | quote }} - REPAIR_DELETE_PODS: {{ .Values.repair.deletePods | quote }} - REPAIR_REPAIR_PODS: {{ .Values.repair.repairPods | quote }} - REPAIR_INIT_CONTAINER_NAME: {{ .Values.repair.initContainerName | quote }} - REPAIR_BROKEN_POD_LABEL_KEY: {{ .Values.repair.brokenPodLabelKey | quote }} - REPAIR_BROKEN_POD_LABEL_VALUE: {{ .Values.repair.brokenPodLabelValue | quote }} - {{- with .Values.env }} - {{- range $key, $val := . }} - {{ $key }}: "{{ $val }}" - {{- end }} - {{- end }} diff --git a/resources/v1.26.8/charts/cni/templates/daemonset.yaml b/resources/v1.26.8/charts/cni/templates/daemonset.yaml deleted file mode 100644 index cdccd3654..000000000 --- a/resources/v1.26.8/charts/cni/templates/daemonset.yaml +++ /dev/null @@ -1,245 +0,0 @@ -# This manifest installs the Istio install-cni container, as well -# as the Istio CNI plugin and config on -# each master and worker node in a Kubernetes cluster. -# -# $detectedBinDir exists to support a GKE-specific platform override, -# and is deprecated in favor of using the explicit `gke` platform profile. -{{- $detectedBinDir := (.Capabilities.KubeVersion.GitVersion | contains "-gke") | ternary - "/home/kubernetes/bin" - "/opt/cni/bin" -}} -{{- if .Values.cniBinDir }} -{{ $detectedBinDir = .Values.cniBinDir }} -{{- end }} -kind: DaemonSet -apiVersion: apps/v1 -metadata: - # Note that this is templated but evaluates to a fixed name - # which the CNI plugin may fall back onto in some failsafe scenarios. - # if this name is changed, CNI plugin logic that checks for this name - # format should also be updated. - name: {{ template "name" . }}-node - namespace: {{ .Release.Namespace }} - labels: - k8s-app: {{ template "name" . }}-node - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - k8s-app: {{ template "name" . }}-node - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - k8s-app: {{ template "name" . }}-node - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 8 }} - annotations: - sidecar.istio.io/inject: "false" - # Add Prometheus Scrape annotations - prometheus.io/scrape: 'true' - prometheus.io/port: "15014" - prometheus.io/path: '/metrics' - # Add AppArmor annotation - # This is required to avoid conflicts with AppArmor profiles which block certain - # privileged pod capabilities. - # Required for Kubernetes 1.29 which does not support setting appArmorProfile in the - # securityContext which is otherwise preferred. - container.apparmor.security.beta.kubernetes.io/install-cni: unconfined - # Custom annotations - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet -{{- end }} - nodeSelector: - kubernetes.io/os: linux - # Can be configured to allow for excluding istio-cni from being scheduled on specified nodes - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - tolerations: - # Make sure istio-cni-node gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: {{ template "name" . }} - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 5 - containers: - # This container installs the Istio CNI binaries - # and CNI network config file on each node. - - name: install-cni -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "install-cni" }}:{{ template "istio-tag" . }}" -{{- end }} -{{- if or .Values.pullPolicy .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.imagePullPolicy }} -{{- end }} - ports: - - containerPort: 15014 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8000 - securityContext: - privileged: false - runAsGroup: 0 - runAsUser: 0 - runAsNonRoot: false - # Both ambient and sidecar repair mode require elevated node privileges to function. - # But we don't need _everything_ in `privileged`, so explicitly set it to false and - # add capabilities based on feature. - capabilities: - drop: - - ALL - add: - # CAP_NET_ADMIN is required to allow ipset and route table access - - NET_ADMIN - # CAP_NET_RAW is required to allow iptables mutation of the `nat` table - - NET_RAW - # CAP_SYS_PTRACE is required for repair and ambient mode to describe - # the pod's network namespace. - - SYS_PTRACE - # CAP_SYS_ADMIN is required for both ambient and repair, in order to open - # network namespaces in `/proc` to obtain descriptors for entering pod network - # namespaces. There does not appear to be a more granular capability for this. - - SYS_ADMIN - # While we run as a 'root' (UID/GID 0), since we drop all capabilities we lose - # the typical ability to read/write to folders owned by others. - # This can cause problems if the hostPath mounts we use, which we require write access into, - # are owned by non-root. DAC_OVERRIDE bypasses these and gives us write access into any folder. - - DAC_OVERRIDE -{{- if .Values.seLinuxOptions }} -{{ with (merge .Values.seLinuxOptions (dict "type" "spc_t")) }} - seLinuxOptions: -{{ toYaml . | trim | indent 14 }} -{{- end }} -{{- end }} -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - command: ["install-cni"] - args: - {{- if or .Values.logging.level .Values.global.logging.level }} - - --log_output_level={{ coalesce .Values.logging.level .Values.global.logging.level }} - {{- end}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end}} - envFrom: - - configMapRef: - name: {{ template "name" . }}-config - env: - - name: REPAIR_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: REPAIR_RUN_AS_DAEMON - value: "true" - - name: REPAIR_SIDECAR_ANNOTATION - value: "sidecar.istio.io/status" - {{- if not (and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace) }} - - name: ALLOW_SWITCH_TO_HOST_NS - value: "true" - {{- end }} - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - mountPath: /host/proc - name: cni-host-procfs - readOnly: true - {{- end }} - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - - mountPath: /var/run/istio-cni - name: cni-socket-dir - {{- if .Values.ambient.enabled }} - - mountPath: /host/var/run/netns - mountPropagation: HostToContainer - name: cni-netns-dir - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - {{ end }} - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - volumes: - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: {{ $detectedBinDir }} - {{- if or .Values.repair.repairPods .Values.ambient.enabled }} - - name: cni-host-procfs - hostPath: - path: /proc - type: Directory - {{- end }} - {{- if .Values.ambient.enabled }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate - {{- end }} - - name: cni-net-dir - hostPath: - path: {{ .Values.cniConfDir }} - # Used for UDS sockets for logging, ambient eventing - - name: cni-socket-dir - hostPath: - path: /var/run/istio-cni - - name: cni-netns-dir - hostPath: - path: {{ .Values.cniNetnsDir }} - type: DirectoryOrCreate # DirectoryOrCreate instead of Directory for the following reason - CNI may not bind mount this until a non-hostnetwork pod is scheduled on the node, - # and we don't want to block CNI agent pod creation on waiting for the first non-hostnetwork pod. - # Once the CNI does mount this, it will get populated and we're good. diff --git a/resources/v1.26.8/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.26.8/charts/cni/templates/network-attachment-definition.yaml deleted file mode 100644 index 86a2eb7c0..000000000 --- a/resources/v1.26.8/charts/cni/templates/network-attachment-definition.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if eq .Values.provider "multus" }} -apiVersion: k8s.cni.cncf.io/v1 -kind: NetworkAttachmentDefinition -metadata: - name: {{ template "name" . }} - namespace: default - labels: - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.8/charts/cni/templates/resourcequota.yaml b/resources/v1.26.8/charts/cni/templates/resourcequota.yaml deleted file mode 100644 index 9a6d61ff9..000000000 --- a/resources/v1.26.8/charts/cni/templates/resourcequota.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ template "name" . }}-resource-quota - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.8/charts/cni/templates/serviceaccount.yaml b/resources/v1.26.8/charts/cni/templates/serviceaccount.yaml deleted file mode 100644 index 3193d7b74..000000000 --- a/resources/v1.26.8/charts/cni/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -metadata: - name: {{ template "name" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" }} - operator.istio.io/component: "Cni" - app.kubernetes.io/name: {{ template "name" . }} - {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.26.8/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.26.8/charts/cni/templates/zzy_descope_legacy.yaml deleted file mode 100644 index a9584ac29..000000000 --- a/resources/v1.26.8/charts/cni/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.cni` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "cni") }} \ No newline at end of file diff --git a/resources/v1.26.8/charts/cni/templates/zzz_profile.yaml b/resources/v1.26.8/charts/cni/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.8/charts/cni/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.8/charts/cni/values.yaml b/resources/v1.26.8/charts/cni/values.yaml deleted file mode 100644 index 649583bf9..000000000 --- a/resources/v1.26.8/charts/cni/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - hub: "" - tag: "" - variant: "" - image: install-cni - pullPolicy: "" - - # Same as `global.logging.level`, but will override it if set - logging: - level: "" - - # Configuration file to insert istio-cni plugin configuration - # by default this will be the first file found in the cni-conf-dir - # Example - # cniConfFileName: 10-calico.conflist - - # CNI-and-platform specific path defaults. - # These may need to be set to platform-specific values, consult - # overrides for your platform in `manifests/helm-profiles/platform-*.yaml` - cniBinDir: /opt/cni/bin - cniConfDir: /etc/cni/net.d - cniConfFileName: "" - cniNetnsDir: "/var/run/netns" - - excludeNamespaces: - - kube-system - - # Allows user to set custom affinity for the DaemonSet - affinity: {} - - # Custom annotations on pod level, if you need them - podAnnotations: {} - - # Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")? - # Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case - chained: true - - # Custom configuration happens based on the CNI provider. - # Possible values: "default", "multus" - provider: "default" - - # Configure ambient settings - ambient: - # If enabled, ambient redirection will be enabled - enabled: false - # Set ambient config dir path: defaults to /etc/ambient-config - configDir: "" - # If enabled, and ambient is enabled, DNS redirection will be enabled - dnsCapture: true - # If enabled, and ambient is enabled, enables ipv6 support - ipv6: true - # If enabled, and ambient is enabled, the CNI agent will reconcile incompatible iptables rules and chains at startup. - # This will eventually be enabled by default - reconcileIptablesOnStartup: false - # If enabled, and ambient is enabled, the CNI agent will always share the network namespace of the host node it is running on - shareHostNetworkNamespace: false - - - repair: - enabled: true - hub: "" - tag: "" - - # Repair controller has 3 modes. Pick which one meets your use cases. Note only one may be used. - # This defines the action the controller will take when a pod is detected as broken. - - # labelPods will label all pods with =. - # This is only capable of identifying broken pods; the user is responsible for fixing them (generally, by deleting them). - # Note this gives the DaemonSet a relatively high privilege, as modifying pod metadata/status can have wider impacts. - labelPods: false - # deletePods will delete any broken pod. These will then be rescheduled, hopefully onto a node that is fully ready. - # Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod. - deletePods: false - # repairPods will dynamically repair any broken pod by setting up the pod networking configuration even after it has started. - # Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. - # This requires no RBAC privilege, but does require `securityContext.privileged/CAP_SYS_ADMIN`. - repairPods: true - - initContainerName: "istio-validation" - - brokenPodLabelKey: "cni.istio.io/uninitialized" - brokenPodLabelValue: "true" - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # SELinux options to set in the istio-cni-node pods. You may need to set this to `type: spc_t` for some platforms. - seLinuxOptions: {} - - resources: - requests: - cpu: 100m - memory: 100Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # For Helm compatibility. - ownerName: "" - - global: - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - - # Default tag for Istio images. - tag: 1.26.8 - - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # change cni scope level to control logging out of istio-cni-node DaemonSet - logging: - level: info - - logAsJson: false - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Default resources allocated - defaultResources: - requests: - cpu: 100m - memory: 100Mi - - # A `key: value` mapping of environment variables to add to the pod - env: {} diff --git a/resources/v1.26.8/charts/gateway/Chart.yaml b/resources/v1.26.8/charts/gateway/Chart.yaml deleted file mode 100644 index 17896d25b..000000000 --- a/resources/v1.26.8/charts/gateway/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.8 -description: Helm chart for deploying Istio gateways -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- gateways -name: gateway -sources: -- https://github.com/istio/istio -type: application -version: 1.26.8 diff --git a/resources/v1.26.8/charts/gateway/README.md b/resources/v1.26.8/charts/gateway/README.md deleted file mode 100644 index 5c064d165..000000000 --- a/resources/v1.26.8/charts/gateway/README.md +++ /dev/null @@ -1,170 +0,0 @@ -# Istio Gateway Helm Chart - -This chart installs an Istio gateway deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `istio-ingressgateway`: - -```console -helm install istio-ingressgateway istio/gateway -``` - -## Uninstalling the Chart - -To uninstall/delete the `istio-ingressgateway` deployment: - -```console -helm delete istio-ingressgateway -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/gateway -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### OpenShift - -When deploying the gateway in an OpenShift cluster, use the `openshift` profile to override the default values, for example: - -```console -helm install istio-ingressgateway istio/gateway --set profile=openshift -``` - -### `image: auto` Information - -The image used by the chart, `auto`, may be unintuitive. -This exists because the pod spec will be automatically populated at runtime, using the same mechanism as [Sidecar Injection](istio.io/latest/docs/setup/additional-setup/sidecar-injection). -This allows the same configurations and lifecycle to apply to gateways as sidecars. - -Note: this does mean that the namespace the gateway is deployed in must not have the `istio-injection=disabled` label. -See [Controlling the injection policy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) for more info. - -### Examples - -#### Egress Gateway - -Deploying a Gateway to be used as an [Egress Gateway](https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/): - -```yaml -service: - # Egress gateways do not need an external LoadBalancer IP - type: ClusterIP -``` - -#### Multi-network/VM Gateway - -Deploying a Gateway to be used as a [Multi-network Gateway](https://istio.io/latest/docs/setup/install/multicluster/) for network `network-1`: - -```yaml -networkGateway: network-1 -``` - -### Migrating from other installation methods - -Installations from other installation methods (such as istioctl, Istio Operator, other helm charts, etc) can be migrated to use the new Helm charts -following the guidance below. -If you are able to, a clean installation is simpler. However, this often requires an external IP migration which can be challenging. - -WARNING: when installing over an existing deployment, the two deployments will be merged together by Helm, which may lead to unexpected results. - -#### Legacy Gateway Helm charts - -Istio historically offered two different charts - `manifests/charts/gateways/istio-ingress` and `manifests/charts/gateways/istio-egress`. -These are replaced by this chart. -While not required, it is recommended all new users use this chart, and existing users migrate when possible. - -This chart has the following benefits and differences: -* Designed with Helm best practices in mind (standardized values options, values schema, values are not all nested under `gateways.istio-ingressgateway.*`, release name and namespace taken into account, etc). -* Utilizes Gateway injection, simplifying upgrades, allowing gateways to run in any namespace, and avoiding repeating config for sidecars and gateways. -* Published to official Istio Helm repository. -* Single chart for all gateways (Ingress, Egress, East West). - -#### General concerns - -For a smooth migration, the resource names and `Deployment.spec.selector` labels must match. - -If you install with `helm install istio-gateway istio/gateway`, resources will be named `istio-gateway` and the `selector` labels set to: - -```yaml -app: istio-gateway -istio: gateway # the release name with leading istio- prefix stripped -``` - -If your existing installation doesn't follow these names, you can override them. For example, if you have resources named `my-custom-gateway` with `selector` labels -`foo=bar,istio=ingressgateway`: - -```yaml -name: my-custom-gateway # Override the name to match existing resources -labels: - app: "" # Unset default app selector label - istio: ingressgateway # override default istio selector label - foo: bar # Add the existing custom selector label -``` - -#### Migrating an existing Helm release - -An existing helm release can be `helm upgrade`d to this chart by using the same release name. For example, if a previous -installation was done like: - -```console -helm install istio-ingress manifests/charts/gateways/istio-ingress -n istio-system -``` - -It could be upgraded with - -```console -helm upgrade istio-ingress manifests/charts/gateway -n istio-system --set name=istio-ingressgateway --set labels.app=istio-ingressgateway --set labels.istio=ingressgateway -``` - -Note the name and labels are overridden to match the names of the existing installation. - -Warning: the helm charts here default to using port 80 and 443, while the old charts used 8080 and 8443. -If you have AuthorizationPolicies that reference port these ports, you should update them during this process, -or customize the ports to match the old defaults. -See the [security advisory](https://istio.io/latest/news/security/istio-security-2021-002/) for more information. - -#### Other migrations - -If you see errors like `rendered manifests contain a resource that already exists` during installation, you may need to forcibly take ownership. - -The script below can handle this for you. Replace `RELEASE` and `NAMESPACE` with the name and namespace of the release: - -```console -KINDS=(service deployment) -RELEASE=istio-ingressgateway -NAMESPACE=istio-system -for KIND in "${KINDS[@]}"; do - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-name=$RELEASE - kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-namespace=$NAMESPACE - kubectl --namespace $NAMESPACE --overwrite=true label $KIND $RELEASE app.kubernetes.io/managed-by=Helm -done -``` - -You may ignore errors about resources not being found. diff --git a/resources/v1.26.8/charts/gateway/files/profile-ambient.yaml b/resources/v1.26.8/charts/gateway/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.8/charts/gateway/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.8/charts/gateway/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.8/charts/gateway/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.8/charts/gateway/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/gateway/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.8/charts/gateway/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.8/charts/gateway/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.8/charts/gateway/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.8/charts/gateway/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/gateway/files/profile-demo.yaml b/resources/v1.26.8/charts/gateway/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.8/charts/gateway/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.8/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.26.8/charts/gateway/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.8/charts/gateway/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.8/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.26.8/charts/gateway/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.8/charts/gateway/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.8/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.26.8/charts/gateway/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.8/charts/gateway/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.8/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.26.8/charts/gateway/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.8/charts/gateway/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.8/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.26.8/charts/gateway/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.8/charts/gateway/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.8/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.26.8/charts/gateway/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.8/charts/gateway/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.8/charts/gateway/files/profile-preview.yaml b/resources/v1.26.8/charts/gateway/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.8/charts/gateway/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.8/charts/gateway/files/profile-remote.yaml b/resources/v1.26.8/charts/gateway/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.8/charts/gateway/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.8/charts/gateway/files/profile-stable.yaml b/resources/v1.26.8/charts/gateway/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.8/charts/gateway/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.8/charts/gateway/templates/NOTES.txt b/resources/v1.26.8/charts/gateway/templates/NOTES.txt deleted file mode 100644 index fd0142911..000000000 --- a/resources/v1.26.8/charts/gateway/templates/NOTES.txt +++ /dev/null @@ -1,9 +0,0 @@ -"{{ include "gateway.name" . }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: - * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ - * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ diff --git a/resources/v1.26.8/charts/gateway/templates/_helpers.tpl b/resources/v1.26.8/charts/gateway/templates/_helpers.tpl deleted file mode 100644 index e5a0a9b3c..000000000 --- a/resources/v1.26.8/charts/gateway/templates/_helpers.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{{- define "gateway.name" -}} -{{- if eq .Release.Name "RELEASE-NAME" -}} - {{- .Values.name | default "istio-ingressgateway" -}} -{{- else -}} - {{- .Values.name | default .Release.Name | default "istio-ingressgateway" -}} -{{- end -}} -{{- end }} - -{{- define "gateway.labels" -}} -{{ include "gateway.selectorLabels" . }} -{{- range $key, $val := .Values.labels }} -{{- if and (ne $key "app") (ne $key "istio") }} -{{ $key | quote }}: {{ $val | quote }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "gateway.selectorLabels" -}} -app: {{ (.Values.labels.app | quote) | default (include "gateway.name" .) }} -istio: {{ (.Values.labels.istio | quote) | default (include "gateway.name" . | trimPrefix "istio-") }} -{{- end }} - -{{/* -Keep sidecar injection labels together -https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy -*/}} -{{- define "gateway.sidecarInjectionLabels" -}} -sidecar.istio.io/inject: "true" -{{- with .Values.revision }} -istio.io/rev: {{ . | quote }} -{{- end }} -{{- end }} - -{{- define "gateway.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- .Values.serviceAccount.name | default (include "gateway.name" .) }} -{{- else }} -{{- .Values.serviceAccount.name | default "default" }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.8/charts/gateway/templates/deployment.yaml b/resources/v1.26.8/charts/gateway/templates/deployment.yaml deleted file mode 100644 index d83ff3b49..000000000 --- a/resources/v1.26.8/charts/gateway/templates/deployment.yaml +++ /dev/null @@ -1,131 +0,0 @@ -apiVersion: apps/v1 -kind: {{ .Values.kind | default "Deployment" }} -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - {{- if and (hasKey .Values "replicaCount") (ne .Values.replicaCount nil) }} - replicas: {{ .Values.replicaCount }} - {{- end }} - {{- end }} - {{- with .Values.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.minReadySeconds }} - minReadySeconds: {{ . }} - {{- end }} - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "gateway.sidecarInjectionLabels" . | nindent 8 }} - {{- include "gateway.selectorLabels" . | nindent 8 }} - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 8}} - {{- range $key, $val := .Values.labels }} - {{- if and (ne $key "app") (ne $key "istio") }} - {{ $key | quote }}: {{ $val | quote }} - {{- end }} - {{- end }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "gateway.serviceAccountName" . }} - securityContext: - {{- if .Values.securityContext }} - {{- toYaml .Values.securityContext | nindent 8 }} - {{- else }} - # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326 - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - {{- with .Values.volumes }} - volumes: - {{ toYaml . | nindent 8 }} - {{- end }} - containers: - - name: istio-proxy - # "auto" will be populated at runtime by the mutating webhook. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#customizing-injection - image: auto - {{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} - {{- end }} - securityContext: - {{- if .Values.containerSecurityContext }} - {{- toYaml .Values.containerSecurityContext | nindent 12 }} - {{- else }} - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - {{- if not (eq (.Values.platform | default "") "openshift") }} - runAsUser: 1337 - runAsGroup: 1337 - {{- end }} - runAsNonRoot: true - {{- end }} - env: - {{- with .Values.networkGateway }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: "{{.}}" - {{- end }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.volumeMounts }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} - {{- with .Values.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} diff --git a/resources/v1.26.8/charts/gateway/templates/hpa.yaml b/resources/v1.26.8/charts/gateway/templates/hpa.yaml deleted file mode 100644 index 64ecb6a4c..000000000 --- a/resources/v1.26.8/charts/gateway/templates/hpa.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if and (.Values.autoscaling.enabled) (eq .Values.kind "Deployment") }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: {{ .Values.kind | default "Deployment" }} - name: {{ include "gateway.name" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - target: - averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - type: Utilization - {{- end }} - {{- if .Values.autoscaling.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaling.autoscaleBehavior | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.8/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.26.8/charts/gateway/templates/poddisruptionbudget.yaml deleted file mode 100644 index b0155cdf0..000000000 --- a/resources/v1.26.8/charts/gateway/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} -spec: - selector: - matchLabels: - {{- include "gateway.selectorLabels" . | nindent 6 }} - {{- with .Values.podDisruptionBudget }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.8/charts/gateway/templates/role.yaml b/resources/v1.26.8/charts/gateway/templates/role.yaml deleted file mode 100644 index 3d1607963..000000000 --- a/resources/v1.26.8/charts/gateway/templates/role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{/*Set up roles for Istio Gateway. Not required for gateway-api*/}} -{{- if .Values.rbac.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4}} - annotations: - {{- .Values.annotations | toYaml | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "gateway.serviceAccountName" . }} -subjects: -- kind: ServiceAccount - name: {{ include "gateway.serviceAccountName" . }} -{{- end }} diff --git a/resources/v1.26.8/charts/gateway/templates/service.yaml b/resources/v1.26.8/charts/gateway/templates/service.yaml deleted file mode 100644 index 3e28418f7..000000000 --- a/resources/v1.26.8/charts/gateway/templates/service.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if not (eq .Values.service.type "None") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "gateway.name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.networkGateway }} - topology.istio.io/network: "{{.}}" - {{- end }} - annotations: - {{- merge (deepCopy .Values.service.annotations) .Values.annotations | toYaml | nindent 4 }} -spec: -{{- with .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ . }}" -{{- end }} -{{- if eq .Values.service.type "LoadBalancer" }} - {{- if hasKey .Values.service "allocateLoadBalancerNodePorts" }} - allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }} - {{- end }} - {{- if hasKey .Values.service "loadBalancerClass" }} - loadBalancerClass: {{ .Values.service.loadBalancerClass }} - {{- end }} -{{- end }} -{{- if .Values.service.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} -{{- end }} -{{- if .Values.service.ipFamilies }} - ipFamilies: -{{- range .Values.service.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} -{{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml . | indent 4 }} -{{- end }} -{{- with .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: "{{ . }}" -{{- end }} - type: {{ .Values.service.type }} - ports: -{{- if .Values.networkGateway }} - - name: status-port - port: 15021 - targetPort: 15021 - - name: tls - port: 15443 - targetPort: 15443 - - name: tls-istiod - port: 15012 - targetPort: 15012 - - name: tls-webhook - port: 15017 - targetPort: 15017 -{{- else }} -{{ .Values.service.ports | toYaml | indent 4 }} -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: {{- range .Values.service.externalIPs }} - - {{.}} - {{- end }} -{{- end }} - selector: - {{- include "gateway.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/resources/v1.26.8/charts/gateway/templates/serviceaccount.yaml b/resources/v1.26.8/charts/gateway/templates/serviceaccount.yaml deleted file mode 100644 index c88afeadd..000000000 --- a/resources/v1.26.8/charts/gateway/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "gateway.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ include "gateway.name" . }} - {{- include "istio.labels" . | nindent 4}} - {{- include "gateway.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/resources/v1.26.8/charts/gateway/templates/zzz_profile.yaml b/resources/v1.26.8/charts/gateway/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.8/charts/gateway/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.8/charts/gateway/values.schema.json b/resources/v1.26.8/charts/gateway/values.schema.json deleted file mode 100644 index d81fcffaa..000000000 --- a/resources/v1.26.8/charts/gateway/values.schema.json +++ /dev/null @@ -1,368 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "$defs": { - "values": { - "type": "object", - "additionalProperties": false, - "properties": { - "_internal_defaults_do_not_set": { - "type": "object" - }, - "global": { - "type": "object" - }, - "affinity": { - "type": "object" - }, - "securityContext": { - "type": [ - "object", - "null" - ] - }, - "containerSecurityContext": { - "type": [ - "object", - "null" - ] - }, - "kind": { - "type": "string", - "enum": [ - "Deployment", - "DaemonSet" - ] - }, - "annotations": { - "additionalProperties": { - "type": [ - "string", - "integer" - ] - }, - "type": "object" - }, - "autoscaling": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - }, - "maxReplicas": { - "type": "integer" - }, - "minReplicas": { - "type": "integer" - }, - "targetCPUUtilizationPercentage": { - "type": "integer" - } - } - }, - "env": { - "type": "object" - }, - "envVarFrom": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "valueFrom": { - "type": "object" - } - } - } - }, - "strategy": { - "type": "object" - }, - "minReadySeconds": { - "type": [ - "null", - "integer" - ] - }, - "readinessProbe": { - "type": [ - "null", - "object" - ] - }, - "labels": { - "type": "object" - }, - "name": { - "type": "string" - }, - "nodeSelector": { - "type": "object" - }, - "podAnnotations": { - "type": "object", - "properties": { - "inject.istio.io/templates": { - "type": "string" - }, - "prometheus.io/path": { - "type": "string" - }, - "prometheus.io/port": { - "type": "string" - }, - "prometheus.io/scrape": { - "type": "string" - } - } - }, - "replicaCount": { - "type": [ - "integer", - "null" - ] - }, - "resources": { - "type": "object", - "properties": { - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - }, - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": [ - "string", - "null" - ] - }, - "memory": { - "type": [ - "string", - "null" - ] - } - } - } - } - }, - "revision": { - "type": "string" - }, - "defaultRevision": { - "type": "string" - }, - "compatibilityVersion": { - "type": "string" - }, - "profile": { - "type": "string" - }, - "platform": { - "type": "string" - }, - "pilot": { - "type": "object" - }, - "runAsRoot": { - "type": "boolean" - }, - "unprivilegedPort": { - "type": [ - "string", - "boolean" - ], - "enum": [ - true, - false, - "auto" - ] - }, - "service": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "externalTrafficPolicy": { - "type": "string" - }, - "loadBalancerIP": { - "type": "string" - }, - "loadBalancerSourceRanges": { - "type": "array" - }, - "ipFamilies": { - "items": { - "type": "string", - "enum": [ - "IPv4", - "IPv6" - ] - } - }, - "ipFamilyPolicy": { - "type": "string", - "enum": [ - "", - "SingleStack", - "PreferDualStack", - "RequireDualStack" - ] - }, - "ports": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "protocol": { - "type": "string" - }, - "targetPort": { - "type": "integer" - } - } - } - }, - "type": { - "type": "string" - } - } - }, - "serviceAccount": { - "type": "object", - "properties": { - "annotations": { - "type": "object" - }, - "name": { - "type": "string" - }, - "create": { - "type": "boolean" - } - } - }, - "rbac": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "tolerations": { - "type": "array" - }, - "topologySpreadConstraints": { - "type": "array" - }, - "networkGateway": { - "type": "string" - }, - "imagePullPolicy": { - "type": "string", - "enum": [ - "", - "Always", - "IfNotPresent", - "Never" - ] - }, - "imagePullSecrets": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - } - } - }, - "podDisruptionBudget": { - "type": "object", - "properties": { - "minAvailable": { - "type": [ - "integer", - "string" - ] - }, - "maxUnavailable": { - "type": [ - "integer", - "string" - ] - }, - "unhealthyPodEvictionPolicy": { - "type": "string", - "enum": [ - "", - "IfHealthyBudget", - "AlwaysAllow" - ] - } - } - }, - "terminationGracePeriodSeconds": { - "type": "number" - }, - "volumes": { - "type": "array", - "items": { - "type": "object" - } - }, - "volumeMounts": { - "type": "array", - "items": { - "type": "object" - } - }, - "initContainers": { - "type": "array", - "items": { - "type": "object" - } - }, - "additionalContainers": { - "type": "array", - "items": { - "type": "object" - } - }, - "priorityClassName": { - "type": "string" - } - } - } - }, - "defaults": { - "$ref": "#/$defs/values" - }, - "$ref": "#/$defs/values" -} diff --git a/resources/v1.26.8/charts/gateway/values.yaml b/resources/v1.26.8/charts/gateway/values.yaml deleted file mode 100644 index 4e65676ba..000000000 --- a/resources/v1.26.8/charts/gateway/values.yaml +++ /dev/null @@ -1,170 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Name allows overriding the release name. Generally this should not be set - name: "" - # revision declares which revision this gateway is a part of - revision: "" - - # Controls the spec.replicas setting for the Gateway deployment if set. - # Otherwise defaults to Kubernetes Deployment default (1). - replicaCount: - - kind: Deployment - - rbac: - # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed - # when using http://gateway-api.org/. - enabled: true - - serviceAccount: - # If set, a service account will be created. Otherwise, the default is used - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set, the release name is used - name: "" - - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - prometheus.io/path: "/stats/prometheus" - inject.istio.io/templates: "gateway" - sidecar.istio.io/inject: "true" - - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - containerSecurityContext: {} - - service: - # Type of service. Set to "None" to disable the service entirely - type: LoadBalancer - ports: - - name: status-port - port: 15021 - protocol: TCP - targetPort: 15021 - - name: http2 - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 - annotations: {} - loadBalancerIP: "" - loadBalancerSourceRanges: [] - externalTrafficPolicy: "" - externalIPs: [] - ipFamilyPolicy: "" - ipFamilies: [] - ## Whether to automatically allocate NodePorts (only for LoadBalancers). - # allocateLoadBalancerNodePorts: false - ## Set LoadBalancer class (only for LoadBalancers). - # loadBalancerClass: "" - - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - autoscaling: - enabled: true - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: {} - autoscaleBehavior: {} - - # Pod environment variables - env: {} - - # Deployment Update strategy - strategy: {} - - # Sets the Deployment minReadySeconds value - minReadySeconds: - - # Optionally configure a custom readinessProbe. By default the control plane - # automatically injects the readinessProbe. If you wish to override that - # behavior, you may define your own readinessProbe here. - readinessProbe: {} - - # Labels to apply to all resources - labels: - # By default, don't enroll gateways into the ambient dataplane - "istio.io/dataplane-mode": none - - # Annotations to apply to all resources - annotations: {} - - nodeSelector: {} - - tolerations: [] - - topologySpreadConstraints: [] - - affinity: {} - - # If specified, the gateway will act as a network gateway for the given network. - networkGateway: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent - imagePullPolicy: "" - - imagePullSecrets: [] - - # This value is used to configure a Kubernetes PodDisruptionBudget for the gateway. - # - # By default, the `podDisruptionBudget` is disabled (set to `{}`), - # which means that no PodDisruptionBudget resource will be created. - # - # To enable the PodDisruptionBudget, configure it by specifying the - # `minAvailable` or `maxUnavailable`. For example, to set the - # minimum number of available replicas to 1, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # - # Or, to allow a maximum of 1 unavailable replica, you can set: - # - # podDisruptionBudget: - # maxUnavailable: 1 - # - # You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`. - # For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows: - # - # podDisruptionBudget: - # minAvailable: 1 - # unhealthyPodEvictionPolicy: AlwaysAllow - # - # To disable the PodDisruptionBudget, you can leave it as an empty object `{}`: - # - # podDisruptionBudget: {} - # - podDisruptionBudget: {} - - # Sets the per-pod terminationGracePeriodSeconds setting. - terminationGracePeriodSeconds: 30 - - # A list of `Volumes` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumes: [] - - # A list of `VolumeMounts` added into the Gateway Pods. See - # https://kubernetes.io/docs/concepts/storage/volumes/. - volumeMounts: [] - - # Configure this to a higher priority class in order to make sure your Istio gateway pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" diff --git a/resources/v1.26.8/charts/istiod/Chart.yaml b/resources/v1.26.8/charts/istiod/Chart.yaml deleted file mode 100644 index a506b0eac..000000000 --- a/resources/v1.26.8/charts/istiod/Chart.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.8 -description: Helm chart for istio control plane -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio -- istiod -- istio-discovery -name: istiod -sources: -- https://github.com/istio/istio -version: 1.26.8 diff --git a/resources/v1.26.8/charts/istiod/README.md b/resources/v1.26.8/charts/istiod/README.md deleted file mode 100644 index ddbfbc8fe..000000000 --- a/resources/v1.26.8/charts/istiod/README.md +++ /dev/null @@ -1,73 +0,0 @@ -# Istiod Helm Chart - -This chart installs an Istiod deployment. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -Before installing, ensure CRDs are installed in the cluster (from the `istio/base` chart). - -To install the chart with the release name `istiod`: - -```console -kubectl create namespace istio-system -helm install istiod istio/istiod --namespace istio-system -``` - -## Uninstalling the Chart - -To uninstall/delete the `istiod` deployment: - -```console -helm delete istiod --namespace istio-system -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/istiod -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. - -### Examples - -#### Configuring mesh configuration settings - -Any [Mesh Config](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/) options can be configured like below: - -```yaml -meshConfig: - accessLogFile: /dev/stdout -``` - -#### Revisions - -Control plane revisions allow deploying multiple versions of the control plane in the same cluster. -This allows safe [canary upgrades](https://istio.io/latest/docs/setup/upgrade/canary/) - -```yaml -revision: my-revision-name -``` diff --git a/resources/v1.26.8/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.26.8/charts/istiod/files/gateway-injection-template.yaml deleted file mode 100644 index 7d23f15f9..000000000 --- a/resources/v1.26.8/charts/istiod/files/gateway-injection-template.yaml +++ /dev/null @@ -1,261 +0,0 @@ -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: - istio.io/rev: {{ .Revision | default "default" | quote }} - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}" - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}" - {{- end }} - {{- end }} -spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 4 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- end }} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- end }} - securityContext: - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.8/charts/istiod/files/grpc-agent.yaml b/resources/v1.26.8/charts/istiod/files/grpc-agent.yaml deleted file mode 100644 index dda3aeaa9..000000000 --- a/resources/v1.26.8/charts/istiod/files/grpc-agent.yaml +++ /dev/null @@ -1,318 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - {{/* security.istio.io/tlsMode: istio must be set by user, if gRPC is using mTLS initialization code. We can't set it automatically. */}} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} - sidecar.istio.io/rewriteAppHTTPProbers: "false", - } -spec: - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - ports: - - containerPort: 15020 - protocol: TCP - name: mesh-metrics - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - - --url=http://localhost:15020/healthz/ready - env: - - name: ISTIO_META_GENERATOR - value: grpc - - name: OUTPUT_CERTS - value: /var/lib/istio/data - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - # grpc uses xds:/// to resolve – no need to resolve VIP - - name: ISTIO_META_DNS_CAPTURE - value: "false" - - name: DISABLE_ENVOY - value: "true" - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15020 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} -{{- range $index, $container := .Spec.Containers }} -{{ if not (eq $container.Name "istio-proxy") }} - - name: {{ $container.Name }} - env: - - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" - value: "true" - - name: "GRPC_XDS_BOOTSTRAP" - value: "/etc/istio/proxy/grpc-bootstrap.json" - volumeMounts: - - mountPath: /var/lib/istio/data - name: istio-data - # UDS channel between istioagent and gRPC client for XDS/SDS - - mountPath: /etc/istio/proxy - name: istio-xds - {{- if eq $.Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} -{{- end }} -{{- end }} - volumes: - - emptyDir: - name: workload-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-xds - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.8/charts/istiod/files/grpc-simple.yaml b/resources/v1.26.8/charts/istiod/files/grpc-simple.yaml deleted file mode 100644 index 9ba0c7a46..000000000 --- a/resources/v1.26.8/charts/istiod/files/grpc-simple.yaml +++ /dev/null @@ -1,65 +0,0 @@ -metadata: - annotations: - sidecar.istio.io/rewriteAppHTTPProbers: "false" -spec: - initContainers: - - name: grpc-bootstrap-init - image: busybox:1.28 - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - env: - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ISTIO_NAMESPACE - value: | - {{ .Values.global.istioNamespace }} - command: - - sh - - "-c" - - |- - NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local" - SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010" - echo ' - { - "xds_servers": [ - { - "server_uri": "'${SERVER_URI}'", - "channel_creds": [{"type": "insecure"}], - "server_features" : ["xds_v3"] - } - ], - "node": { - "id": "'${NODE_ID}'", - "metadata": { - "GENERATOR": "grpc" - } - } - }' > /var/lib/grpc/data/bootstrap.json - containers: - {{- range $index, $container := .Spec.Containers }} - - name: {{ $container.Name }} - env: - - name: GRPC_XDS_BOOTSTRAP - value: /var/lib/grpc/data/bootstrap.json - - name: GRPC_GO_LOG_VERBOSITY_LEVEL - value: "99" - - name: GRPC_GO_LOG_SEVERITY_LEVEL - value: info - volumeMounts: - - mountPath: /var/lib/grpc/data/ - name: grpc-io-proxyless-bootstrap - {{- end }} - volumes: - - name: grpc-io-proxyless-bootstrap - emptyDir: {} diff --git a/resources/v1.26.8/charts/istiod/files/injection-template.yaml b/resources/v1.26.8/charts/istiod/files/injection-template.yaml deleted file mode 100644 index bfd922b04..000000000 --- a/resources/v1.26.8/charts/istiod/files/injection-template.yaml +++ /dev/null @@ -1,531 +0,0 @@ -{{- define "resources" }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} -{{- end }} -{{ $nativeSidecar := (or (and (not (isset .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`)) (eq (env "ENABLE_NATIVE_SIDECARS" "false") "true")) (eq (index .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar`) "true")) }} -{{ $tproxy := (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) }} -{{- $containers := list }} -{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} -metadata: - labels: - security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio" | quote }} - {{- if eq (index .ProxyConfig.ProxyMetadata "ISTIO_META_ENABLE_HBONE") "true" }} - networking.istio.io/tunnel: {{ index .ObjectMeta.Labels `networking.istio.io/tunnel` | default "http" | quote }} - {{- end }} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | trunc 63 | trimSuffix "-" | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - annotations: { - istio.io/rev: {{ .Revision | default "default" | quote }}, - {{- if ge (len $containers) 1 }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{- end }} - {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} - kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{- end }} - {{- end }} -{{- if .Values.pilot.cni.enabled }} - {{- if eq .Values.pilot.cni.provider "multus" }} - k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `default/istio-cni` }}', - {{- end }} - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}", - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} - traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}", - {{- end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}istio.io/reroute-virtual-interfaces: "{{.}}",{{ end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}traffic.sidecar.istio.io/excludeInterfaces: "{{.}}",{{ end }} -{{- end }} - } -spec: - {{- $holdProxy := and - (or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts) - (not $nativeSidecar) }} - {{- $noInitContainer := and - (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE`) - (not $nativeSidecar) }} - {{ if $noInitContainer }} - initContainers: [] - {{ else -}} - initContainers: - {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} - {{ if .Values.pilot.cni.enabled -}} - - name: istio-validation - {{ else -}} - - name: istio-init - {{ end -}} - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - args: - - istio-iptables - - "-p" - - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }} - - "-z" - - {{ .MeshConfig.ProxyInboundListenPort | default "15006" | quote }} - - "-u" - - {{ if $tproxy }} "1337" {{ else }} {{ .ProxyUID | default "1337" | quote }} {{ end }} - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}" - - "-d" - {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} - - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{- else }} - - "15090,15021" - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} - - "-q" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" - {{ end -}} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}" - {{ else if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`) -}} - - "-c" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}" - {{ end -}} - - "--log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}" - {{ if .Values.global.logAsJson -}} - - "--log_as_json" - {{ end -}} - {{ if .Values.pilot.cni.enabled -}} - - "--run-validation" - - "--skip-rule-apply" - {{ else if .Values.global.proxy_init.forceApplyIptables -}} - - "--force-apply" - {{ end -}} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{- if .ProxyConfig.ProxyMetadata }} - env: - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: - {{- if not .Values.pilot.cni.enabled }} - add: - - NET_ADMIN - - NET_RAW - {{- end }} - drop: - - ALL - {{- if not .Values.pilot.cni.enabled }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - readOnlyRootFilesystem: true - runAsGroup: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyGID | default "1337" }} {{ end }} - runAsUser: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyUID | default "1337" }} {{ end }} - runAsNonRoot: true - {{- end }} - {{ end -}} - {{ end -}} - {{ if not $nativeSidecar }} - containers: - {{ end }} - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{ if $nativeSidecar }}restartPolicy: Always{{end}} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- else if $holdProxy }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - {{- else if $nativeSidecar }} - {{- /* preStop is called when the pod starts shutdown. Initialize drain. We will get SIGTERM once applications are torn down. */}} - lifecycle: - preStop: - exec: - command: - - pilot-agent - - request - - --debug-port={{(annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort)}} - - POST - - drain - {{- end }} - env: - {{- if eq .InboundTrafficPolicyMode "localhost" }} - - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION - value: "true" - {{- end }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - {{- if .CompliancePolicy }} - - name: COMPLIANCE_POLICY - value: "{{ .CompliancePolicy }}" - {{- end }} - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{- with (index .ObjectMeta.Labels `service.istio.io/workload-name` | default .DeploymentMeta.Name) }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ . }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - {{ if .Values.global.proxy.startupProbe.enabled }} - startupProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: 0 - periodSeconds: 1 - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.startupProbe.failureThreshold }} - {{ end }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }} - allowPrivilegeEscalation: true - capabilities: - add: - - NET_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: true - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: false - runAsUser: 0 - {{- else }} - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - add: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - - NET_ADMIN - {{- end }} - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} - - NET_BIND_SERVICE - {{- end }} - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: true - {{ if or ($tproxy) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - runAsNonRoot: false - runAsUser: 0 - runAsGroup: 1337 - {{- else -}} - runAsNonRoot: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - {{- end }} - {{- end }} - resources: - {{ template "resources" . }} - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} - volumes: - - emptyDir: - name: workload-socket - - emptyDir: - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else }} - - emptyDir: - name: workload-certs - {{- end }} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} diff --git a/resources/v1.26.8/charts/istiod/files/kube-gateway.yaml b/resources/v1.26.8/charts/istiod/files/kube-gateway.yaml deleted file mode 100644 index 447ecae83..000000000 --- a/resources/v1.26.8/charts/istiod/files/kube-gateway.yaml +++ /dev/null @@ -1,401 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": {{.Name}} - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-gateway-controller" - ) | nindent 8 }} - spec: - securityContext: - {{- if .Values.gateways.securityContext }} - {{- toYaml .Values.gateways.securityContext | nindent 8 }} - {{- else }} - sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" - {{- if .Values.gateways.seccompProfile }} - seccompProfile: - {{- toYaml .Values.gateways.seccompProfile | nindent 10 }} - {{- end }} - {{- end }} - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{- if .Values.global.proxy.resources }} - resources: - {{- toYaml .Values.global.proxy.resources | nindent 10 }} - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - securityContext: - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - runAsUser: {{ .ProxyUID | default "1337" }} - runAsGroup: {{ .ProxyGID | default "1337" }} - runAsNonRoot: true - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }} - {{- end }} - env: - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: "[]" - - name: ISTIO_META_APP_CONTAINERS - value: "" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName .ClusterID }}" - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- with (valueOrDefault (index .InfrastructureLabels "topology.istio.io/network") .Values.global.network) }} - - name: ISTIO_META_NETWORK - value: {{.|quote}} - {{- end }} - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName|quote}} - - name: ISTIO_META_OWNER - value: "kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}}" - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- with (index .InfrastructureLabels "topology.istio.io/network") }} - - name: ISTIO_META_REQUESTED_NETWORK_VIEW - value: {{.|quote}} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - - name: workload-socket - mountPath: /var/run/secrets/workload-spiffe-uds - - name: credential-socket - mountPath: /var/run/secrets/credential-uds - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - mountPath: /var/run/secrets/workload-spiffe-credentials - readOnly: true - {{- else }} - - name: workload-certs - mountPath: /var/run/secrets/workload-spiffe-credentials - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: {} - name: credential-socket - {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} - - name: gke-workload-certificate - csi: - driver: workloadcertificates.security.cloud.google.com - {{- else}} - - emptyDir: {} - name: workload-certs - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - {{- if eq ((.Values.pilot).env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: {{.UID}} -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": {{.Name}} - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.8/charts/istiod/files/profile-ambient.yaml b/resources/v1.26.8/charts/istiod/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.8/charts/istiod/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.8/charts/istiod/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.8/charts/istiod/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.8/charts/istiod/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/istiod/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.8/charts/istiod/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.8/charts/istiod/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.8/charts/istiod/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.8/charts/istiod/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/istiod/files/profile-demo.yaml b/resources/v1.26.8/charts/istiod/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.8/charts/istiod/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.8/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.26.8/charts/istiod/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.8/charts/istiod/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.8/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.26.8/charts/istiod/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.8/charts/istiod/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.8/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.26.8/charts/istiod/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.8/charts/istiod/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.8/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.26.8/charts/istiod/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.8/charts/istiod/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.8/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.26.8/charts/istiod/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.8/charts/istiod/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.8/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.26.8/charts/istiod/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.8/charts/istiod/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.8/charts/istiod/files/profile-preview.yaml b/resources/v1.26.8/charts/istiod/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.8/charts/istiod/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.8/charts/istiod/files/profile-remote.yaml b/resources/v1.26.8/charts/istiod/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.8/charts/istiod/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.8/charts/istiod/files/profile-stable.yaml b/resources/v1.26.8/charts/istiod/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.8/charts/istiod/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.8/charts/istiod/files/waypoint.yaml b/resources/v1.26.8/charts/istiod/files/waypoint.yaml deleted file mode 100644 index 421cabeae..000000000 --- a/resources/v1.26.8/charts/istiod/files/waypoint.yaml +++ /dev/null @@ -1,396 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{.ServiceAccount | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - {{- if ge .KubeVersion 128 }} - # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" - {{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - selector: - matchLabels: - "{{.GatewayNameLabel}}": "{{.Name}}" - template: - metadata: - annotations: - {{- toJsonMap - (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") - (strdict "istio.io/rev" (.Revision | default "default")) - (strdict - "prometheus.io/path" "/stats/prometheus" - "prometheus.io/port" "15020" - "prometheus.io/scrape" "true" - ) | nindent 8 }} - labels: - {{- toJsonMap - (strdict - "sidecar.istio.io/inject" "false" - "istio.io/dataplane-mode" "none" - "service.istio.io/canonical-name" .DeploymentName - "service.istio.io/canonical-revision" "latest" - ) - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - "gateway.istio.io/managed" "istio.io-mesh-controller" - ) | nindent 8}} - spec: - {{- if .Values.global.waypoint.affinity }} - affinity: - {{- toYaml .Values.global.waypoint.affinity | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml .Values.global.waypoint.topologySpreadConstraints | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.nodeSelector }} - nodeSelector: - {{- toYaml .Values.global.waypoint.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.global.waypoint.tolerations }} - tolerations: - {{- toYaml .Values.global.waypoint.tolerations | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 2 - serviceAccountName: {{.ServiceAccount | quote}} - containers: - - name: istio-proxy - ports: - - containerPort: 15020 - name: metrics - protocol: TCP - - containerPort: 15021 - name: status-port - protocol: TCP - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .ProxyImage }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - args: - - proxy - - waypoint - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - - {{.ServiceAccount}}.$(POD_NAMESPACE) - - --proxyLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} - - --proxyComponentLogLevel - - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} - - --log_output_level - - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.outlierLogPath }} - - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} - {{- end}} - env: - - name: ISTIO_META_SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: ISTIO_CPU_LIMIT - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - {{- if .ProxyConfig.ProxyMetadata }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - {{- $network := valueOrDefault (index .InfrastructureLabels `topology.istio.io/network`) .Values.global.network }} - {{- if $network }} - - name: ISTIO_META_NETWORK - value: "{{ $network }}" - {{- end }} - - name: ISTIO_META_INTERCEPTION_MODE - value: REDIRECT - - name: ISTIO_META_WORKLOAD_NAME - value: {{.DeploymentName}} - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if .Values.global.waypoint.resources }} - resources: - {{- toYaml .Values.global.waypoint.resources | nindent 10 }} - {{- end }} - startupProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 4 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 0 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 1 - securityContext: - privileged: false - {{- if not (eq .Values.global.platform "openshift") }} - runAsGroup: 1337 - runAsUser: 1337 - {{- end }} - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.gateways.seccompProfile }} - seccompProfile: -{{- toYaml .Values.gateways.seccompProfile | nindent 12 }} -{{- end }} - volumeMounts: - - mountPath: /var/run/secrets/workload-spiffe-uds - name: workload-socket - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /etc/istio/pod - name: istio-podinfo - volumes: - - emptyDir: {} - name: workload-socket - - emptyDir: - medium: Memory - name: istio-envoy - - emptyDir: - medium: Memory - name: go-proxy-envoy - - emptyDir: {} - name: istio-data - - emptyDir: {} - name: go-proxy-data - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: istio-podinfo - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - name: istiod-ca-cert - {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - {{ toJsonMap - (strdict "networking.istio.io/traffic-distribution" "PreferClose") - (omit .InfrastructureAnnotations - "kubectl.kubernetes.io/last-applied-configuration" - "gateway.istio.io/name-override" - "gateway.istio.io/service-account" - "gateway.istio.io/controller-version" - ) | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: "{{.Name}}" - uid: "{{.UID}}" -spec: - ipFamilyPolicy: PreferDualStack - ports: - {{- range $key, $val := .Ports }} - - name: {{ $val.Name | quote }} - port: {{ $val.Port }} - protocol: TCP - appProtocol: {{ $val.AppProtocol }} - {{- end }} - selector: - "{{.GatewayNameLabel}}": "{{.Name}}" - {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} - loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} - {{- end }} - type: {{ .ServiceType | quote }} ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{.DeploymentName | quote}} - maxReplicas: 1 ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{.DeploymentName | quote}} - namespace: {{.Namespace | quote}} - annotations: - {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} - labels: - {{- toJsonMap - .InfrastructureLabels - (strdict - "gateway.networking.k8s.io/gateway-name" .Name - ) | nindent 4 }} - ownerReferences: - - apiVersion: gateway.networking.k8s.io/v1beta1 - kind: Gateway - name: {{.Name}} - uid: "{{.UID}}" -spec: - selector: - matchLabels: - gateway.networking.k8s.io/gateway-name: {{.Name|quote}} - diff --git a/resources/v1.26.8/charts/istiod/templates/NOTES.txt b/resources/v1.26.8/charts/istiod/templates/NOTES.txt deleted file mode 100644 index 0d07ea7f4..000000000 --- a/resources/v1.26.8/charts/istiod/templates/NOTES.txt +++ /dev/null @@ -1,82 +0,0 @@ -"istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}" successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} - -Next steps: -{{- $profile := default "" .Values.profile }} -{{- if (eq $profile "ambient") }} - * Get started with ambient: https://istio.io/latest/docs/ops/ambient/getting-started/ - * Review ambient's architecture: https://istio.io/latest/docs/ops/ambient/architecture/ -{{- else }} - * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/ - * Try out our tasks to get started on common configurations: - * https://istio.io/latest/docs/tasks/traffic-management - * https://istio.io/latest/docs/tasks/security/ - * https://istio.io/latest/docs/tasks/policy-enforcement/ -{{- end }} - * Review the list of actively supported releases, CVE publications and our hardening guide: - * https://istio.io/latest/docs/releases/supported-releases/ - * https://istio.io/latest/news/security/ - * https://istio.io/latest/docs/ops/best-practices/security/ - -For further documentation see https://istio.io website - -{{- - $deps := dict - "global.outboundTrafficPolicy" "meshConfig.outboundTrafficPolicy" - "global.certificates" "meshConfig.certificates" - "global.localityLbSetting" "meshConfig.localityLbSetting" - "global.policyCheckFailOpen" "meshConfig.policyCheckFailOpen" - "global.enableTracing" "meshConfig.enableTracing" - "global.proxy.accessLogFormat" "meshConfig.accessLogFormat" - "global.proxy.accessLogFile" "meshConfig.accessLogFile" - "global.proxy.concurrency" "meshConfig.defaultConfig.concurrency" - "global.proxy.envoyAccessLogService" "meshConfig.defaultConfig.envoyAccessLogService" - "global.proxy.envoyAccessLogService.enabled" "meshConfig.enableEnvoyAccessLogService" - "global.proxy.envoyMetricsService" "meshConfig.defaultConfig.envoyMetricsService" - "global.proxy.protocolDetectionTimeout" "meshConfig.protocolDetectionTimeout" - "global.proxy.holdApplicationUntilProxyStarts" "meshConfig.defaultConfig.holdApplicationUntilProxyStarts" - "pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" - "global.mtls.enabled" "the PeerAuthentication resource" - "global.mtls.auto" "meshConfig.enableAutoMtls" - "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address" - "global.tracer.lightstep.accessToken" "meshConfig.defaultConfig.tracing.lightstep.accessToken" - "global.tracer.zipkin.address" "meshConfig.defaultConfig.tracing.zipkin.address" - "global.tracer.datadog.address" "meshConfig.defaultConfig.tracing.datadog.address" - "global.meshExpansion.enabled" "Gateway and other Istio networking resources, such as in samples/multicluster/" - "istiocoredns.enabled" "the in-proxy DNS capturing (ISTIO_META_DNS_CAPTURE)" -}} -{{- range $dep, $replace := $deps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -WARNING: {{$dep|quote}} is deprecated; use {{$replace|quote}} instead. -{{- end }} -{{- end }} -{{- - $failDeps := dict - "telemetry.v2.prometheus.configOverride" - "telemetry.v2.stackdriver.configOverride" - "telemetry.v2.stackdriver.disableOutbound" - "telemetry.v2.stackdriver.outboundAccessLogging" - "global.tracer.stackdriver.debug" "meshConfig.defaultConfig.tracing.stackdriver.debug" - "global.tracer.stackdriver.maxNumberOfAttributes" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" - "global.tracer.stackdriver.maxNumberOfAnnotations" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" - "global.tracer.stackdriver.maxNumberOfMessageEvents" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" - "meshConfig.defaultConfig.tracing.stackdriver.debug" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" "Istio supported tracers" - "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" "Istio supported tracers" -}} -{{- range $dep, $replace := $failDeps }} -{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} -{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} -{{- if not (eq $res "")}} -{{fail (print $dep " is removed")}} -{{- end }} -{{- end }} -{{- if eq $.Values.global.pilotCertProvider "kubernetes" }} -{{- fail "pilotCertProvider=kubernetes is not supported" }} -{{- end }} \ No newline at end of file diff --git a/resources/v1.26.8/charts/istiod/templates/_helpers.tpl b/resources/v1.26.8/charts/istiod/templates/_helpers.tpl deleted file mode 100644 index 042c92538..000000000 --- a/resources/v1.26.8/charts/istiod/templates/_helpers.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* Default Prometheus is enabled if its enabled and there are no config overrides set */}} -{{ define "default-prometheus" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.prometheus.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. Default metrics are enabled if SD is enabled */}} -{{ define "default-sd-metrics" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} - -{{/* SD has metrics and logging split. */}} -{{ define "default-sd-logs" }} -{{- and - (not .Values.meshConfig.defaultProviders) - .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled -}} -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/autoscale.yaml b/resources/v1.26.8/charts/istiod/templates/autoscale.yaml deleted file mode 100644 index 09cd6258c..000000000 --- a/resources/v1.26.8/charts/istiod/templates/autoscale.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - maxReplicas: {{ .Values.autoscaleMax }} - minReplicas: {{ .Values.autoscaleMin }} - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.cpu.targetAverageUtilization }} - {{- if .Values.memory.targetAverageUtilization }} - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: {{ .Values.memory.targetAverageUtilization }} - {{- end }} - {{- if .Values.autoscaleBehavior }} - behavior: {{ toYaml .Values.autoscaleBehavior | nindent 4 }} - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/clusterrole.yaml b/resources/v1.26.8/charts/istiod/templates/clusterrole.yaml deleted file mode 100644 index d4d79d00f..000000000 --- a/resources/v1.26.8/charts/istiod/templates/clusterrole.yaml +++ /dev/null @@ -1,206 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - # sidecar injection controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - # configuration validation webhook controller - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] - - # istio configuration - # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) - # please proceed with caution - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["get", "watch", "list"] - resources: ["*"] -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] - verbs: ["update", "patch"] - resources: - - authorizationpolicies/status - - destinationrules/status - - envoyfilters/status - - gateways/status - - peerauthentications/status - - proxyconfigs/status - - requestauthentications/status - - serviceentries/status - - sidecars/status - - telemetries/status - - virtualservices/status - - wasmplugins/status - - workloadentries/status - - workloadgroups/status -{{- end }} - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "workloadentries/status", "serviceentries/status" ] - - apiGroups: ["security.istio.io"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "authorizationpolicies/status" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services/status" ] - - # auto-detect installed CRD definitions - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - # discovery and routing - - apiGroups: [""] - resources: ["pods", "nodes", "services", "namespaces", "endpoints"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - -{{- if .Values.taint.enabled }} - - apiGroups: [""] - resources: ["nodes"] - verbs: ["patch"] -{{- end }} - - # ingress controller -{{- if .Values.global.istiod.enableAnalysis }} - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["extensions", "networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] -{{- end}} - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses", "ingressclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] - - # required for CA's namespace controller - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - # Istiod and bootstrap. -{{- $omitCertProvidersForClusterRole := list "istiod" "custom" "none"}} -{{- if or .Values.env.EXTERNAL_CA (not (has .Values.global.pilotCertProvider $omitCertProvidersForClusterRole)) }} - - apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete", "watch"] - - apiGroups: ["certificates.k8s.io"] - resources: - - "signers" - resourceNames: -{{- range .Values.global.certSigners }} - - {{ . | quote }} -{{- end }} - verbs: ["approve"] -{{- end}} -{{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - - apiGroups: ["certificates.k8s.io"] - resources: ["clustertrustbundles"] - verbs: ["update", "create", "delete", "list", "watch", "get"] - - apiGroups: ["certificates.k8s.io"] - resources: ["signers"] - resourceNames: ["istio.io/istiod-ca"] - verbs: ["attest"] -{{- end }} - - # Used by Istiod to verify the JWT tokens - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - # Used by Istiod to verify gateway SDS - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] - - # Use for Kubernetes Service APIs - - apiGroups: ["gateway.networking.k8s.io", "gateway.networking.x-k8s.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] - - apiGroups: ["gateway.networking.x-k8s.io"] - resources: - - xbackendtrafficpolicies/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: - - backendtlspolicies/status - - gatewayclasses/status - - gateways/status - - grpcroutes/status - - httproutes/status - - referencegrants/status - - tcproutes/status - - tlsroutes/status - - udproutes/status - verbs: ["update", "patch"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: ["gatewayclasses"] - verbs: ["create", "update", "patch", "delete"] - - # Needed for multicluster secret reading, possibly ingress certs in the future - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] - - # Used for MCS serviceexport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: [ "get", "watch", "list", "create", "delete"] - - # Used for MCS serviceimport management - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "watch", "list"] ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: ["apps"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "deployments" ] - - apiGroups: ["autoscaling"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "horizontalpodautoscalers" ] - - apiGroups: ["policy"] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "poddisruptionbudgets" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "services" ] - - apiGroups: [""] - verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] - resources: [ "serviceaccounts"] -{{- end }} -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.26.8/charts/istiod/templates/clusterrolebinding.yaml deleted file mode 100644 index 10781b407..000000000 --- a/resources/v1.26.8/charts/istiod/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} ---- -{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: -- kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.26.8/charts/istiod/templates/configmap-jwks.yaml deleted file mode 100644 index 3505d2822..000000000 --- a/resources/v1.26.8/charts/istiod/templates/configmap-jwks.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.jwksResolverExtraRootCA }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - release: {{ .Release.Name }} - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} -{{- end }} -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/configmap-values.yaml b/resources/v1.26.8/charts/istiod/templates/configmap-values.yaml deleted file mode 100644 index 75e6e0bcc..000000000 --- a/resources/v1.26.8/charts/istiod/templates/configmap-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: values{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - annotations: - kubernetes.io/description: This ConfigMap contains the Helm values used during chart rendering. This ConfigMap is rendered for debugging purposes and external tooling; modifying these values has no effect. - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - original-values: |- -{{ .Values._original | toPrettyJson | indent 4 }} -{{- $_ := unset $.Values "_original" }} - merged-values: |- -{{ .Values | toPrettyJson | indent 4 }} diff --git a/resources/v1.26.8/charts/istiod/templates/configmap.yaml b/resources/v1.26.8/charts/istiod/templates/configmap.yaml deleted file mode 100644 index 3098d300f..000000000 --- a/resources/v1.26.8/charts/istiod/templates/configmap.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{- define "mesh" }} - # The trust domain corresponds to the trust root of a system. - # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain - trustDomain: "cluster.local" - - # The namespace to treat as the administrative root namespace for Istio configuration. - # When processing a leaf namespace Istio will search for declarations in that namespace first - # and if none are found it will search in the root namespace. Any matching declaration found in the root namespace - # is processed as if it were declared in the leaf namespace. - rootNamespace: {{ .Values.meshConfig.rootNamespace | default .Values.global.istioNamespace }} - - {{ $prom := include "default-prometheus" . | eq "true" }} - {{ $sdMetrics := include "default-sd-metrics" . | eq "true" }} - {{ $sdLogs := include "default-sd-logs" . | eq "true" }} - {{- if or $prom $sdMetrics $sdLogs }} - defaultProviders: - {{- if or $prom $sdMetrics }} - metrics: - {{ if $prom }}- prometheus{{ end }} - {{ if and $sdMetrics $sdLogs }}- stackdriver{{ end }} - {{- end }} - {{- if and $sdMetrics $sdLogs }} - accessLogging: - - stackdriver - {{- end }} - {{- end }} - - defaultConfig: - {{- if .Values.global.meshID }} - meshId: "{{ .Values.global.meshID }}" - {{- end }} - {{- with (.Values.global.proxy.variant | default .Values.global.variant) }} - image: - imageType: {{. | quote}} - {{- end }} - {{- if not (eq .Values.global.proxy.tracer "none") }} - tracing: - {{- if eq .Values.global.proxy.tracer "lightstep" }} - lightstep: - # Address of the LightStep Satellite pool - address: {{ .Values.global.tracer.lightstep.address }} - # Access Token used to communicate with the Satellite pool - accessToken: {{ .Values.global.tracer.lightstep.accessToken }} - {{- else if eq .Values.global.proxy.tracer "zipkin" }} - zipkin: - # Address of the Zipkin collector - address: {{ ((.Values.global.tracer).zipkin).address | default (print "zipkin." .Values.global.istioNamespace ":9411") }} - {{- else if eq .Values.global.proxy.tracer "datadog" }} - datadog: - # Address of the Datadog Agent - address: {{ ((.Values.global.tracer).datadog).address | default "$(HOST_IP):8126" }} - {{- else if eq .Values.global.proxy.tracer "stackdriver" }} - stackdriver: - # enables trace output to stdout. - debug: {{ (($.Values.global.tracer).stackdriver).debug | default "false" }} - # The global default max number of attributes per span. - maxNumberOfAttributes: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAttributes | default "200" }} - # The global default max number of annotation events per span. - maxNumberOfAnnotations: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAnnotations | default "200" }} - # The global default max number of message events per span. - maxNumberOfMessageEvents: {{ (($.Values.global.tracer).stackdriver).maxNumberOfMessageEvents | default "200" }} - {{- end }} - {{- end }} - {{- if .Values.global.remotePilotAddress }} - discoveryAddress: {{ printf "istiod.%s.svc" .Release.Namespace }}:15012 - {{- else }} - discoveryAddress: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{.Release.Namespace}}.svc:15012 - {{- end }} -{{- end }} - -{{/* We take the mesh config above, defined with individual values.yaml, and merge with .Values.meshConfig */}} -{{/* The intent here is that meshConfig.foo becomes the API, rather than re-inventing the API in values.yaml */}} -{{- $originalMesh := include "mesh" . | fromYaml }} -{{- $mesh := mergeOverwrite $originalMesh .Values.meshConfig }} - -{{- if .Values.configMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - {{- if .Values.global.meshNetworks }} - networks: -{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} - {{- else }} - networks: {} - {{- end }} - - mesh: |- -{{- if .Values.meshConfig }} -{{ $mesh | toYaml | indent 4 }} -{{- else }} -{{- include "mesh" . }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/deployment.yaml b/resources/v1.26.8/charts/istiod/templates/deployment.yaml deleted file mode 100644 index 73917d860..000000000 --- a/resources/v1.26.8/charts/istiod/templates/deployment.yaml +++ /dev/null @@ -1,304 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- range $key, $val := .Values.deploymentLabels }} - {{ $key }}: "{{ $val }}" -{{- end }} -spec: -{{- if not .Values.autoscaleEnabled }} -{{- if .Values.replicaCount }} - replicas: {{ .Values.replicaCount }} -{{- end }} -{{- end }} - strategy: - rollingUpdate: - maxSurge: {{ .Values.rollingMaxSurge }} - maxUnavailable: {{ .Values.rollingMaxUnavailable }} - selector: - matchLabels: - {{- if ne .Values.revision "" }} - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - {{- else }} - istio: pilot - {{- end }} - template: - metadata: - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - sidecar.istio.io/inject: "false" - operator.istio.io/component: "Pilot" - {{- if ne .Values.revision "" }} - istio: istiod - {{- else }} - istio: pilot - {{- end }} - {{- range $key, $val := .Values.podLabels }} - {{ $key }}: "{{ $val }}" - {{- end }} - istio.io/dataplane-mode: none - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 8 }} - annotations: - prometheus.io/port: "15014" - prometheus.io/scrape: "true" - sidecar.istio.io/inject: "false" - {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: -{{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- with .Values.affinity }} - affinity: -{{- toYaml . | nindent 8 }} -{{- end }} - tolerations: - - key: cni.istio.io/not-ready - operator: "Exists" -{{- with .Values.tolerations }} -{{- toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{- toYaml . | nindent 8 }} -{{- end }} - serviceAccountName: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- if .Values.global.priorityClassName }} - priorityClassName: "{{ .Values.global.priorityClassName }}" -{{- end }} -{{- with .Values.initContainers }} - initContainers: - {{- tpl (toYaml .) $ | nindent 8 }} -{{- end }} - containers: - - name: discovery -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "pilot" }}:{{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}}" -{{- end }} -{{- if .Values.global.imagePullPolicy }} - imagePullPolicy: {{ .Values.global.imagePullPolicy }} -{{- end }} - args: - - "discovery" - - --monitoringAddr=:15014 -{{- if .Values.global.logging.level }} - - --log_output_level={{ .Values.global.logging.level }} -{{- end}} -{{- if .Values.global.logAsJson }} - - --log_as_json -{{- end }} - - --domain - - {{ .Values.global.proxy.clusterDomain }} -{{- if .Values.taint.namespace }} - - --cniNamespace={{ .Values.taint.namespace }} -{{- end }} - - --keepaliveMaxServerConnectionAge - - "{{ .Values.keepaliveMaxServerConnectionAge }}" -{{- if .Values.extraContainerArgs }} - {{- with .Values.extraContainerArgs }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- end }} - ports: - - containerPort: 8080 - protocol: TCP - name: http-debug - - containerPort: 15010 - protocol: TCP - name: grpc-xds - - containerPort: 15012 - protocol: TCP - name: tls-xds - - containerPort: 15017 - protocol: TCP - name: https-webhooks - - containerPort: 15014 - protocol: TCP - name: http-monitoring - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 1 - periodSeconds: 3 - timeoutSeconds: 5 - env: - - name: REVISION - value: "{{ .Values.revision | default `default` }}" - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.serviceAccountName - - name: KUBECONFIG - value: /var/run/secrets/remote/config - # If you explicitly told us where ztunnel lives, use that. - # Otherwise, assume it lives in our namespace - # Also, check for an explicit ENV override (legacy approach) and prefer that - # if present - {{ $ztTrustedNS := or .Values.trustedZtunnelNamespace .Release.Namespace }} - {{ $ztTrustedName := or .Values.trustedZtunnelName "ztunnel" }} - {{- if not .Values.env.CA_TRUSTED_NODE_ACCOUNTS }} - - name: CA_TRUSTED_NODE_ACCOUNTS - value: "{{ $ztTrustedNS }}/{{ $ztTrustedName }}" - {{- end }} - {{- if .Values.env }} - {{- range $key, $val := .Values.env }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - {{- with .Values.envVarFrom }} - {{- toYaml . | nindent 10 }} - {{- end }} -{{- if .Values.traceSampling }} - - name: PILOT_TRACE_SAMPLING - value: "{{ .Values.traceSampling }}" -{{- end }} -# If externalIstiod is set via Values.Global, then enable the pilot env variable. However, if it's set via Values.pilot.env, then -# don't set it here to avoid duplication. -# TODO (nshankar13): Move from Helm chart to code: https://github.com/istio/istio/issues/52449 -{{- if and .Values.global.externalIstiod (not (and .Values.env .Values.env.EXTERNAL_ISTIOD)) }} - - name: EXTERNAL_ISTIOD - value: "{{ .Values.global.externalIstiod }}" -{{- end }} - - name: PILOT_ENABLE_ANALYSIS - value: "{{ .Values.global.istiod.enableAnalysis }}" - - name: CLUSTER_ID - value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" - - name: GOMEMLIMIT - valueFrom: - resourceFieldRef: - resource: limits.memory - divisor: "1" - - name: GOMAXPROCS - valueFrom: - resourceFieldRef: - resource: limits.cpu - divisor: "1" - - name: PLATFORM - value: "{{ coalesce .Values.global.platform .Values.platform }}" - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 12 }} -{{- else }} -{{ toYaml .Values.global.defaultResources | trim | indent 12 }} -{{- end }} - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL -{{- if .Values.seccompProfile }} - seccompProfile: -{{ toYaml .Values.seccompProfile | trim | indent 14 }} -{{- end }} - volumeMounts: - - name: istio-token - mountPath: /var/run/secrets/tokens - readOnly: true - - name: local-certs - mountPath: /var/run/secrets/istio-dns - - name: cacerts - mountPath: /etc/cacerts - readOnly: true - - name: istio-kubeconfig - mountPath: /var/run/secrets/remote - readOnly: true - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - mountPath: /cacerts - {{- end }} - - name: istio-csr-dns-cert - mountPath: /var/run/secrets/istiod/tls - readOnly: true - - name: istio-csr-ca-configmap - mountPath: /var/run/secrets/istiod/ca - readOnly: true - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 10 }} - {{- end }} - volumes: - # Technically not needed on this pod - but it helps debugging/testing SDS - # Should be removed after everything works. - - emptyDir: - medium: Memory - name: local-certs - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: {{ .Values.global.sds.token.aud }} - expirationSeconds: 43200 - path: istio-token - # Optional: user-generated root - - name: cacerts - secret: - secretName: cacerts - optional: true - - name: istio-kubeconfig - secret: - secretName: istio-kubeconfig - optional: true - # Optional: istio-csr dns pilot certs - - name: istio-csr-dns-cert - secret: - secretName: istiod-tls - optional: true - - name: istio-csr-ca-configmap - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - optional: true - {{- else }} - configMap: - name: istio-ca-root-cert - defaultMode: 420 - optional: true - {{- end }} - {{- if .Values.jwksResolverExtraRootCA }} - - name: extracacerts - configMap: - name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - {{- end }} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} - ---- -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.26.8/charts/istiod/templates/gateway-class-configmap.yaml deleted file mode 100644 index 6b23d716a..000000000 --- a/resources/v1.26.8/charts/istiod/templates/gateway-class-configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ range $key, $value := .Values.gatewayClasses }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-{{ $.Values.revision | default "default" }}-gatewayclass-{{$key}} - namespace: {{ $.Release.Namespace }} - labels: - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - gateway.istio.io/defaults-for-class: {{$key|quote}} - {{- include "istio.labels" $ | nindent 4 }} -data: -{{ range $kind, $overlay := $value }} - {{$kind}}: | -{{$overlay|toYaml|trim|indent 4}} -{{ end }} ---- -{{ end }} diff --git a/resources/v1.26.8/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.26.8/charts/istiod/templates/istiod-injector-configmap.yaml deleted file mode 100644 index 171aff886..000000000 --- a/resources/v1.26.8/charts/istiod/templates/istiod-injector-configmap.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if not .Values.global.omitSidecarInjectorConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -data: -{{/* Scope the values to just top level fields used in the template, to reduce the size. */}} - values: |- -{{ $vals := pick .Values "global" "sidecarInjectorWebhook" "revision" -}} -{{ $pilotVals := pick .Values "cni" "env" -}} -{{ $vals = set $vals "pilot" $pilotVals -}} -{{ $gatewayVals := pick .Values.gateways "securityContext" "seccompProfile" -}} -{{ $vals = set $vals "gateways" $gatewayVals -}} -{{ $vals | toPrettyJson | indent 4 }} - - # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching - # and istiod webhook functionality. - # - # New fields should not use Values - it is a 'primary' config object, users should be able - # to fine tune it or use it with kube-inject. - config: |- - # defaultTemplates defines the default template to use for pods that do not explicitly specify a template - {{- if .Values.sidecarInjectorWebhook.defaultTemplates }} - defaultTemplates: -{{- range .Values.sidecarInjectorWebhook.defaultTemplates}} - - {{ . }} -{{- end }} - {{- else }} - defaultTemplates: [sidecar] - {{- end }} - policy: {{ .Values.global.proxy.autoInject }} - alwaysInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} - neverInjectSelector: -{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} - injectedAnnotations: - {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} - "{{ $key }}": {{ $val | quote }} - {{- end }} - {{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template - which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined". - This should make it obvious that their installation is broken. - */}} - template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }} - templates: -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }} - sidecar: | -{{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }} - gateway: | -{{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }} - grpc-simple: | -{{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }} - grpc-agent: | -{{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "waypoint") }} - waypoint: | -{{ .Files.Get "files/waypoint.yaml" | trim | indent 8 }} -{{- end }} -{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "kube-gateway") }} - kube-gateway: | -{{ .Files.Get "files/kube-gateway.yaml" | trim | indent 8 }} -{{- end }} -{{- with .Values.sidecarInjectorWebhook.templates }} -{{ toYaml . | trim | indent 6 }} -{{- end }} - -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.26.8/charts/istiod/templates/mutatingwebhook.yaml deleted file mode 100644 index 22160f70a..000000000 --- a/resources/v1.26.8/charts/istiod/templates/mutatingwebhook.yaml +++ /dev/null @@ -1,164 +0,0 @@ -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- /* Core defines the common configuration used by all webhook segments */}} -{{/* Copy just what we need to avoid expensive deepCopy */}} -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "caBundle" .Values.istiodRemote.injectionCABundle - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - {{- if .caBundle }} - caBundle: "{{ .caBundle }}" - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- /* Installed for each revision - not installed for cluster resources ( cluster roles, bindings, crds) */}} -{{- if not .Values.global.operatorManageWebhooks }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq .Release.Namespace "istio-system"}} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} -{{- else }} - name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -{{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- /* Set up the selectors. First section is for revision, rest is for "default" revision */}} - -{{- /* Case 1: namespace selector matches, and object doesn't disable */}} -{{- /* Note: if both revision and legacy selector, we give precedence to the legacy one */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: No namespace selector, but object selects our revision (and doesn't disable) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - - -{{- /* Webhooks for default revision */}} -{{- if (eq .Values.revision "") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if .Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.26.8/charts/istiod/templates/poddisruptionbudget.yaml deleted file mode 100644 index 1eacf16e6..000000000 --- a/resources/v1.26.8/charts/istiod/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -{{- if .Values.global.defaultPodDisruptionBudget.enabled }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - release: {{ .Release.Name }} - istio: pilot - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - minAvailable: 1 - selector: - matchLabels: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - istio: pilot - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.26.8/charts/istiod/templates/reader-clusterrole.yaml deleted file mode 100644 index 4707c7e9f..000000000 --- a/resources/v1.26.8/charts/istiod/templates/reader-clusterrole.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -rules: - - apiGroups: - - "config.istio.io" - - "security.istio.io" - - "networking.istio.io" - - "authentication.istio.io" - - "rbac.istio.io" - - "telemetry.istio.io" - - "extensions.istio.io" - resources: ["*"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - # TODO(keithmattix): See if we can conditionally give permission to read secrets and configmaps iff externalIstiod - # is enabled. Best I can tell, these two resources are only needed for configuring proxy TLS (i.e. CA certs). - resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets", "configmaps"] - verbs: ["get", "list", "watch"] - - apiGroups: ["networking.istio.io"] - verbs: [ "get", "watch", "list" ] - resources: [ "workloadentries" ] - - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] - resources: ["gateways"] - verbs: ["get", "watch", "list"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceexports"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: ["{{ $mcsAPIGroup }}"] - resources: ["serviceimports"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] -{{- if .Values.istiodRemote.enabled }} - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] -{{- end}} diff --git a/resources/v1.26.8/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.26.8/charts/istiod/templates/reader-clusterrolebinding.yaml deleted file mode 100644 index aea9f01f7..000000000 --- a/resources/v1.26.8/charts/istiod/templates/reader-clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} - labels: - app: istio-reader - release: {{ .Release.Name }} - app.kubernetes.io/name: "istio-reader" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: istio-reader-service-account - namespace: {{ .Values.global.istioNamespace }} diff --git a/resources/v1.26.8/charts/istiod/templates/remote-istiod-endpoints.yaml b/resources/v1.26.8/charts/istiod/templates/remote-istiod-endpoints.yaml deleted file mode 100644 index a6de571da..000000000 --- a/resources/v1.26.8/charts/istiod/templates/remote-istiod-endpoints.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.istiodRemote.enabled }} -# if the remotePilotAddress is an IP addr -{{- if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Endpoints -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -subsets: -- addresses: - - ip: {{ .Values.global.remotePilotAddress }} - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 15017 - name: tcp-webhook - protocol: TCP ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.26.8/charts/istiod/templates/remote-istiod-service.yaml deleted file mode 100644 index d3f872f74..000000000 --- a/resources/v1.26.8/charts/istiod/templates/remote-istiod-service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# This file is only used for remote `istiod` installs. -{{- if .Values.global.remotePilotAddress }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "istiod" - {{ include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15012 - name: tcp-istiod - protocol: TCP - - port: 443 - targetPort: 15017 - name: tcp-webhook - protocol: TCP - {{- if and .Values.global.remotePilotAddress (not (regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress)) }} - # if the remotePilotAddress is not an IP addr, we use ExternalName - type: ExternalName - externalName: {{ .Values.global.remotePilotAddress }} - {{- end }} -{{- if .Values.global.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy }} -{{- end }} -{{- if .Values.global.ipFamilies }} - ipFamilies: -{{- range .Values.global.ipFamilies }} - - {{ . }} -{{- end }} -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/revision-tags.yaml b/resources/v1.26.8/charts/istiod/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.8/charts/istiod/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/role.yaml b/resources/v1.26.8/charts/istiod/templates/role.yaml deleted file mode 100644 index 10d89e8d1..000000000 --- a/resources/v1.26.8/charts/istiod/templates/role.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -rules: -# permissions to verify the webhook is ready and rejecting -# invalid config. We use --server-dry-run so no config is persisted. -- apiGroups: ["networking.istio.io"] - verbs: ["create"] - resources: ["gateways"] - -# For storing CA secret -- apiGroups: [""] - resources: ["secrets"] - # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config - verbs: ["create", "get", "watch", "list", "update", "delete"] - -# For status controller, so it can delete the distribution report configmap -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["delete"] - -# For gateway deployment controller -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "update", "patch", "create"] -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/rolebinding.yaml b/resources/v1.26.8/charts/istiod/templates/rolebinding.yaml deleted file mode 100644 index a42f4ec44..000000000 --- a/resources/v1.26.8/charts/istiod/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} -subjects: - - kind: ServiceAccount - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/service.yaml b/resources/v1.26.8/charts/istiod/templates/service.yaml deleted file mode 100644 index 30d5b8912..000000000 --- a/resources/v1.26.8/charts/istiod/templates/service.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# Not created if istiod is running remotely -{{- if not .Values.istiodRemote.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.serviceAnnotations }} - annotations: -{{ toYaml .Values.serviceAnnotations | indent 4 }} - {{- end }} - labels: - istio.io/rev: {{ .Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: istiod - istio: pilot - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - ports: - - port: 15010 - name: grpc-xds # plaintext - protocol: TCP - - port: 15012 - name: https-dns # mTLS with k8s-signed cert - protocol: TCP - - port: 443 - name: https-webhook # validation and injection - targetPort: 15017 - protocol: TCP - - port: 15014 - name: http-monitoring # prometheus stats - protocol: TCP - selector: - app: istiod - {{- if ne .Values.revision "" }} - istio.io/rev: {{ .Values.revision | quote }} - {{- else }} - # Label used by the 'default' service. For versioned deployments we match with app and version. - # This avoids default deployment picking the canary - istio: pilot - {{- end }} - {{- if .Values.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.ipFamilyPolicy }} - {{- end }} - {{- if .Values.ipFamilies }} - ipFamilies: - {{- range .Values.ipFamilies }} - - {{ . }} - {{- end }} - {{- end }} ---- -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/serviceaccount.yaml b/resources/v1.26.8/charts/istiod/templates/serviceaccount.yaml deleted file mode 100644 index a673a4d07..000000000 --- a/resources/v1.26.8/charts/istiod/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -apiVersion: v1 -kind: ServiceAccount - {{- if .Values.global.imagePullSecrets }} -imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} - {{- if .Values.serviceAccountAnnotations }} - annotations: -{{- toYaml .Values.serviceAccountAnnotations | nindent 4 }} - {{- end }} -{{- end }} ---- diff --git a/resources/v1.26.8/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.26.8/charts/istiod/templates/validatingadmissionpolicy.yaml deleted file mode 100644 index d36eef68e..000000000 --- a/resources/v1.26.8/charts/istiod/templates/validatingadmissionpolicy.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.experimental.stableValidationPolicy }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicy -metadata: - name: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - labels: - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -spec: - failurePolicy: Fail - matchConstraints: - resourceRules: - - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: ["*"] - operations: ["CREATE", "UPDATE"] - resources: ["*"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} - variables: - - name: isEnvoyFilter - expression: "object.kind == 'EnvoyFilter'" - - name: isWasmPlugin - expression: "object.kind == 'WasmPlugin'" - - name: isProxyConfig - expression: "object.kind == 'ProxyConfig'" - - name: isTelemetry - expression: "object.kind == 'Telemetry'" - validations: - - expression: "!variables.isEnvoyFilter" - - expression: "!variables.isWasmPlugin" - - expression: "!variables.isProxyConfig" - - expression: | - !( - variables.isTelemetry && ( - (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || - (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || - (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) - ) - ) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingAdmissionPolicyBinding -metadata: - name: "stable-channel-policy-binding{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" -spec: - policyName: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" - validationActions: [Deny] -{{- end }} -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.26.8/charts/istiod/templates/validatingwebhookconfiguration.yaml deleted file mode 100644 index fb28836a0..000000000 --- a/resources/v1.26.8/charts/istiod/templates/validatingwebhookconfiguration.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# Created if this is not a remote istiod, OR if it is and is also a config cluster -{{- if or (and .Values.istiodRemote.enabled .Values.global.configCluster) (not .Values.istiodRemote.enabled) }} -{{- if .Values.global.configValidation }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: istio-validator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }} - labels: - app: istiod - release: {{ .Release.Name }} - istio: istiod - istio.io/rev: {{ .Values.revision | default "default" | quote }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" . | nindent 4 }} -webhooks: - # Webhook handling per-revision validation. Mostly here so we can determine whether webhooks - # are rejecting invalid configs on a per-revision basis. - - name: rev.validation.istio.io - clientConfig: - # Should change from base but cannot for API compat - {{- if .Values.base.validationURL }} - url: {{ .Values.base.validationURL }} - {{- else }} - service: - name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} - namespace: {{ .Values.global.istioNamespace }} - path: "/validate" - {{- end }} - {{- if .Values.base.validationCABundle }} - caBundle: "{{ .Values.base.validationCABundle }}" - {{- end }} - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - - extensions.istio.io - apiVersions: - - "*" - resources: - - "*" - {{- if .Values.base.validationCABundle }} - # Disable webhook controller in Pilot to stop patching it - failurePolicy: Fail - {{- else }} - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - {{- end }} - sideEffects: None - admissionReviewVersions: ["v1"] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - {{- if (eq .Values.revision "") }} - - "default" - {{- else }} - - "{{ .Values.revision }}" - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/resources/v1.26.8/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.26.8/charts/istiod/templates/zzy_descope_legacy.yaml deleted file mode 100644 index ae8fced29..000000000 --- a/resources/v1.26.8/charts/istiod/templates/zzy_descope_legacy.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Copy anything under `.pilot` to `.`, to avoid the need to specify a redundant prefix. -Due to the file naming, this always happens after zzz_profile.yaml */}} -{{- $_ := mustMergeOverwrite $.Values (index $.Values "pilot") }} \ No newline at end of file diff --git a/resources/v1.26.8/charts/istiod/templates/zzz_profile.yaml b/resources/v1.26.8/charts/istiod/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.8/charts/istiod/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.8/charts/istiod/values.yaml b/resources/v1.26.8/charts/istiod/values.yaml deleted file mode 100644 index 6e4f0c6f3..000000000 --- a/resources/v1.26.8/charts/istiod/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.8 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.8/charts/revisiontags/Chart.yaml b/resources/v1.26.8/charts/revisiontags/Chart.yaml deleted file mode 100644 index 80dfc7df3..000000000 --- a/resources/v1.26.8/charts/revisiontags/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.8 -description: Helm chart for istio revision tags -name: revisiontags -sources: -- https://github.com/istio-ecosystem/sail-operator -version: 0.1.0 - diff --git a/resources/v1.26.8/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.26.8/charts/revisiontags/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.8/charts/revisiontags/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.8/charts/revisiontags/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.8/charts/revisiontags/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.8/charts/revisiontags/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/revisiontags/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.8/charts/revisiontags/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.8/charts/revisiontags/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.8/charts/revisiontags/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.8/charts/revisiontags/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/revisiontags/files/profile-demo.yaml b/resources/v1.26.8/charts/revisiontags/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.8/charts/revisiontags/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.8/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.26.8/charts/revisiontags/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.8/charts/revisiontags/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.8/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.26.8/charts/revisiontags/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.8/charts/revisiontags/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.8/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.26.8/charts/revisiontags/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.8/charts/revisiontags/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.8/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.26.8/charts/revisiontags/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.8/charts/revisiontags/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.8/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.26.8/charts/revisiontags/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.8/charts/revisiontags/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.8/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.26.8/charts/revisiontags/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.8/charts/revisiontags/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.8/charts/revisiontags/files/profile-preview.yaml b/resources/v1.26.8/charts/revisiontags/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.8/charts/revisiontags/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.8/charts/revisiontags/files/profile-remote.yaml b/resources/v1.26.8/charts/revisiontags/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.8/charts/revisiontags/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.8/charts/revisiontags/files/profile-stable.yaml b/resources/v1.26.8/charts/revisiontags/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.8/charts/revisiontags/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.8/charts/revisiontags/templates/revision-tags.yaml b/resources/v1.26.8/charts/revisiontags/templates/revision-tags.yaml deleted file mode 100644 index e45b5e1d4..000000000 --- a/resources/v1.26.8/charts/revisiontags/templates/revision-tags.yaml +++ /dev/null @@ -1,148 +0,0 @@ -# Adapted from istio-discovery/templates/mutatingwebhook.yaml -# Removed paths for legacy and default selectors since a revision tag -# is inherently created from a specific revision -# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. -{{- $whv := dict - "revision" .Values.revision - "injectionPath" .Values.istiodRemote.injectionPath - "injectionURL" .Values.istiodRemote.injectionURL - "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy - "namespace" .Release.Namespace }} -{{- define "core" }} -{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign -a unique prefix to each. */}} -- name: {{.Prefix}}sidecar-injector.istio.io - clientConfig: - {{- if .injectionURL }} - url: "{{ .injectionURL }}" - {{- else }} - service: - name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} - namespace: {{ .namespace }} - path: "{{ .injectionPath }}" - port: 443 - {{- end }} - sideEffects: None - rules: - - operations: [ "CREATE" ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - reinvocationPolicy: "{{ .reinvocationPolicy }}" - admissionReviewVersions: ["v1"] -{{- end }} -{{- range $tagName := $.Values.revisionTags }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: -{{- if eq $.Release.Namespace "istio-system"}} - name: istio-revision-tag-{{ $tagName }} -{{- else }} - name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} -{{- end }} - labels: - istio.io/tag: {{ $tagName }} - istio.io/rev: {{ $.Values.revision | default "default" | quote }} - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: {{ $.Release.Name }} - app.kubernetes.io/name: "istiod" - {{- include "istio.labels" $ | nindent 4 }} -{{- if $.Values.sidecarInjectorWebhookAnnotations }} - annotations: -{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} -{{- end }} -webhooks: -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist - - key: istio-injection - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - - key: istio.io/rev - operator: In - values: - - "{{ $tagName }}" - -{{- /* When the tag is "default" we want to create webhooks for the default revision */}} -{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} -{{- if (eq $tagName "default") }} - -{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: In - values: - - enabled - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: NotIn - values: - - "false" - -{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: In - values: - - "true" - - key: istio.io/rev - operator: DoesNotExist - -{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} -{{- /* Special case 3: no labels at all */}} -{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} - namespaceSelector: - matchExpressions: - - key: istio-injection - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist - - key: "kubernetes.io/metadata.name" - operator: "NotIn" - values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] - objectSelector: - matchExpressions: - - key: sidecar.istio.io/inject - operator: DoesNotExist - - key: istio.io/rev - operator: DoesNotExist -{{- end }} - -{{- end }} ---- -{{- end }} diff --git a/resources/v1.26.8/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.26.8/charts/revisiontags/templates/zzz_profile.yaml deleted file mode 100644 index 3d8495648..000000000 --- a/resources/v1.26.8/charts/revisiontags/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if false }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.8/charts/revisiontags/values.yaml b/resources/v1.26.8/charts/revisiontags/values.yaml deleted file mode 100644 index 6e4f0c6f3..000000000 --- a/resources/v1.26.8/charts/revisiontags/values.yaml +++ /dev/null @@ -1,553 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - autoscaleEnabled: true - autoscaleMin: 1 - autoscaleMax: 5 - autoscaleBehavior: {} - replicaCount: 1 - rollingMaxSurge: 100% - rollingMaxUnavailable: 25% - - hub: "" - tag: "" - variant: "" - - # Can be a full hub/image:tag - image: pilot - traceSampling: 1.0 - - # Resources for a small pilot install - resources: - requests: - cpu: 500m - memory: 2048Mi - - # Set to `type: RuntimeDefault` to use the default profile if available. - seccompProfile: {} - - # Whether to use an existing CNI installation - cni: - enabled: false - provider: default - - # Additional container arguments - extraContainerArgs: [] - - env: {} - - envVarFrom: [] - - # Settings related to the untaint controller - # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready - # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes - taint: - # Controls whether or not the untaint controller is active - enabled: false - # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod - namespace: "" - - affinity: {} - - tolerations: [] - - cpu: - targetAverageUtilization: 80 - memory: {} - # targetAverageUtilization: 80 - - # Additional volumeMounts to the istiod container - volumeMounts: [] - - # Additional volumes to the istiod pod - volumes: [] - - # Inject initContainers into the istiod pod - initContainers: [] - - nodeSelector: {} - podAnnotations: {} - serviceAnnotations: {} - serviceAccountAnnotations: {} - sidecarInjectorWebhookAnnotations: {} - - topologySpreadConstraints: [] - - # You can use jwksResolverExtraRootCA to provide a root certificate - # in PEM format. This will then be trusted by pilot when resolving - # JWKS URIs. - jwksResolverExtraRootCA: "" - - # The following is used to limit how long a sidecar can be connected - # to a pilot. It balances out load across pilot instances at the cost of - # increasing system churn. - keepaliveMaxServerConnectionAge: 30m - - # Additional labels to apply to the deployment. - deploymentLabels: {} - - ## Mesh config settings - - # Install the mesh config map, generated from values.yaml. - # If false, pilot wil use default values (by default) or user-supplied values. - configMap: true - - # Additional labels to apply on the pod level for monitoring and logging configuration. - podLabels: {} - - # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services - ipFamilyPolicy: "" - ipFamilies: [] - - # Ambient mode only. - # Set this if you install ztunnel to a different namespace from `istiod`. - # If set, `istiod` will allow connections from trusted node proxy ztunnels - # in the provided namespace. - # If unset, `istiod` will assume the trusted node proxy ztunnel resides - # in the same namespace as itself. - trustedZtunnelNamespace: "" - # Set this if you install ztunnel with a name different from the default. - trustedZtunnelName: "" - - sidecarInjectorWebhook: - # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or - # always skip the injection on pods that match that label selector, regardless of the global policy. - # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions - neverInjectSelector: [] - alwaysInjectSelector: [] - - # injectedAnnotations are additional annotations that will be added to the pod spec after injection - # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: - # - # annotations: - # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default - # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default - # - # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before - # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: - # injectedAnnotations: - # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default - # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default - injectedAnnotations: {} - - # This enables injection of sidecar in all namespaces, - # with the exception of namespaces with "istio-injection:disabled" annotation - # Only one environment should have this enabled. - enableNamespacesByDefault: false - - # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run - # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. - # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. - reinvocationPolicy: Never - - rewriteAppHTTPProbe: true - - # Templates defines a set of custom injection templates that can be used. For example, defining: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod - # being injected with the hello=world labels. - # This is intended for advanced configuration only; most users should use the built in template - templates: {} - - # Default templates specifies a set of default templates that are used in sidecar injection. - # By default, a template `sidecar` is always provided, which contains the template of default sidecar. - # To inject other additional templates, define it using the `templates` option, and add it to - # the default templates list. - # For example: - # - # templates: - # hello: | - # metadata: - # labels: - # hello: world - # - # defaultTemplates: ["sidecar", "hello"] - defaultTemplates: [] - istiodRemote: - # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, - # and istiod itself will NOT be installed in this cluster - only the support resources necessary - # to utilize a remote instance. - enabled: false - # Sidecar injector mutating webhook configuration clientConfig.url value. - # For example: https://$remotePilotAddress:15017/inject - # The host should not refer to a service running in the cluster; use a service reference by specifying - # the clientConfig.service field instead. - injectionURL: "" - - # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. - # Override to pass env variables, for example: /inject/cluster/remote/net/network2 - injectionPath: "/inject" - - injectionCABundle: "" - telemetry: - enabled: true - v2: - # For Null VM case now. - # This also enables metadata exchange. - enabled: true - # Indicate if prometheus stats filter is enabled or not - prometheus: - enabled: true - # stackdriver filter settings. - stackdriver: - enabled: false - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - revision: "" - - # Revision tags are aliases to Istio control plane revisions - revisionTags: [] - - # For Helm compatibility. - ownerName: "" - - # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior - # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options - meshConfig: - enablePrometheusMerge: true - - experimental: - stableValidationPolicy: false - - global: - # Used to locate istiod. - istioNamespace: istio-system - # List of cert-signers to allow "approve" action in the istio cluster role - # - # certSigners: - # - clusterissuers.cert-manager.io/istio-ca - certSigners: [] - # enable pod disruption budget for the control plane, which is used to - # ensure Istio control plane components are gradually upgraded or recovered. - defaultPodDisruptionBudget: - enabled: true - # The values aren't mutable due to a current PodDisruptionBudget limitation - # minAvailable: 1 - - # A minimal set of requested resources to applied to all deployments so that - # Horizontal Pod Autoscaler will be able to function (if set). - # Each component can overwrite these default values by adding its own resources - # block in the relevant section below and setting the desired resources values. - defaultResources: - requests: - cpu: 10m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - - # Default hub for Istio images. - # Releases are published to docker hub under 'istio' project. - # Dev builds from prow are on gcr.io - hub: gcr.io/istio-release - # Default tag for Istio images. - tag: 1.26.8 - # Variant of the image to use. - # Currently supported are: [debug, distroless] - variant: "" - - # Specify image pull policy if default behavior isn't desired. - # Default behavior: latest images will be Always else IfNotPresent. - imagePullPolicy: "" - - # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace - # to use for pulling any images in pods that reference this ServiceAccount. - # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) - # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. - # Must be set for any cluster configured with private docker registry. - imagePullSecrets: [] - # - private-registry-key - - # Enabled by default in master for maximising testing. - istiod: - enableAnalysis: false - - # To output all istio components logs in json format by adding --log_as_json argument to each container argument - logAsJson: false - - # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: - # The control plane has different scopes depending on component, but can configure default log level across all components - # If empty, default scope and level will be used as configured in code - logging: - level: "default:info" - - omitSidecarInjectorConfigMap: false - - # Configure whether Operator manages webhook configurations. The current behavior - # of Istiod is to manage its own webhook configurations. - # When this option is set as true, Istio Operator, instead of webhooks, manages the - # webhook configurations. When this option is set as false, webhooks manage their - # own webhook configurations. - operatorManageWebhooks: false - - # Custom DNS config for the pod to resolve names of services in other - # clusters. Use this to add additional search domains, and other settings. - # see - # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config - # This does not apply to gateway pods as they typically need a different - # set of DNS settings than the normal application pods (e.g., in - # multicluster scenarios). - # NOTE: If using templates, follow the pattern in the commented example below. - #podDNSSearchNamespaces: - #- global - #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" - - # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and - # system-node-critical, it is better to configure this in order to make sure your Istio pods - # will not be killed because of low priority class. - # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - # for more detail. - priorityClassName: "" - - proxy: - image: proxyv2 - - # This controls the 'policy' in the sidecar injector. - autoInject: enabled - - # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value - # cluster domain. Default value is "cluster.local". - clusterDomain: "cluster.local" - - # Per Component log level for proxy, applies to gateways and sidecars. If a component level is - # not set, then the global "logLevel" will be used. - componentLogLevel: "misc:error" - - # istio ingress capture allowlist - # examples: - # Redirect only selected ports: --includeInboundPorts="80,8080" - excludeInboundPorts: "" - includeInboundPorts: "*" - - # istio egress capture allowlist - # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly - # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" - # would only capture egress traffic on those two IP Ranges, all other outbound traffic would - # be allowed by the sidecar - includeIPRanges: "*" - excludeIPRanges: "" - includeOutboundPorts: "" - excludeOutboundPorts: "" - - # Log level for proxy, applies to gateways and sidecars. - # Expected values are: trace|debug|info|warning|error|critical|off - logLevel: warning - - # Specify the path to the outlier event log. - # Example: /dev/stdout - outlierLogPath: "" - - #If set to true, istio-proxy container will have privileged securityContext - privileged: false - - # The number of successive failed probes before indicating readiness failure. - readinessFailureThreshold: 4 - - # The initial delay for readiness probes in seconds. - readinessInitialDelaySeconds: 0 - - # The period between readiness probes. - readinessPeriodSeconds: 15 - - # Enables or disables a startup probe. - # For optimal startup times, changing this should be tied to the readiness probe values. - # - # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. - # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), - # and doesn't spam the readiness endpoint too much - # - # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. - # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. - startupProbe: - enabled: true - failureThreshold: 600 # 10 minutes - - # Resources for the sidecar. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 2000m - memory: 1024Mi - - # Default port for Pilot agent health checks. A value of 0 will disable health checking. - statusPort: 15020 - - # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. - # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. - tracer: "none" - - proxy_init: - # Base name for the proxy_init container, used to configure iptables. - image: proxyv2 - # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. - # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. - forceApplyIptables: false - - # configure remote pilot and istiod service and endpoint - remotePilotAddress: "" - - ############################################################################################## - # The following values are found in other charts. To effectively modify these values, make # - # make sure they are consistent across your Istio helm charts # - ############################################################################################## - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - # If not set explicitly, default to the Istio discovery address. - caAddress: "" - - # Enable control of remote clusters. - externalIstiod: false - - # Configure a remote cluster as the config cluster for an external istiod. - configCluster: false - - # configValidation enables the validation webhook for Istio configuration. - configValidation: true - - # Mesh ID means Mesh Identifier. It should be unique within the scope where - # meshes will interact with each other, but it is not required to be - # globally/universally unique. For example, if any of the following are true, - # then two meshes must have different Mesh IDs: - # - Meshes will have their telemetry aggregated in one place - # - Meshes will be federated together - # - Policy will be written referencing one mesh from the other - # - # If an administrator expects that any of these conditions may become true in - # the future, they should ensure their meshes have different Mesh IDs - # assigned. - # - # Within a multicluster mesh, each cluster must be (manually or auto) - # configured to have the same Mesh ID value. If an existing cluster 'joins' a - # multicluster mesh, it will need to be migrated to the new mesh ID. Details - # of migration TBD, and it may be a disruptive operation to change the Mesh - # ID post-install. - # - # If the mesh admin does not specify a value, Istio will use the value of the - # mesh's Trust Domain. The best practice is to select a proper Trust Domain - # value. - meshID: "" - - # Configure the mesh networks to be used by the Split Horizon EDS. - # - # The following example defines two networks with different endpoints association methods. - # For `network1` all endpoints that their IP belongs to the provided CIDR range will be - # mapped to network1. The gateway for this network example is specified by its public IP - # address and port. - # The second network, `network2`, in this example is defined differently with all endpoints - # retrieved through the specified Multi-Cluster registry being mapped to network2. The - # gateway is also defined differently with the name of the gateway service on the remote - # cluster. The public IP for the gateway will be determined from that remote service (only - # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, - # it still need to be configured manually). - # - # meshNetworks: - # network1: - # endpoints: - # - fromCidr: "192.168.0.1/24" - # gateways: - # - address: 1.1.1.1 - # port: 80 - # network2: - # endpoints: - # - fromRegistry: reg1 - # gateways: - # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local - # port: 443 - # - meshNetworks: {} - - # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. - mountMtlsCerts: false - - multiCluster: - # Set to true to connect two kubernetes clusters via their respective - # ingressgateway services when pods in each cluster cannot directly - # talk to one another. All clusters should be using Istio mTLS and must - # have a shared root CA for this model to work. - enabled: false - # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection - # to properly label proxies - clusterName: "" - - # Network defines the network this cluster belong to. This name - # corresponds to the networks in the map of mesh networks. - network: "" - - # Configure the certificate provider for control plane communication. - # Currently, two providers are supported: "kubernetes" and "istiod". - # As some platforms may not have kubernetes signing APIs, - # Istiod is the default - pilotCertProvider: istiod - - sds: - # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. - # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the - # JWT is intended for the CA. - token: - aud: istio-ca - - sts: - # The service port used by Security Token Service (STS) server to handle token exchange requests. - # Setting this port to a non-zero value enables STS server. - servicePort: 0 - - # The name of the CA for workload certificates. - # For example, when caName=GkeWorkloadCertificate, GKE workload certificates - # will be used as the certificates for workloads. - # The default value is "" and when caName="", the CA will be configured by other - # mechanisms (e.g., environmental variable CA_PROVIDER). - caName: "" - - waypoint: - # Resources for the waypoint proxy. - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: "2" - memory: 1Gi - - # If specified, affinity defines the scheduling constraints of waypoint pods. - affinity: {} - - # Topology Spread Constraints for the waypoint proxy. - topologySpreadConstraints: [] - - # Node labels for the waypoint proxy. - nodeSelector: {} - - # Tolerations for the waypoint proxy. - tolerations: [] - - base: - # For istioctl usage to disable istio config crds in base - enableIstioConfigCRDs: true - - # Gateway Settings - gateways: - # Define the security context for the pod. - # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. - # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. - securityContext: {} - - # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it - seccompProfile: {} - - # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. - # For example: - # gatewayClasses: - # istio: - # service: - # spec: - # type: ClusterIP - # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. - gatewayClasses: {} diff --git a/resources/v1.26.8/charts/ztunnel/Chart.yaml b/resources/v1.26.8/charts/ztunnel/Chart.yaml deleted file mode 100644 index 8444a1f3c..000000000 --- a/resources/v1.26.8/charts/ztunnel/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v2 -appVersion: 1.26.8 -description: Helm chart for istio ztunnel components -icon: https://istio.io/latest/favicons/android-192x192.png -keywords: -- istio-ztunnel -- istio -name: ztunnel -sources: -- https://github.com/istio/istio -version: 1.26.8 diff --git a/resources/v1.26.8/charts/ztunnel/README.md b/resources/v1.26.8/charts/ztunnel/README.md deleted file mode 100644 index ffe0b94fe..000000000 --- a/resources/v1.26.8/charts/ztunnel/README.md +++ /dev/null @@ -1,50 +0,0 @@ -# Istio Ztunnel Helm Chart - -This chart installs an Istio ztunnel. - -## Setup Repo Info - -```console -helm repo add istio https://istio-release.storage.googleapis.com/charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart: - -```console -helm install ztunnel istio/ztunnel -``` - -## Uninstalling the Chart - -To uninstall/delete the chart: - -```console -helm delete ztunnel -``` - -## Configuration - -To view support configuration options and documentation, run: - -```console -helm show values istio/ztunnel -``` - -### Profiles - -Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. -These can be set with `--set profile=`. -For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. - -For consistency, the same profiles are used across each chart, even if they do not impact a given chart. - -Explicitly set values have highest priority, then profile settings, then chart defaults. - -As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. -When configuring the chart, you should not include this. -That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.26.8/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.26.8/charts/ztunnel/files/profile-ambient.yaml deleted file mode 100644 index 2805fe46b..000000000 --- a/resources/v1.26.8/charts/ztunnel/files/profile-ambient.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed -meshConfig: - defaultConfig: - proxyMetadata: - ISTIO_META_ENABLE_HBONE: "true" -global: - variant: distroless -pilot: - env: - PILOT_ENABLE_AMBIENT: "true" -cni: - ambient: - enabled: true diff --git a/resources/v1.26.8/charts/ztunnel/files/profile-compatibility-version-1.23.yaml b/resources/v1.26.8/charts/ztunnel/files/profile-compatibility-version-1.23.yaml deleted file mode 100644 index dac910ff5..000000000 --- a/resources/v1.26.8/charts/ztunnel/files/profile-compatibility-version-1.23.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - ENABLE_INBOUND_RETRY_POLICY: "false" - EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false" - PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false" - ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false" - PILOT_UNIFIED_SIDECAR_SCOPE: "false" - -meshConfig: - defaultConfig: - proxyMetadata: - # 1.24 behaviour changes - ENABLE_DEFERRED_STATS_CREATION: "false" - BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false" - -ambient: - # Not present in <1.24, defaults to `true` in 1.25+ - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/ztunnel/files/profile-compatibility-version-1.24.yaml b/resources/v1.26.8/charts/ztunnel/files/profile-compatibility-version-1.24.yaml deleted file mode 100644 index b211c8266..000000000 --- a/resources/v1.26.8/charts/ztunnel/files/profile-compatibility-version-1.24.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -pilot: - env: - # 1.24 behavioral changes - PILOT_ENABLE_IP_AUTOALLOCATE: "false" -ambient: - dnsCapture: false - reconcileIptablesOnStartup: false - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.26.8/charts/ztunnel/files/profile-compatibility-version-1.25.yaml deleted file mode 100644 index eb8827cd5..000000000 --- a/resources/v1.26.8/charts/ztunnel/files/profile-compatibility-version-1.25.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -ambient: - # 1.26 behavioral changes - shareHostNetworkNamespace: true diff --git a/resources/v1.26.8/charts/ztunnel/files/profile-demo.yaml b/resources/v1.26.8/charts/ztunnel/files/profile-demo.yaml deleted file mode 100644 index d6dc36dd0..000000000 --- a/resources/v1.26.8/charts/ztunnel/files/profile-demo.yaml +++ /dev/null @@ -1,94 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The demo profile enables a variety of things to try out Istio in non-production environments. -# * Lower resource utilization. -# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. -# * More ports enabled on the ingress, which is used in some tasks. -meshConfig: - accessLogFile: /dev/stdout - extensionProviders: - - name: otel - envoyOtelAls: - service: opentelemetry-collector.observability.svc.cluster.local - port: 4317 - - name: skywalking - skywalking: - service: tracing.istio-system.svc.cluster.local - port: 11800 - - name: otel-tracing - opentelemetry: - port: 4317 - service: opentelemetry-collector.observability.svc.cluster.local - - name: jaeger - opentelemetry: - port: 4317 - service: jaeger-collector.istio-system.svc.cluster.local - -cni: - resources: - requests: - cpu: 10m - memory: 40Mi - -ztunnel: - resources: - requests: - cpu: 10m - memory: 40Mi - -global: - proxy: - resources: - requests: - cpu: 10m - memory: 40Mi - waypoint: - resources: - requests: - cpu: 10m - memory: 40Mi - -pilot: - autoscaleEnabled: false - traceSampling: 100 - resources: - requests: - cpu: 10m - memory: 100Mi - -gateways: - istio-egressgateway: - autoscaleEnabled: false - resources: - requests: - cpu: 10m - memory: 40Mi - istio-ingressgateway: - autoscaleEnabled: false - ports: - ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. - # Note that AWS ELB will by default perform health checks on the first port - # on this list. Setting this to the health check port will ensure that health - # checks always work. https://github.com/istio/istio/issues/12503 - - port: 15021 - targetPort: 15021 - name: status-port - - port: 80 - targetPort: 8080 - name: http2 - - port: 443 - targetPort: 8443 - name: https - - port: 31400 - targetPort: 31400 - name: tcp - # This is the port where sni routing happens - - port: 15443 - targetPort: 15443 - name: tls - resources: - requests: - cpu: 10m - memory: 40Mi \ No newline at end of file diff --git a/resources/v1.26.8/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.26.8/charts/ztunnel/files/profile-platform-gke.yaml deleted file mode 100644 index dfe8a7d74..000000000 --- a/resources/v1.26.8/charts/ztunnel/files/profile-platform-gke.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work - resourceQuotas: - enabled: true -resourceQuotas: - enabled: true diff --git a/resources/v1.26.8/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.26.8/charts/ztunnel/files/profile-platform-k3d.yaml deleted file mode 100644 index cd86d9ec5..000000000 --- a/resources/v1.26.8/charts/ztunnel/files/profile-platform-k3d.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /bin diff --git a/resources/v1.26.8/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.26.8/charts/ztunnel/files/profile-platform-k3s.yaml deleted file mode 100644 index 07820106d..000000000 --- a/resources/v1.26.8/charts/ztunnel/files/profile-platform-k3s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d - cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.26.8/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.26.8/charts/ztunnel/files/profile-platform-microk8s.yaml deleted file mode 100644 index 57d7f5e3c..000000000 --- a/resources/v1.26.8/charts/ztunnel/files/profile-platform-microk8s.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniConfDir: /var/snap/microk8s/current/args/cni-network - cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.26.8/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.26.8/charts/ztunnel/files/profile-platform-minikube.yaml deleted file mode 100644 index fa9992e20..000000000 --- a/resources/v1.26.8/charts/ztunnel/files/profile-platform-minikube.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -cni: - cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.26.8/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.26.8/charts/ztunnel/files/profile-platform-openshift.yaml deleted file mode 100644 index 8ddc5e165..000000000 --- a/resources/v1.26.8/charts/ztunnel/files/profile-platform-openshift.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The OpenShift profile provides a basic set of settings to run Istio on OpenShift -cni: - cniBinDir: /var/lib/cni/bin - cniConfDir: /etc/cni/multus/net.d - chained: false - cniConfFileName: "istio-cni.conf" - provider: "multus" -pilot: - cni: - enabled: true - provider: "multus" -seLinuxOptions: - type: spc_t -# Openshift requires privileged pods to run in kube-system -trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.26.8/charts/ztunnel/files/profile-preview.yaml b/resources/v1.26.8/charts/ztunnel/files/profile-preview.yaml deleted file mode 100644 index 181d7bda2..000000000 --- a/resources/v1.26.8/charts/ztunnel/files/profile-preview.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -meshConfig: - defaultConfig: - proxyMetadata: - # Enable Istio agent to handle DNS requests for known hosts - # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf - ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.26.8/charts/ztunnel/files/profile-remote.yaml b/resources/v1.26.8/charts/ztunnel/files/profile-remote.yaml deleted file mode 100644 index d17b9a801..000000000 --- a/resources/v1.26.8/charts/ztunnel/files/profile-remote.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. -istiodRemote: - enabled: true -configMap: false -telemetry: - enabled: false -global: - # TODO BML maybe a different profile for a configcluster/revisit this - omitSidecarInjectorConfigMap: true diff --git a/resources/v1.26.8/charts/ztunnel/files/profile-stable.yaml b/resources/v1.26.8/charts/ztunnel/files/profile-stable.yaml deleted file mode 100644 index 358282e69..000000000 --- a/resources/v1.26.8/charts/ztunnel/files/profile-stable.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# WARNING: DO NOT EDIT, THIS FILE IS A COPY. -# The original version of this file is located at /manifests/helm-profiles directory. -# If you want to make a change in this file, edit the original one and run "make gen". - -# The stable profile deploys admission control to ensure that only stable resources and fields are used -# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE -experimental: - stableValidationPolicy: true diff --git a/resources/v1.26.8/charts/ztunnel/templates/NOTES.txt b/resources/v1.26.8/charts/ztunnel/templates/NOTES.txt deleted file mode 100644 index 244f59db0..000000000 --- a/resources/v1.26.8/charts/ztunnel/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -ztunnel successfully installed! - -To learn more about the release, try: - $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} - $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.26.8/charts/ztunnel/templates/_helpers.tpl b/resources/v1.26.8/charts/ztunnel/templates/_helpers.tpl deleted file mode 100644 index 46a7a0b79..000000000 --- a/resources/v1.26.8/charts/ztunnel/templates/_helpers.tpl +++ /dev/null @@ -1 +0,0 @@ -{{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }} diff --git a/resources/v1.26.8/charts/ztunnel/templates/daemonset.yaml b/resources/v1.26.8/charts/ztunnel/templates/daemonset.yaml deleted file mode 100644 index 720970c97..000000000 --- a/resources/v1.26.8/charts/ztunnel/templates/daemonset.yaml +++ /dev/null @@ -1,205 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -spec: - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - app: ztunnel - template: - metadata: - labels: - sidecar.istio.io/inject: "false" - istio.io/dataplane-mode: none - app: ztunnel - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 8}} -{{ with .Values.podLabels -}}{{ toYaml . | indent 8 }}{{ end }} - annotations: - sidecar.istio.io/inject: "false" -{{- if .Values.revision }} - istio.io/rev: {{ .Values.revision }} -{{- end }} -{{ with .Values.podAnnotations -}}{{ toYaml . | indent 8 }}{{ end }} - spec: - nodeSelector: - kubernetes.io/os: linux -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | trim | indent 8 }} -{{- end }} - serviceAccountName: {{ include "ztunnel.release-name" . }} - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - containers: - - name: istio-proxy -{{- if contains "/" .Values.image }} - image: "{{ .Values.image }}" -{{- else }} - image: "{{ .Values.hub }}/{{ .Values.image | default "ztunnel" }}:{{ .Values.tag }}{{with (.Values.variant )}}-{{.}}{{end}}" -{{- end }} - ports: - - containerPort: 15020 - name: ztunnel-stats - protocol: TCP - resources: -{{- if .Values.resources }} -{{ toYaml .Values.resources | trim | indent 10 }} -{{- end }} -{{- with .Values.imagePullPolicy }} - imagePullPolicy: {{ . }} -{{- end }} - securityContext: - # K8S docs are clear that CAP_SYS_ADMIN *or* privileged: true - # both force this to `true`: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - # But there is a K8S validation bug that doesn't propery catch this: https://github.com/kubernetes/kubernetes/issues/119568 - allowPrivilegeEscalation: true - privileged: false - capabilities: - drop: - - ALL - add: # See https://man7.org/linux/man-pages/man7/capabilities.7.html - - NET_ADMIN # Required for TPROXY and setsockopt - - SYS_ADMIN # Required for `setns` - doing things in other netns - - NET_RAW # Required for RAW/PACKET sockets, TPROXY - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsNonRoot: false - runAsUser: 0 -{{- if .Values.seLinuxOptions }} - seLinuxOptions: -{{ toYaml .Values.seLinuxOptions | trim | indent 12 }} -{{- end }} - readinessProbe: - httpGet: - port: 15021 - path: /healthz/ready - args: - - proxy - - ztunnel - env: - - name: CA_ADDRESS - {{- if .Values.caAddress }} - value: {{ .Values.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - - name: XDS_ADDRESS - {{- if .Values.xdsAddress }} - value: {{ .Values.xdsAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 - {{- end }} - {{- if .Values.logAsJson }} - - name: LOG_FORMAT - value: json - {{- end}} - - name: RUST_LOG - value: {{ .Values.logLevel | quote }} - - name: RUST_BACKTRACE - value: "1" - - name: ISTIO_META_CLUSTER_ID - value: {{ .Values.multiCluster.clusterName | default "Kubernetes" }} - - name: INPOD_ENABLED - value: "true" - - name: TERMINATION_GRACE_PERIOD_SECONDS - value: "{{ .Values.terminationGracePeriodSeconds }}" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - {{- if .Values.meshConfig.defaultConfig.proxyMetadata }} - {{- range $key, $value := .Values.meshConfig.defaultConfig.proxyMetadata}} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- with .Values.env }} - {{- range $key, $val := . }} - - name: {{ $key }} - value: "{{ $val }}" - {{- end }} - {{- end }} - volumeMounts: - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/run/secrets/tokens - name: istio-token - - mountPath: /var/run/ztunnel - name: cni-ztunnel-sock-dir - - mountPath: /tmp - name: tmp - {{- with .Values.volumeMounts }} - {{- toYaml . | nindent 8 }} - {{- end }} - priorityClassName: system-node-critical - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - volumes: - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: istio-ca - - name: istiod-ca-cert - {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} - projected: - sources: - - clusterTrustBundle: - name: istio.io:istiod-ca:root-cert - path: root-cert.pem - {{- else }} - configMap: - name: istio-ca-root-cert - {{- end }} - - name: cni-ztunnel-sock-dir - hostPath: - path: /var/run/ztunnel - type: DirectoryOrCreate # ideally this would be a socket, but istio-cni may not have started yet. - # pprof needs a writable /tmp, and we don't have that thanks to `readOnlyRootFilesystem: true`, so mount one - - name: tmp - emptyDir: {} - {{- with .Values.volumes }} - {{- toYaml . | nindent 6}} - {{- end }} diff --git a/resources/v1.26.8/charts/ztunnel/templates/rbac.yaml b/resources/v1.26.8/charts/ztunnel/templates/rbac.yaml deleted file mode 100644 index 0a8138c9a..000000000 --- a/resources/v1.26.8/charts/ztunnel/templates/rbac.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount - {{- with .Values.imagePullSecrets }} -imagePullSecrets: - {{- range . }} - - name: {{ . }} - {{- end }} - {{- end }} -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} ---- -{{- if (eq (.Values.platform | default "") "openshift") }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -rules: -- apiGroups: ["security.openshift.io"] - resources: ["securitycontextconstraints"] - resourceNames: ["privileged"] - verbs: ["use"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "ztunnel.release-name" . }} - labels: - app: ztunnel - release: {{ include "ztunnel.release-name" . }} - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - annotations: -{{- if .Values.revision }} - {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} - {{- toYaml $annos | nindent 4}} -{{- else }} - {{- .Values.annotations | toYaml | nindent 4 }} -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "ztunnel.release-name" . }} -subjects: -- kind: ServiceAccount - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} -{{- end }} ---- diff --git a/resources/v1.26.8/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.26.8/charts/ztunnel/templates/resourcequota.yaml deleted file mode 100644 index a1c0e5496..000000000 --- a/resources/v1.26.8/charts/ztunnel/templates/resourcequota.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.resourceQuotas.enabled }} -apiVersion: v1 -kind: ResourceQuota -metadata: - name: {{ include "ztunnel.release-name" . }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ztunnel - {{- include "istio.labels" . | nindent 4}} - {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} -spec: - hard: - pods: {{ .Values.resourceQuotas.pods | quote }} - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical -{{- end }} diff --git a/resources/v1.26.8/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.26.8/charts/ztunnel/templates/zzz_profile.yaml deleted file mode 100644 index 606c55669..000000000 --- a/resources/v1.26.8/charts/ztunnel/templates/zzz_profile.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. -The original version of this file is located at /manifests directory. -If you want to make a change in this file, edit the original one and run "make gen". - -Complex logic ahead... -We have three sets of values, in order of precedence (last wins): -1. The builtin values.yaml defaults -2. The profile the user selects -3. Users input (-f or --set) - -Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). - -However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). -We can then merge the profile onto the defaults, then the user settings onto that. -Finally, we can set all of that under .Values so the chart behaves without awareness. -*/}} -{{- if $.Values.defaults}} -{{ fail (cat - "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" - ($.Values.defaults | toYaml |nindent 4) -) }} -{{- end }} -{{- $defaults := $.Values._internal_defaults_do_not_set }} -{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} -{{- $profile := dict }} -{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} -{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} -{{- $profile = (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown profile" .) }} -{{- end }} -{{- end }} -{{- with .Values.compatibilityVersion }} -{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} -{{- end }} -{{- end }} -{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} -{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} -{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} -{{- else }} -{{ fail (cat "unknown platform" .) }} -{{- end }} -{{- end }} -{{- if $profile }} -{{- $a := mustMergeOverwrite $defaults $profile }} -{{- end }} -# Flatten globals, if defined on a per-chart basis -{{- if true }} -{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} -{{- end }} -{{- $x := set $.Values "_original" (deepCopy $.Values) }} -{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} - -{{/* -Labels that should be applied to ALL resources. -*/}} -{{- define "istio.labels" -}} -{{- if .Release.Service -}} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- end }} -{{- if .Release.Name }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} -app.kubernetes.io/part-of: "istio" -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if and .Chart.Name .Chart.Version }} -helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end -}} diff --git a/resources/v1.26.8/charts/ztunnel/values.yaml b/resources/v1.26.8/charts/ztunnel/values.yaml deleted file mode 100644 index b7d48221b..000000000 --- a/resources/v1.26.8/charts/ztunnel/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. -# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. -_internal_defaults_do_not_set: - # Hub to pull from. Image will be `Hub/Image:Tag-Variant` - hub: gcr.io/istio-release - # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.26.8 - # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. - variant: "" - - # Image name to pull from. Image will be `Hub/Image:Tag-Variant` - # If Image contains a "/", it will replace the entire `image` in the pod. - image: ztunnel - - # resourceName, if set, will override the naming of resources. If not set, will default to 'ztunnel'. - # If you set this, you MUST also set `trustedZtunnelName` in the `istiod` chart. - resourceName: "" - - # Labels to apply to all top level resources - labels: {} - # Annotations to apply to all top level resources - annotations: {} - - # Additional volumeMounts to the ztunnel container - volumeMounts: [] - - # Additional volumes to the ztunnel pod - volumes: [] - - # Annotations added to each pod. The default annotations are required for scraping prometheus (in most environments). - podAnnotations: - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - - # Additional labels to apply on the pod level - podLabels: {} - - # Pod resource configuration - resources: - requests: - cpu: 200m - # Ztunnel memory scales with the size of the cluster and traffic load - # While there are many factors, this is enough for ~200k pod cluster or 100k concurrently open connections. - memory: 512Mi - - resourceQuotas: - enabled: false - pods: 5000 - - # List of secret names to add to the service account as image pull secrets - imagePullSecrets: [] - - # A `key: value` mapping of environment variables to add to the pod - env: {} - - # Override for the pod imagePullPolicy - imagePullPolicy: "" - - # Settings for multicluster - multiCluster: - # The name of the cluster we are installing in. Note this is a user-defined name, which must be consistent - # with Istiod configuration. - clusterName: "" - - # meshConfig defines runtime configuration of components. - # For ztunnel, only defaultConfig is used, but this is nested under `meshConfig` for consistency with other - # components. - # TODO: https://github.com/istio/istio/issues/43248 - meshConfig: - defaultConfig: - proxyMetadata: {} - - # This value defines: - # 1. how many seconds kube waits for ztunnel pod to gracefully exit before forcibly terminating it (this value) - # 2. how many seconds ztunnel waits to drain its own connections (this value - 1 sec) - # Default K8S value is 30 seconds - terminationGracePeriodSeconds: 30 - - # Revision is set as 'version' label and part of the resource names when installing multiple control planes. - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set explicitly. - revision: "" - - # The customized CA address to retrieve certificates for the pods in the cluster. - # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. - caAddress: "" - - # The customized XDS address to retrieve configuration. - # This should include the port - 15012 for Istiod. TLS will be used with the certificates in "istiod-ca-cert" secret. - # By default, it is istiod.istio-system.svc:15012 if revision is not set, or istiod-..svc:15012 - xdsAddress: "" - - # Used to locate the XDS and CA, if caAddress or xdsAddress are not set. - istioNamespace: istio-system - - # Configuration log level of ztunnel binary, default is info. - # Valid values are: trace, debug, info, warn, error - logLevel: info - - # To output all logs in json format - logAsJson: false - - # Set to `type: RuntimeDefault` to use the default profile if available. - seLinuxOptions: {} - # TODO Ambient inpod - for OpenShift, set to the following to get writable sockets in hostmounts to work, eventually consider CSI driver instead - #seLinuxOptions: - # type: spc_t - - # K8s DaemonSet update strategy. - # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 diff --git a/resources/v1.26.8/cni-1.26.8.tgz.etag b/resources/v1.26.8/cni-1.26.8.tgz.etag deleted file mode 100644 index 9e9542ccb..000000000 --- a/resources/v1.26.8/cni-1.26.8.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -4f0e5df564a4e3e0ebd9b094af046a47 diff --git a/resources/v1.26.8/commit b/resources/v1.26.8/commit deleted file mode 100644 index 25691b4f1..000000000 --- a/resources/v1.26.8/commit +++ /dev/null @@ -1 +0,0 @@ -1.26.8 diff --git a/resources/v1.26.8/gateway-1.26.8.tgz.etag b/resources/v1.26.8/gateway-1.26.8.tgz.etag deleted file mode 100644 index 56ec8b402..000000000 --- a/resources/v1.26.8/gateway-1.26.8.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -26503fe446c046b925d1750b9f1d5da7 diff --git a/resources/v1.26.8/istiod-1.26.8.tgz.etag b/resources/v1.26.8/istiod-1.26.8.tgz.etag deleted file mode 100644 index cd00b5e2f..000000000 --- a/resources/v1.26.8/istiod-1.26.8.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -173492670e53f85ae86476f0d73e0094 diff --git a/resources/v1.26.8/profiles/ambient.yaml b/resources/v1.26.8/profiles/ambient.yaml deleted file mode 100644 index 71ea784a8..000000000 --- a/resources/v1.26.8/profiles/ambient.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient diff --git a/resources/v1.26.8/profiles/default.yaml b/resources/v1.26.8/profiles/default.yaml deleted file mode 100644 index 8f1ef1967..000000000 --- a/resources/v1.26.8/profiles/default.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - # Most default values come from the helm chart's values.yaml - # Below are the things that differ - values: - defaultRevision: "" - global: - istioNamespace: istio-system - configValidation: true - ztunnel: - resourceName: ztunnel diff --git a/resources/v1.26.8/profiles/demo.yaml b/resources/v1.26.8/profiles/demo.yaml deleted file mode 100644 index 53c4b4163..000000000 --- a/resources/v1.26.8/profiles/demo.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: demo diff --git a/resources/v1.26.8/profiles/empty.yaml b/resources/v1.26.8/profiles/empty.yaml deleted file mode 100644 index 4477cb1fe..000000000 --- a/resources/v1.26.8/profiles/empty.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# The empty profile has everything disabled -# This is useful as a base for custom user configuration -apiVersion: sailoperator.io/v1 -kind: Istio -spec: {} diff --git a/resources/v1.26.8/profiles/openshift-ambient.yaml b/resources/v1.26.8/profiles/openshift-ambient.yaml deleted file mode 100644 index 76edf00cd..000000000 --- a/resources/v1.26.8/profiles/openshift-ambient.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: ambient - global: - platform: openshift diff --git a/resources/v1.26.8/profiles/openshift.yaml b/resources/v1.26.8/profiles/openshift.yaml deleted file mode 100644 index 41492660f..000000000 --- a/resources/v1.26.8/profiles/openshift.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - global: - platform: openshift diff --git a/resources/v1.26.8/profiles/preview.yaml b/resources/v1.26.8/profiles/preview.yaml deleted file mode 100644 index 59d545c84..000000000 --- a/resources/v1.26.8/profiles/preview.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The preview profile contains features that are experimental. -# This is intended to explore new features coming to Istio. -# Stability, security, and performance are not guaranteed - use at your own risk. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: preview diff --git a/resources/v1.26.8/profiles/remote.yaml b/resources/v1.26.8/profiles/remote.yaml deleted file mode 100644 index 54c65c8ba..000000000 --- a/resources/v1.26.8/profiles/remote.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The remote profile is used to configure a mesh cluster without a locally deployed control plane. -# Only the injector mutating webhook configuration is installed. -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: remote diff --git a/resources/v1.26.8/profiles/stable.yaml b/resources/v1.26.8/profiles/stable.yaml deleted file mode 100644 index 285feba24..000000000 --- a/resources/v1.26.8/profiles/stable.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: sailoperator.io/v1 -kind: Istio -spec: - values: - profile: stable diff --git a/resources/v1.26.8/ztunnel-1.26.8.tgz.etag b/resources/v1.26.8/ztunnel-1.26.8.tgz.etag deleted file mode 100644 index 484cf76f2..000000000 --- a/resources/v1.26.8/ztunnel-1.26.8.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -404d5645a1b5b6129e12f5dbb84f1773 From 555c5ac89b2835b7ed22b519f26a1544831fa337 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Thu, 22 Jan 2026 04:13:29 -0500 Subject: [PATCH 09/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1530) Signed-off-by: openshift-service-mesh-bot --- Makefile.core.mk | 2 +- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/values_types.gen.go | 9 ++++-- api/v1/ztunnel_types.go | 6 ++-- api/v1/zz_generated.deepcopy.go | 5 ++++ api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 10 +++++-- bundle/manifests/sailoperator.io_istios.yaml | 10 +++++-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 10 +++++-- chart/crds/sailoperator.io_istios.yaml | 10 +++++-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/README.adoc | 8 +++--- docs/addons/addons.adoc | 8 +++--- docs/addons/observability.adoc | 8 +++--- docs/api-reference/sailoperator.io.md | 11 ++++---- .../common/create-and-configure-gateways.adoc | 8 +++--- docs/common/istio-ambient-mode.adoc | 8 +++--- docs/common/istio-ambient-waypoint.adoc | 8 +++--- docs/common/istio-nftables.adoc | 8 +++--- docs/deployment-models/consolidating-cp.adoc | 8 +++--- docs/deployment-models/multicluster.adoc | 8 +++--- docs/deployment-models/multiple-mesh.adoc | 8 +++--- docs/dual-stack/dual-stack.adoc | 8 +++--- docs/general/getting-started.adoc | 8 +++--- docs/general/istiod-ha.adoc | 8 +++--- docs/general/plugin-ca.adoc | 8 +++--- docs/guidelines/guidelines.adoc | 16 +++++------ docs/update-strategy/update-strategy.adoc | 8 +++--- go.mod | 6 ++-- go.sum | 12 ++++---- pkg/istioversion/versions.yaml | 18 ++++++------ ...17f1bd255ba32c1910d621822731e5917.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...17f1bd255ba32c1910d621822731e5917.tgz.etag | 1 + resources/v1.30-alpha.702493a1/commit | 1 + ...17f1bd255ba32c1910d621822731e5917.tgz.etag | 1 + ...17f1bd255ba32c1910d621822731e5917.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...17f1bd255ba32c1910d621822731e5917.tgz.etag | 1 + ...5d35fdebdea431237a8dc966bd0bbdd64.tgz.etag | 1 - ...5d35fdebdea431237a8dc966bd0bbdd64.tgz.etag | 1 - resources/v1.30-alpha.941c7435/commit | 1 - ...5d35fdebdea431237a8dc966bd0bbdd64.tgz.etag | 1 - ...5d35fdebdea431237a8dc966bd0bbdd64.tgz.etag | 1 - ...5d35fdebdea431237a8dc966bd0bbdd64.tgz.etag | 1 - 240 files changed, 204 insertions(+), 169 deletions(-) create mode 100644 resources/v1.30-alpha.702493a1/base-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/README.md (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/charts/ztunnel/values.yaml (98%) create mode 100644 resources/v1.30-alpha.702493a1/cni-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag create mode 100644 resources/v1.30-alpha.702493a1/commit create mode 100644 resources/v1.30-alpha.702493a1/gateway-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag create mode 100644 resources/v1.30-alpha.702493a1/istiod-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.941c7435 => v1.30-alpha.702493a1}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.702493a1/ztunnel-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag delete mode 100644 resources/v1.30-alpha.941c7435/base-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag delete mode 100644 resources/v1.30-alpha.941c7435/cni-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag delete mode 100644 resources/v1.30-alpha.941c7435/commit delete mode 100644 resources/v1.30-alpha.941c7435/gateway-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag delete mode 100644 resources/v1.30-alpha.941c7435/istiod-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag delete mode 100644 resources/v1.30-alpha.941c7435/ztunnel-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag diff --git a/Makefile.core.mk b/Makefile.core.mk index 5e7fce701..43204262c 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -568,7 +568,7 @@ MISSPELL ?= $(LOCALBIN)/misspell ## Tool Versions OPERATOR_SDK_VERSION ?= v1.42.0 -HELM_VERSION ?= v3.19.5 +HELM_VERSION ?= v3.20.0 CONTROLLER_TOOLS_VERSION ?= v0.20.0 CONTROLLER_RUNTIME_BRANCH ?= release-0.23 OPM_VERSION ?= v1.61.0 diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index d7addb3ac..d4c9c0439 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.941c7435 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.702493a1 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 545621811..75f5a324b 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.941c7435 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.702493a1 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 0a763d52d..60d6ee64d 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.941c7435. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.941c7435 + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.702493a1. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.702493a1 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/values_types.gen.go b/api/v1/values_types.gen.go index cf391b358..f9ae09ed1 100644 --- a/api/v1/values_types.gen.go +++ b/api/v1/values_types.gen.go @@ -4065,6 +4065,10 @@ type MeshConfigProxyConfig struct { // Defaults to 64. // Optional. FileFlushMinSizeKb *uint32 `json:"fileFlushMinSizeKb,omitempty"` + // Offer HTTP compression for stats + // Defaults to false. + // Optional. + StatsCompression *bool `json:"statsCompression,omitempty"` } type RemoteService struct { @@ -4410,7 +4414,7 @@ const fileMeshV1alpha1ProxyProtoRawDesc = "" + "poll_delay\x18\x01 \x01(\v2\x19.google.protobuf.DurationR\tpollDelay\x126\n" + "\bfallback\x18\x02 \x01(\v2\x1a.google.protobuf.BoolValueR\bfallbackB\n" + "\n" + - "\bprovider\"\xa2'\n" + + "\bprovider\"\xeb'\n" + "\vProxyConfig\x12\x1f\n" + "\vconfig_path\x18\x01 \x01(\tR\n" + "configPath\x12\x1f\n" + @@ -4453,7 +4457,8 @@ const fileMeshV1alpha1ProxyProtoRawDesc = "" + "\x14private_key_provider\x18& \x01(\v2'.istio.mesh.v1alpha1.PrivateKeyProviderR\x12privateKeyProvider\x12R\n" + "\rproxy_headers\x18' \x01(\v2-.istio.mesh.v1alpha1.ProxyConfig.ProxyHeadersR\fproxyHeaders\x12I\n" + "\x13file_flush_interval\x18( \x01(\v2\x19.google.protobuf.DurationR\x11fileFlushInterval\x122\n" + - "\x16file_flush_min_size_kb\x18) \x01(\rR\x12fileFlushMinSizeKb\x1a@\n" + + "\x16file_flush_min_size_kb\x18) \x01(\rR\x12fileFlushMinSizeKb\x12G\n" + + "\x11stats_compression\x18* \x01(\v2\x1a.google.protobuf.BoolValueR\x10statsCompression\x1a@\n" + "\x12ProxyMetadataEntry\x12\x10\n" + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\x1a@\n" + diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 7956144a9..cd39b9dd4 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.941c7435 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.702493a1 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go index 6bb0935b9..685cb83cc 100644 --- a/api/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -3281,6 +3281,11 @@ func (in *MeshConfigProxyConfig) DeepCopyInto(out *MeshConfigProxyConfig) { *out = new(uint32) **out = **in } + if in.StatsCompression != nil { + in, out := &in.StatsCompression, &out.StatsCompression + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshConfigProxyConfig. diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 8a405f0bf..145d75691 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.941c7435 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.702493a1 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 82a83fae5..20d46e512 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-01-21T15:28:58Z" + createdAt: "2026-01-22T05:11:14Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.941c7435. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.702493a1. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.941c7435 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.941c7435 + - v1.30-alpha.702493a1 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_941c7435.cni: gcr.io/istio-testing/install-cni:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 - images.v1_30-alpha_941c7435.istiod: gcr.io/istio-testing/pilot:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 - images.v1_30-alpha_941c7435.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 - images.v1_30-alpha_941c7435.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 + images.v1_30-alpha_702493a1.cni: gcr.io/istio-testing/install-cni:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 + images.v1_30-alpha_702493a1.istiod: gcr.io/istio-testing/pilot:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 + images.v1_30-alpha_702493a1.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 + images.v1_30-alpha_702493a1.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index b891e1dad..aa3176d1b 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.941c7435 + - v1.30-alpha.702493a1 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index bf3014b80..41ce6df26 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -3817,6 +3817,12 @@ spec: Increase the value of this field if you find that the metrics from Envoys are truncated. format: int32 type: integer + statsCompression: + description: |- + Offer HTTP compression for stats + Defaults to false. + Optional. + type: boolean statsdUdpAddress: description: IP Address and Port of a statsd UDP listener (e.g. `10.75.241.127:9125`). @@ -10116,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.941c7435. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.702493a1. enum: - v1.28.3 - v1.28.2 @@ -10159,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.941c7435 + - v1.30-alpha.702493a1 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 0c2657e30..341af56b8 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -3890,6 +3890,12 @@ spec: Increase the value of this field if you find that the metrics from Envoys are truncated. format: int32 type: integer + statsCompression: + description: |- + Offer HTTP compression for stats + Defaults to false. + Optional. + type: boolean statsdUdpAddress: description: IP Address and Port of a statsd UDP listener (e.g. `10.75.241.127:9125`). @@ -10190,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. enum: - v1.28-latest - v1.28.3 @@ -10241,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.941c7435 + - v1.30-alpha.702493a1 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index fcd40791e..8c4d0acd6 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.941c7435 + - v1.30-alpha.702493a1 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.941c7435 + - v1.30-alpha.702493a1 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 272167aaf..2ad617fa7 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.941c7435 + - v1.30-alpha.702493a1 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index 7235069a5..e3f2ea5f7 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -3817,6 +3817,12 @@ spec: Increase the value of this field if you find that the metrics from Envoys are truncated. format: int32 type: integer + statsCompression: + description: |- + Offer HTTP compression for stats + Defaults to false. + Optional. + type: boolean statsdUdpAddress: description: IP Address and Port of a statsd UDP listener (e.g. `10.75.241.127:9125`). @@ -10116,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.941c7435. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.702493a1. enum: - v1.28.3 - v1.28.2 @@ -10159,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.941c7435 + - v1.30-alpha.702493a1 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 96a23b982..5c0c502b9 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -3890,6 +3890,12 @@ spec: Increase the value of this field if you find that the metrics from Envoys are truncated. format: int32 type: integer + statsCompression: + description: |- + Offer HTTP compression for stats + Defaults to false. + Optional. + type: boolean statsdUdpAddress: description: IP Address and Port of a statsd UDP listener (e.g. `10.75.241.127:9125`). @@ -10190,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. enum: - v1.28-latest - v1.28.3 @@ -10241,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.941c7435 + - v1.30-alpha.702493a1 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index c34a355c7..94ecd9d06 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.941c7435 + - v1.30-alpha.702493a1 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.941c7435 + - v1.30-alpha.702493a1 type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index e5908e4dd..d050213c2 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_941c7435.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 - images.v1_30-alpha_941c7435.istiod: gcr.io/istio-testing/pilot:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 - images.v1_30-alpha_941c7435.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 - images.v1_30-alpha_941c7435.cni: gcr.io/istio-testing/install-cni:1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 + images.v1_30-alpha_702493a1.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 + images.v1_30-alpha_702493a1.istiod: gcr.io/istio-testing/pilot:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 + images.v1_30-alpha_702493a1.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 + images.v1_30-alpha_702493a1.cni: gcr.io/istio-testing/install-cni:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.941c7435 + - v1.30-alpha.702493a1 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/README.adoc b/docs/README.adoc index 77708499c..fb5ad1a78 100644 --- a/docs/README.adoc +++ b/docs/README.adoc @@ -1,9 +1,9 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../[Return to Project Root] diff --git a/docs/addons/addons.adoc b/docs/addons/addons.adoc index 6116af489..57cef8481 100644 --- a/docs/addons/addons.adoc +++ b/docs/addons/addons.adoc @@ -1,9 +1,9 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../README.adoc[Return to Project Root] diff --git a/docs/addons/observability.adoc b/docs/addons/observability.adoc index 8ff5078be..f3a0e24de 100644 --- a/docs/addons/observability.adoc +++ b/docs/addons/observability.adoc @@ -1,9 +1,9 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../README.adoc[Return to Project Root] diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index a6f5d8879..914afe04d 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.941c7435] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.702493a1] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.941c7435. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.941c7435] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.702493a1. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.702493a1] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.941c7435] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.702493a1] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -2071,6 +2071,7 @@ _Appears in:_ | `proxyHeaders` _[ProxyConfigProxyHeaders](#proxyconfigproxyheaders)_ | Define the set of headers to add/modify for HTTP request/responses. To enable an optional header, simply set the field. If no specific configuration is required, an empty object (`\{\}`) will enable it. Note: currently all headers are enabled by default. Below shows an example of customizing the `server` header and disabling the `X-Envoy-Attempt-Count` header: ```yaml proxyHeaders: server: value: "my-custom-server" # Explicitly enable Request IDs. # As this is the default, this has no effect. requestId: \{\} attemptCount: disabled: true ``` # Below shows an example of preserving the header case for HTTP 1.x requests ```yaml proxyHeaders: preserveHttp1HeaderCase: true ``` Some headers are enabled by default, and require explicitly disabling. See below for an example of disabling all default-enabled headers: ```yaml proxyHeaders: forwardedClientCert: SANITIZE server: disabled: true requestId: disabled: true attemptCount: disabled: true envoyDebugHeaders: disabled: true metadataExchangeHeaders: mode: IN_MESH ``` | | | | `fileFlushInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#duration-v1-meta)_ | File flush interval for envoy flushes buffers to disk in milliseconds. The duration needs to be set to a value greater than or equal to 1 millisecond. Default is 1000ms. Optional. | | | | `fileFlushMinSizeKb` _integer_ | File flush buffer size for envoy flushes buffers to disk in kilobytes. Defaults to 64. Optional. | | | +| `statsCompression` _boolean_ | Offer HTTP compression for stats Defaults to false. Optional. | | | #### MeshConfigProxyPathNormalization @@ -3523,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.941c7435] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.702493a1] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3689,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.941c7435. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.941c7435] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.702493a1] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/docs/common/create-and-configure-gateways.adoc b/docs/common/create-and-configure-gateways.adoc index 0f204ca8a..99c3800e8 100644 --- a/docs/common/create-and-configure-gateways.adoc +++ b/docs/common/create-and-configure-gateways.adoc @@ -1,9 +1,9 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../README.adoc[Return to Project Root] diff --git a/docs/common/istio-ambient-mode.adoc b/docs/common/istio-ambient-mode.adoc index ed02bea44..4f1171408 100644 --- a/docs/common/istio-ambient-mode.adoc +++ b/docs/common/istio-ambient-mode.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../README.adoc[Return to Project Root] diff --git a/docs/common/istio-ambient-waypoint.adoc b/docs/common/istio-ambient-waypoint.adoc index eb5ee6d78..d68348752 100644 --- a/docs/common/istio-ambient-waypoint.adoc +++ b/docs/common/istio-ambient-waypoint.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../README.adoc[Return to Project Root] diff --git a/docs/common/istio-nftables.adoc b/docs/common/istio-nftables.adoc index c52f341d6..91e9c6298 100644 --- a/docs/common/istio-nftables.adoc +++ b/docs/common/istio-nftables.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../README.md[Return to Project Root] diff --git a/docs/deployment-models/consolidating-cp.adoc b/docs/deployment-models/consolidating-cp.adoc index 5ece3b158..df1fd6161 100644 --- a/docs/deployment-models/consolidating-cp.adoc +++ b/docs/deployment-models/consolidating-cp.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../../README.adoc[Return to Project Root] diff --git a/docs/deployment-models/multicluster.adoc b/docs/deployment-models/multicluster.adoc index 824cd62a5..8e5f6d6b1 100644 --- a/docs/deployment-models/multicluster.adoc +++ b/docs/deployment-models/multicluster.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../README.adoc[Return to Project Root] diff --git a/docs/deployment-models/multiple-mesh.adoc b/docs/deployment-models/multiple-mesh.adoc index 8578470b7..84c07433c 100644 --- a/docs/deployment-models/multiple-mesh.adoc +++ b/docs/deployment-models/multiple-mesh.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../../README.adoc[Return to Project Root] diff --git a/docs/dual-stack/dual-stack.adoc b/docs/dual-stack/dual-stack.adoc index 98340bca0..04edcb3c0 100644 --- a/docs/dual-stack/dual-stack.adoc +++ b/docs/dual-stack/dual-stack.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../../README.adoc[Return to Project Root] diff --git a/docs/general/getting-started.adoc b/docs/general/getting-started.adoc index 9a11f468d..acd836e0a 100644 --- a/docs/general/getting-started.adoc +++ b/docs/general/getting-started.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../README.adoc[Return to Project Root] diff --git a/docs/general/istiod-ha.adoc b/docs/general/istiod-ha.adoc index f1fb25c8e..b4acfd3a4 100644 --- a/docs/general/istiod-ha.adoc +++ b/docs/general/istiod-ha.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../../README.adoc[Return to Project Root] diff --git a/docs/general/plugin-ca.adoc b/docs/general/plugin-ca.adoc index 6787463f2..2dc825914 100644 --- a/docs/general/plugin-ca.adoc +++ b/docs/general/plugin-ca.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../../README.adoc[Return to Project Root] diff --git a/docs/guidelines/guidelines.adoc b/docs/guidelines/guidelines.adoc index b300b27aa..7bbe5b6cd 100644 --- a/docs/guidelines/guidelines.adoc +++ b/docs/guidelines/guidelines.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../../README.adoc[Return to Project Root] @@ -97,12 +97,12 @@ Use code blocks for commands or groups of commands that have the same context. * All AsciiDoc files should include variable definitions at the top for GitHub compatibility: ``` // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 ``` Note: that the values of the variables will be automatically updated on each release to keep them in sync with the actual versions. diff --git a/docs/update-strategy/update-strategy.adoc b/docs/update-strategy/update-strategy.adoc index b0909398a..727d2f668 100644 --- a/docs/update-strategy/update-strategy.adoc +++ b/docs/update-strategy/update-strategy.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.2 -:istio_latest_version_revision_format: 1-28-2 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.28.1 -:istio_latest_minus_one_version_revision_format: 1-28-1 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 link:../../README.adoc[Return to Project Root] diff --git a/go.mod b/go.mod index 61e8dda13..ed9e95673 100644 --- a/go.mod +++ b/go.mod @@ -24,8 +24,8 @@ require ( gomodules.xyz/jsonpatch/v2 v2.5.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 - istio.io/client-go v1.29.0-alpha.0.0.20260116183715-e1c544fe5cee - istio.io/istio v0.0.0-20260121003427-941c7435d35f + istio.io/client-go v1.29.0-alpha.0.0.20260121180928-8a76f0b496fd + istio.io/istio v0.0.0-20260122004028-702493a17f1b k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 @@ -169,7 +169,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - istio.io/api v1.29.0-alpha.0.0.20260116183115-1e525da7e1ce // indirect + istio.io/api v1.29.0-alpha.0.0.20260121180630-6caf94532f72 // indirect k8s.io/apiserver v0.35.0 // indirect k8s.io/component-base v0.35.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect diff --git a/go.sum b/go.sum index 973f07812..e6ff1e55e 100644 --- a/go.sum +++ b/go.sum @@ -470,12 +470,12 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= helm.sh/helm/v3 v3.18.6 h1:S/2CqcYnNfLckkHLI0VgQbxgcDaU3N4A/46E3n9wSNY= helm.sh/helm/v3 v3.18.6/go.mod h1:L/dXDR2r539oPlFP1PJqKAC1CUgqHJDLkxKpDGrWnyg= -istio.io/api v1.29.0-alpha.0.0.20260116183115-1e525da7e1ce h1:YyqDj8n9L8bZf41Y3Cgw1KH30N/EWdHSj8LK6Fd9ckI= -istio.io/api v1.29.0-alpha.0.0.20260116183115-1e525da7e1ce/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= -istio.io/client-go v1.29.0-alpha.0.0.20260116183715-e1c544fe5cee h1:PP8EpTpawoNm4+yUE/jswC0Ctz92BO1Ap1ZBO93T/6o= -istio.io/client-go v1.29.0-alpha.0.0.20260116183715-e1c544fe5cee/go.mod h1:6b7+7Y2Q561h5uuJ7nTy3cz191ACvRq2FIVqKIQMAzE= -istio.io/istio v0.0.0-20260121003427-941c7435d35f h1:9yje0SwDH8dpvCC1qxUUbljFw9z2hFmAJTTIRGfrW4I= -istio.io/istio v0.0.0-20260121003427-941c7435d35f/go.mod h1:XnbzpbAp+DxUmnZTybt6FVyabxSJ/5R2du3jzutRymY= +istio.io/api v1.29.0-alpha.0.0.20260121180630-6caf94532f72 h1:2U4teAcER/xDNIdaiieNUBeeMNLzpThPQuEuFegjUGE= +istio.io/api v1.29.0-alpha.0.0.20260121180630-6caf94532f72/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= +istio.io/client-go v1.29.0-alpha.0.0.20260121180928-8a76f0b496fd h1:q1uDf5Vug687vToNAO8rAfQoP94N4CUPew4cZZtOUV0= +istio.io/client-go v1.29.0-alpha.0.0.20260121180928-8a76f0b496fd/go.mod h1:ZBmwk7ji2+WXbBNjPli//CINU3vnZm7+WN8LWoxTLks= +istio.io/istio v0.0.0-20260122004028-702493a17f1b h1:8YFKyKlbD3qtedtfOvaXmlbZbiWho5ioy89vFwjqrvQ= +istio.io/istio v0.0.0-20260122004028-702493a17f1b/go.mod h1:XnbzpbAp+DxUmnZTybt6FVyabxSJ/5R2du3jzutRymY= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index bd768859a..b4fca494d 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.941c7435 - - name: v1.30-alpha.941c7435 - version: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 + ref: v1.30-alpha.702493a1 + - name: v1.30-alpha.702493a1 + version: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 repo: https://github.com/istio/istio branch: master - commit: 941c7435d35fdebdea431237a8dc966bd0bbdd64 + commit: 702493a17f1bd255ba32c1910d621822731e5917 charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64/helm/base-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64/helm/cni-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64/helm/gateway-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64/helm/istiod-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64/helm/ztunnel-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917/helm/base-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917/helm/cni-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917/helm/gateway-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917/helm/istiod-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917/helm/ztunnel-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz diff --git a/resources/v1.30-alpha.702493a1/base-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag b/resources/v1.30-alpha.702493a1/base-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag new file mode 100644 index 000000000..9c700929b --- /dev/null +++ b/resources/v1.30-alpha.702493a1/base-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag @@ -0,0 +1 @@ +3532d2f5628f7b546b49c8269debe071 diff --git a/resources/v1.30-alpha.941c7435/charts/base/Chart.yaml b/resources/v1.30-alpha.702493a1/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.941c7435/charts/base/Chart.yaml rename to resources/v1.30-alpha.702493a1/charts/base/Chart.yaml index 4adcc033b..ba48f782a 100644 --- a/resources/v1.30-alpha.941c7435/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.702493a1/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +appVersion: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +version: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 diff --git a/resources/v1.30-alpha.941c7435/charts/base/README.md b/resources/v1.30-alpha.702493a1/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/README.md rename to resources/v1.30-alpha.702493a1/charts/base/README.md diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.702493a1/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.702493a1/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.702493a1/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.702493a1/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.702493a1/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.702493a1/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.702493a1/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.702493a1/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.702493a1/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.702493a1/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.702493a1/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.702493a1/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.941c7435/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.702493a1/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.702493a1/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.702493a1/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.702493a1/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.702493a1/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.702493a1/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.702493a1/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.702493a1/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/base/values.yaml b/resources/v1.30-alpha.702493a1/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/base/values.yaml rename to resources/v1.30-alpha.702493a1/charts/base/values.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/Chart.yaml b/resources/v1.30-alpha.702493a1/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.941c7435/charts/cni/Chart.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/Chart.yaml index 2f5562424..6ba17cf4c 100644 --- a/resources/v1.30-alpha.941c7435/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.702493a1/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +appVersion: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +version: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 diff --git a/resources/v1.30-alpha.941c7435/charts/cni/README.md b/resources/v1.30-alpha.702493a1/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/README.md rename to resources/v1.30-alpha.702493a1/charts/cni/README.md diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.702493a1/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.702493a1/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.702493a1/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.702493a1/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.702493a1/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.702493a1/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.702493a1/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.702493a1/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.702493a1/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.702493a1/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.702493a1/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.702493a1/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.702493a1/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.702493a1/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.702493a1/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.702493a1/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.702493a1/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.702493a1/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.702493a1/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/cni/values.yaml b/resources/v1.30-alpha.702493a1/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.941c7435/charts/cni/values.yaml rename to resources/v1.30-alpha.702493a1/charts/cni/values.yaml index c8e42469f..1477ae8ff 100644 --- a/resources/v1.30-alpha.941c7435/charts/cni/values.yaml +++ b/resources/v1.30-alpha.702493a1/charts/cni/values.yaml @@ -153,7 +153,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 + tag: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/Chart.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.941c7435/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/Chart.yaml index e554f98f6..3de5d0fa7 100644 --- a/resources/v1.30-alpha.941c7435/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.702493a1/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +appVersion: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +version: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/README.md b/resources/v1.30-alpha.702493a1/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/README.md rename to resources/v1.30-alpha.702493a1/charts/gateway/README.md diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.702493a1/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.702493a1/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.702493a1/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.702493a1/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/values.schema.json b/resources/v1.30-alpha.702493a1/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/values.schema.json rename to resources/v1.30-alpha.702493a1/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.941c7435/charts/gateway/values.yaml b/resources/v1.30-alpha.702493a1/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/gateway/values.yaml rename to resources/v1.30-alpha.702493a1/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/Chart.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.941c7435/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/Chart.yaml index d3f876b0b..db8d2798f 100644 --- a/resources/v1.30-alpha.941c7435/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.702493a1/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +appVersion: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +version: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/README.md b/resources/v1.30-alpha.702493a1/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/README.md rename to resources/v1.30-alpha.702493a1/charts/istiod/README.md diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.702493a1/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.702493a1/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/istiod/values.yaml b/resources/v1.30-alpha.702493a1/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.941c7435/charts/istiod/values.yaml rename to resources/v1.30-alpha.702493a1/charts/istiod/values.yaml index dadead189..9c6350e56 100644 --- a/resources/v1.30-alpha.941c7435/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.702493a1/charts/istiod/values.yaml @@ -254,7 +254,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 + tag: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/Chart.yaml index 3af797f80..2ec6743de 100644 --- a/resources/v1.30-alpha.941c7435/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.702493a1/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +appVersion: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/revisiontags/values.yaml b/resources/v1.30-alpha.702493a1/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.941c7435/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.702493a1/charts/revisiontags/values.yaml index dadead189..9c6350e56 100644 --- a/resources/v1.30-alpha.941c7435/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.702493a1/charts/revisiontags/values.yaml @@ -254,7 +254,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 + tag: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/Chart.yaml index 1346e3afb..92fdf00c7 100644 --- a/resources/v1.30-alpha.941c7435/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.702493a1/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +appVersion: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 +version: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/README.md b/resources/v1.30-alpha.702493a1/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/README.md rename to resources/v1.30-alpha.702493a1/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.702493a1/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.702493a1/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.941c7435/charts/ztunnel/values.yaml b/resources/v1.30-alpha.702493a1/charts/ztunnel/values.yaml similarity index 98% rename from resources/v1.30-alpha.941c7435/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.702493a1/charts/ztunnel/values.yaml index 70c5dc052..7112727e1 100644 --- a/resources/v1.30-alpha.941c7435/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.702493a1/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64 + tag: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.702493a1/cni-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag b/resources/v1.30-alpha.702493a1/cni-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag new file mode 100644 index 000000000..163e42536 --- /dev/null +++ b/resources/v1.30-alpha.702493a1/cni-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag @@ -0,0 +1 @@ +24430fac5167adae02b3640a4c947b14 diff --git a/resources/v1.30-alpha.702493a1/commit b/resources/v1.30-alpha.702493a1/commit new file mode 100644 index 000000000..9251dad2a --- /dev/null +++ b/resources/v1.30-alpha.702493a1/commit @@ -0,0 +1 @@ +702493a17f1bd255ba32c1910d621822731e5917 diff --git a/resources/v1.30-alpha.702493a1/gateway-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag b/resources/v1.30-alpha.702493a1/gateway-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag new file mode 100644 index 000000000..9e02649d1 --- /dev/null +++ b/resources/v1.30-alpha.702493a1/gateway-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag @@ -0,0 +1 @@ +90a22953dcb76ac848cc3c05d126a069 diff --git a/resources/v1.30-alpha.702493a1/istiod-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag b/resources/v1.30-alpha.702493a1/istiod-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag new file mode 100644 index 000000000..1a9cee356 --- /dev/null +++ b/resources/v1.30-alpha.702493a1/istiod-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag @@ -0,0 +1 @@ +57f5b98c5cb0119b2f7dab9d4821f5ca diff --git a/resources/v1.30-alpha.941c7435/profiles/ambient.yaml b/resources/v1.30-alpha.702493a1/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/profiles/ambient.yaml rename to resources/v1.30-alpha.702493a1/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.941c7435/profiles/default.yaml b/resources/v1.30-alpha.702493a1/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/profiles/default.yaml rename to resources/v1.30-alpha.702493a1/profiles/default.yaml diff --git a/resources/v1.30-alpha.941c7435/profiles/demo.yaml b/resources/v1.30-alpha.702493a1/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/profiles/demo.yaml rename to resources/v1.30-alpha.702493a1/profiles/demo.yaml diff --git a/resources/v1.30-alpha.941c7435/profiles/empty.yaml b/resources/v1.30-alpha.702493a1/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/profiles/empty.yaml rename to resources/v1.30-alpha.702493a1/profiles/empty.yaml diff --git a/resources/v1.30-alpha.941c7435/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.702493a1/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.702493a1/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.941c7435/profiles/openshift.yaml b/resources/v1.30-alpha.702493a1/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/profiles/openshift.yaml rename to resources/v1.30-alpha.702493a1/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.941c7435/profiles/preview.yaml b/resources/v1.30-alpha.702493a1/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/profiles/preview.yaml rename to resources/v1.30-alpha.702493a1/profiles/preview.yaml diff --git a/resources/v1.30-alpha.941c7435/profiles/remote.yaml b/resources/v1.30-alpha.702493a1/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/profiles/remote.yaml rename to resources/v1.30-alpha.702493a1/profiles/remote.yaml diff --git a/resources/v1.30-alpha.941c7435/profiles/stable.yaml b/resources/v1.30-alpha.702493a1/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.941c7435/profiles/stable.yaml rename to resources/v1.30-alpha.702493a1/profiles/stable.yaml diff --git a/resources/v1.30-alpha.702493a1/ztunnel-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag b/resources/v1.30-alpha.702493a1/ztunnel-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag new file mode 100644 index 000000000..038e10fc1 --- /dev/null +++ b/resources/v1.30-alpha.702493a1/ztunnel-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag @@ -0,0 +1 @@ +5db03d05b33dd86a4511125ab2430c7f diff --git a/resources/v1.30-alpha.941c7435/base-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag b/resources/v1.30-alpha.941c7435/base-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag deleted file mode 100644 index 384d307b2..000000000 --- a/resources/v1.30-alpha.941c7435/base-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -ef28ce92284285af18772f29ced1cbb6 diff --git a/resources/v1.30-alpha.941c7435/cni-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag b/resources/v1.30-alpha.941c7435/cni-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag deleted file mode 100644 index 193de9d78..000000000 --- a/resources/v1.30-alpha.941c7435/cni-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -061525c2e2bc82573153bc98b79a1797 diff --git a/resources/v1.30-alpha.941c7435/commit b/resources/v1.30-alpha.941c7435/commit deleted file mode 100644 index efbc2ee05..000000000 --- a/resources/v1.30-alpha.941c7435/commit +++ /dev/null @@ -1 +0,0 @@ -941c7435d35fdebdea431237a8dc966bd0bbdd64 diff --git a/resources/v1.30-alpha.941c7435/gateway-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag b/resources/v1.30-alpha.941c7435/gateway-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag deleted file mode 100644 index 16001cf45..000000000 --- a/resources/v1.30-alpha.941c7435/gateway-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -9a7f97b56bf2d837b5831d999c79c060 diff --git a/resources/v1.30-alpha.941c7435/istiod-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag b/resources/v1.30-alpha.941c7435/istiod-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag deleted file mode 100644 index 513224177..000000000 --- a/resources/v1.30-alpha.941c7435/istiod-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -284c1d538fe95d0e2f8a64868ad1d2f3 diff --git a/resources/v1.30-alpha.941c7435/ztunnel-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag b/resources/v1.30-alpha.941c7435/ztunnel-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag deleted file mode 100644 index f6bb4ab35..000000000 --- a/resources/v1.30-alpha.941c7435/ztunnel-1.30-alpha.941c7435d35fdebdea431237a8dc966bd0bbdd64.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -bca30c2e5b68342659d2f846d1b4968a From f9d93a6a6ecd26e2b1a7b96b35892d17294e4f50 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Fri, 23 Jan 2026 03:49:30 -0500 Subject: [PATCH 10/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1534) Signed-off-by: openshift-service-mesh-bot --- Makefile.core.mk | 2 +- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 2 +- go.sum | 4 +-- pkg/istioversion/versions.yaml | 18 ++++++------ ...17f1bd255ba32c1910d621822731e5917.tgz.etag | 1 - ...17f1bd255ba32c1910d621822731e5917.tgz.etag | 1 - resources/v1.30-alpha.702493a1/commit | 1 - ...17f1bd255ba32c1910d621822731e5917.tgz.etag | 1 - ...17f1bd255ba32c1910d621822731e5917.tgz.etag | 1 - ...17f1bd255ba32c1910d621822731e5917.tgz.etag | 1 - ...686458842f328ff53f0d985ec1fa6df5e.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...686458842f328ff53f0d985ec1fa6df5e.tgz.etag | 1 + resources/v1.30-alpha.eab5fb06/commit | 1 + ...686458842f328ff53f0d985ec1fa6df5e.tgz.etag | 1 + ...686458842f328ff53f0d985ec1fa6df5e.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...686458842f328ff53f0d985ec1fa6df5e.tgz.etag | 1 + 222 files changed, 93 insertions(+), 93 deletions(-) delete mode 100644 resources/v1.30-alpha.702493a1/base-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag delete mode 100644 resources/v1.30-alpha.702493a1/cni-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag delete mode 100644 resources/v1.30-alpha.702493a1/commit delete mode 100644 resources/v1.30-alpha.702493a1/gateway-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag delete mode 100644 resources/v1.30-alpha.702493a1/istiod-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag delete mode 100644 resources/v1.30-alpha.702493a1/ztunnel-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag create mode 100644 resources/v1.30-alpha.eab5fb06/base-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/README.md (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/charts/ztunnel/values.yaml (98%) create mode 100644 resources/v1.30-alpha.eab5fb06/cni-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag create mode 100644 resources/v1.30-alpha.eab5fb06/commit create mode 100644 resources/v1.30-alpha.eab5fb06/gateway-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag create mode 100644 resources/v1.30-alpha.eab5fb06/istiod-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.702493a1 => v1.30-alpha.eab5fb06}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.eab5fb06/ztunnel-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag diff --git a/Makefile.core.mk b/Makefile.core.mk index 43204262c..2d7eb7919 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -571,7 +571,7 @@ OPERATOR_SDK_VERSION ?= v1.42.0 HELM_VERSION ?= v3.20.0 CONTROLLER_TOOLS_VERSION ?= v0.20.0 CONTROLLER_RUNTIME_BRANCH ?= release-0.23 -OPM_VERSION ?= v1.61.0 +OPM_VERSION ?= v1.62.0 OLM_VERSION ?= v0.38.0 GITLEAKS_VERSION ?= v8.30.0 ISTIOCTL_VERSION ?= 1.26.2 diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index d4c9c0439..d2cea97d2 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.702493a1 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.eab5fb06 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 75f5a324b..9819d8a42 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.702493a1 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.eab5fb06 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 60d6ee64d..8fc69e720 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.702493a1. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.702493a1 + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eab5fb06. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.eab5fb06 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index cd39b9dd4..1023f7769 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.702493a1 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.eab5fb06 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 145d75691..91449b58f 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.702493a1 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.eab5fb06 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 20d46e512..a0ae05982 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-01-22T05:11:14Z" + createdAt: "2026-01-23T05:09:58Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.702493a1. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eab5fb06. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.702493a1 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.702493a1 + - v1.30-alpha.eab5fb06 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_702493a1.cni: gcr.io/istio-testing/install-cni:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 - images.v1_30-alpha_702493a1.istiod: gcr.io/istio-testing/pilot:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 - images.v1_30-alpha_702493a1.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 - images.v1_30-alpha_702493a1.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 + images.v1_30-alpha_eab5fb06.cni: gcr.io/istio-testing/install-cni:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e + images.v1_30-alpha_eab5fb06.istiod: gcr.io/istio-testing/pilot:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e + images.v1_30-alpha_eab5fb06.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e + images.v1_30-alpha_eab5fb06.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index aa3176d1b..0a8bb4a3c 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.702493a1 + - v1.30-alpha.eab5fb06 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 41ce6df26..aeb828780 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.702493a1. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eab5fb06. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.702493a1 + - v1.30-alpha.eab5fb06 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 341af56b8..8d536c23f 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.702493a1 + - v1.30-alpha.eab5fb06 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 8c4d0acd6..56072fa22 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.702493a1 + - v1.30-alpha.eab5fb06 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.702493a1 + - v1.30-alpha.eab5fb06 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 2ad617fa7..36cdc3459 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.702493a1 + - v1.30-alpha.eab5fb06 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index e3f2ea5f7..b4093c9dc 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.702493a1. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eab5fb06. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.702493a1 + - v1.30-alpha.eab5fb06 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 5c0c502b9..39a03bf33 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.702493a1 + - v1.30-alpha.eab5fb06 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 94ecd9d06..7d2bccfa8 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.702493a1 + - v1.30-alpha.eab5fb06 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.702493a1 + - v1.30-alpha.eab5fb06 type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index d050213c2..2267797e7 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_702493a1.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 - images.v1_30-alpha_702493a1.istiod: gcr.io/istio-testing/pilot:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 - images.v1_30-alpha_702493a1.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 - images.v1_30-alpha_702493a1.cni: gcr.io/istio-testing/install-cni:1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 + images.v1_30-alpha_eab5fb06.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e + images.v1_30-alpha_eab5fb06.istiod: gcr.io/istio-testing/pilot:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e + images.v1_30-alpha_eab5fb06.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e + images.v1_30-alpha_eab5fb06.cni: gcr.io/istio-testing/install-cni:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.702493a1 + - v1.30-alpha.eab5fb06 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 914afe04d..de51de2e6 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.702493a1] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.eab5fb06] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.702493a1. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.702493a1] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eab5fb06. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.eab5fb06] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.702493a1] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.eab5fb06] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3524,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.702493a1] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.eab5fb06] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3690,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.702493a1. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.702493a1] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.eab5fb06] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index ed9e95673..a988c0cca 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260121180928-8a76f0b496fd - istio.io/istio v0.0.0-20260122004028-702493a17f1b + istio.io/istio v0.0.0-20260123024029-eab5fb068645 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 diff --git a/go.sum b/go.sum index e6ff1e55e..40c513413 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260121180630-6caf94532f72 h1:2U4teAcER/xDNIdaii istio.io/api v1.29.0-alpha.0.0.20260121180630-6caf94532f72/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260121180928-8a76f0b496fd h1:q1uDf5Vug687vToNAO8rAfQoP94N4CUPew4cZZtOUV0= istio.io/client-go v1.29.0-alpha.0.0.20260121180928-8a76f0b496fd/go.mod h1:ZBmwk7ji2+WXbBNjPli//CINU3vnZm7+WN8LWoxTLks= -istio.io/istio v0.0.0-20260122004028-702493a17f1b h1:8YFKyKlbD3qtedtfOvaXmlbZbiWho5ioy89vFwjqrvQ= -istio.io/istio v0.0.0-20260122004028-702493a17f1b/go.mod h1:XnbzpbAp+DxUmnZTybt6FVyabxSJ/5R2du3jzutRymY= +istio.io/istio v0.0.0-20260123024029-eab5fb068645 h1:Gb0fR+BSbzfsr1/ADcIz+UdeBAHIpbeNPsi3BH5nXiI= +istio.io/istio v0.0.0-20260123024029-eab5fb068645/go.mod h1:XnbzpbAp+DxUmnZTybt6FVyabxSJ/5R2du3jzutRymY= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index b4fca494d..962fbe519 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.702493a1 - - name: v1.30-alpha.702493a1 - version: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 + ref: v1.30-alpha.eab5fb06 + - name: v1.30-alpha.eab5fb06 + version: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e repo: https://github.com/istio/istio branch: master - commit: 702493a17f1bd255ba32c1910d621822731e5917 + commit: eab5fb0686458842f328ff53f0d985ec1fa6df5e charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917/helm/base-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917/helm/cni-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917/helm/gateway-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917/helm/istiod-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917/helm/ztunnel-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e/helm/base-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e/helm/cni-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e/helm/gateway-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e/helm/istiod-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e/helm/ztunnel-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz diff --git a/resources/v1.30-alpha.702493a1/base-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag b/resources/v1.30-alpha.702493a1/base-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag deleted file mode 100644 index 9c700929b..000000000 --- a/resources/v1.30-alpha.702493a1/base-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -3532d2f5628f7b546b49c8269debe071 diff --git a/resources/v1.30-alpha.702493a1/cni-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag b/resources/v1.30-alpha.702493a1/cni-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag deleted file mode 100644 index 163e42536..000000000 --- a/resources/v1.30-alpha.702493a1/cni-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -24430fac5167adae02b3640a4c947b14 diff --git a/resources/v1.30-alpha.702493a1/commit b/resources/v1.30-alpha.702493a1/commit deleted file mode 100644 index 9251dad2a..000000000 --- a/resources/v1.30-alpha.702493a1/commit +++ /dev/null @@ -1 +0,0 @@ -702493a17f1bd255ba32c1910d621822731e5917 diff --git a/resources/v1.30-alpha.702493a1/gateway-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag b/resources/v1.30-alpha.702493a1/gateway-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag deleted file mode 100644 index 9e02649d1..000000000 --- a/resources/v1.30-alpha.702493a1/gateway-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -90a22953dcb76ac848cc3c05d126a069 diff --git a/resources/v1.30-alpha.702493a1/istiod-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag b/resources/v1.30-alpha.702493a1/istiod-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag deleted file mode 100644 index 1a9cee356..000000000 --- a/resources/v1.30-alpha.702493a1/istiod-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -57f5b98c5cb0119b2f7dab9d4821f5ca diff --git a/resources/v1.30-alpha.702493a1/ztunnel-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag b/resources/v1.30-alpha.702493a1/ztunnel-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag deleted file mode 100644 index 038e10fc1..000000000 --- a/resources/v1.30-alpha.702493a1/ztunnel-1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -5db03d05b33dd86a4511125ab2430c7f diff --git a/resources/v1.30-alpha.eab5fb06/base-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag b/resources/v1.30-alpha.eab5fb06/base-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag new file mode 100644 index 000000000..154edac70 --- /dev/null +++ b/resources/v1.30-alpha.eab5fb06/base-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag @@ -0,0 +1 @@ +9049d91323322c13b31b6fd8da9a9949 diff --git a/resources/v1.30-alpha.702493a1/charts/base/Chart.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.702493a1/charts/base/Chart.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/Chart.yaml index ba48f782a..a260720c9 100644 --- a/resources/v1.30-alpha.702493a1/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.eab5fb06/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 +appVersion: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 +version: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e diff --git a/resources/v1.30-alpha.702493a1/charts/base/README.md b/resources/v1.30-alpha.eab5fb06/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/README.md rename to resources/v1.30-alpha.eab5fb06/charts/base/README.md diff --git a/resources/v1.30-alpha.702493a1/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.eab5fb06/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.eab5fb06/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.702493a1/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/base/values.yaml b/resources/v1.30-alpha.eab5fb06/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/base/values.yaml rename to resources/v1.30-alpha.eab5fb06/charts/base/values.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/Chart.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.702493a1/charts/cni/Chart.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/Chart.yaml index 6ba17cf4c..4a4ea7d1a 100644 --- a/resources/v1.30-alpha.702493a1/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.eab5fb06/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 +appVersion: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 +version: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e diff --git a/resources/v1.30-alpha.702493a1/charts/cni/README.md b/resources/v1.30-alpha.eab5fb06/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/README.md rename to resources/v1.30-alpha.eab5fb06/charts/cni/README.md diff --git a/resources/v1.30-alpha.702493a1/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.eab5fb06/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.eab5fb06/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.702493a1/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.eab5fb06/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.eab5fb06/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.702493a1/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/cni/values.yaml b/resources/v1.30-alpha.eab5fb06/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.702493a1/charts/cni/values.yaml rename to resources/v1.30-alpha.eab5fb06/charts/cni/values.yaml index 1477ae8ff..e44b543ce 100644 --- a/resources/v1.30-alpha.702493a1/charts/cni/values.yaml +++ b/resources/v1.30-alpha.eab5fb06/charts/cni/values.yaml @@ -153,7 +153,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 + tag: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/Chart.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.702493a1/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/Chart.yaml index 3de5d0fa7..9d6a562c7 100644 --- a/resources/v1.30-alpha.702493a1/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.eab5fb06/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 +appVersion: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 +version: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/README.md b/resources/v1.30-alpha.eab5fb06/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/README.md rename to resources/v1.30-alpha.eab5fb06/charts/gateway/README.md diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.eab5fb06/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.eab5fb06/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/values.schema.json b/resources/v1.30-alpha.eab5fb06/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/values.schema.json rename to resources/v1.30-alpha.eab5fb06/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.702493a1/charts/gateway/values.yaml b/resources/v1.30-alpha.eab5fb06/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/gateway/values.yaml rename to resources/v1.30-alpha.eab5fb06/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/Chart.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.702493a1/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/Chart.yaml index db8d2798f..07467202e 100644 --- a/resources/v1.30-alpha.702493a1/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.eab5fb06/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 +appVersion: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 +version: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/README.md b/resources/v1.30-alpha.eab5fb06/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/README.md rename to resources/v1.30-alpha.eab5fb06/charts/istiod/README.md diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/istiod/values.yaml b/resources/v1.30-alpha.eab5fb06/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.702493a1/charts/istiod/values.yaml rename to resources/v1.30-alpha.eab5fb06/charts/istiod/values.yaml index 9c6350e56..a957f5147 100644 --- a/resources/v1.30-alpha.702493a1/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.eab5fb06/charts/istiod/values.yaml @@ -254,7 +254,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 + tag: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/Chart.yaml index 2ec6743de..02278ab28 100644 --- a/resources/v1.30-alpha.702493a1/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 +appVersion: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/revisiontags/values.yaml b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.702493a1/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.eab5fb06/charts/revisiontags/values.yaml index 9c6350e56..a957f5147 100644 --- a/resources/v1.30-alpha.702493a1/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.eab5fb06/charts/revisiontags/values.yaml @@ -254,7 +254,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 + tag: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/Chart.yaml index 92fdf00c7..321f30319 100644 --- a/resources/v1.30-alpha.702493a1/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 +appVersion: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 +version: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/README.md b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/README.md rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.702493a1/charts/ztunnel/values.yaml b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/values.yaml similarity index 98% rename from resources/v1.30-alpha.702493a1/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.eab5fb06/charts/ztunnel/values.yaml index 7112727e1..3bb88b04c 100644 --- a/resources/v1.30-alpha.702493a1/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.eab5fb06/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.702493a17f1bd255ba32c1910d621822731e5917 + tag: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.eab5fb06/cni-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag b/resources/v1.30-alpha.eab5fb06/cni-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag new file mode 100644 index 000000000..6869b1243 --- /dev/null +++ b/resources/v1.30-alpha.eab5fb06/cni-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag @@ -0,0 +1 @@ +21bea6b5a27bdbad224213dc30988a44 diff --git a/resources/v1.30-alpha.eab5fb06/commit b/resources/v1.30-alpha.eab5fb06/commit new file mode 100644 index 000000000..eb8027778 --- /dev/null +++ b/resources/v1.30-alpha.eab5fb06/commit @@ -0,0 +1 @@ +eab5fb0686458842f328ff53f0d985ec1fa6df5e diff --git a/resources/v1.30-alpha.eab5fb06/gateway-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag b/resources/v1.30-alpha.eab5fb06/gateway-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag new file mode 100644 index 000000000..8a88dd255 --- /dev/null +++ b/resources/v1.30-alpha.eab5fb06/gateway-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag @@ -0,0 +1 @@ +cf981518fbce42ab22b62911b7b5b536 diff --git a/resources/v1.30-alpha.eab5fb06/istiod-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag b/resources/v1.30-alpha.eab5fb06/istiod-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag new file mode 100644 index 000000000..a4177bed3 --- /dev/null +++ b/resources/v1.30-alpha.eab5fb06/istiod-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag @@ -0,0 +1 @@ +54250a3eef9b0cbefbbbab6ddc1d55ac diff --git a/resources/v1.30-alpha.702493a1/profiles/ambient.yaml b/resources/v1.30-alpha.eab5fb06/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/profiles/ambient.yaml rename to resources/v1.30-alpha.eab5fb06/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.702493a1/profiles/default.yaml b/resources/v1.30-alpha.eab5fb06/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/profiles/default.yaml rename to resources/v1.30-alpha.eab5fb06/profiles/default.yaml diff --git a/resources/v1.30-alpha.702493a1/profiles/demo.yaml b/resources/v1.30-alpha.eab5fb06/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/profiles/demo.yaml rename to resources/v1.30-alpha.eab5fb06/profiles/demo.yaml diff --git a/resources/v1.30-alpha.702493a1/profiles/empty.yaml b/resources/v1.30-alpha.eab5fb06/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/profiles/empty.yaml rename to resources/v1.30-alpha.eab5fb06/profiles/empty.yaml diff --git a/resources/v1.30-alpha.702493a1/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.eab5fb06/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.eab5fb06/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.702493a1/profiles/openshift.yaml b/resources/v1.30-alpha.eab5fb06/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/profiles/openshift.yaml rename to resources/v1.30-alpha.eab5fb06/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.702493a1/profiles/preview.yaml b/resources/v1.30-alpha.eab5fb06/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/profiles/preview.yaml rename to resources/v1.30-alpha.eab5fb06/profiles/preview.yaml diff --git a/resources/v1.30-alpha.702493a1/profiles/remote.yaml b/resources/v1.30-alpha.eab5fb06/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/profiles/remote.yaml rename to resources/v1.30-alpha.eab5fb06/profiles/remote.yaml diff --git a/resources/v1.30-alpha.702493a1/profiles/stable.yaml b/resources/v1.30-alpha.eab5fb06/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.702493a1/profiles/stable.yaml rename to resources/v1.30-alpha.eab5fb06/profiles/stable.yaml diff --git a/resources/v1.30-alpha.eab5fb06/ztunnel-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag b/resources/v1.30-alpha.eab5fb06/ztunnel-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag new file mode 100644 index 000000000..d7a83ad16 --- /dev/null +++ b/resources/v1.30-alpha.eab5fb06/ztunnel-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag @@ -0,0 +1 @@ +8de3ffdaf56bbb1c057d58261cfecd2c From 8283be8de11c6bc876ba6928d141976c9055b437 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Sat, 24 Jan 2026 00:26:30 -0500 Subject: [PATCH 11/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1543) Signed-off-by: openshift-service-mesh-bot --- Makefile.core.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.core.mk b/Makefile.core.mk index 2d7eb7919..c4e7296d7 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -572,7 +572,7 @@ HELM_VERSION ?= v3.20.0 CONTROLLER_TOOLS_VERSION ?= v0.20.0 CONTROLLER_RUNTIME_BRANCH ?= release-0.23 OPM_VERSION ?= v1.62.0 -OLM_VERSION ?= v0.38.0 +OLM_VERSION ?= v0.39.0 GITLEAKS_VERSION ?= v8.30.0 ISTIOCTL_VERSION ?= 1.26.2 RUNME_VERSION ?= 3.16.4 From d71b0d257ef071b45fba36a05b7aac46d5918f98 Mon Sep 17 00:00:00 2001 From: Praneeth Bajjuri Date: Mon, 26 Jan 2026 11:53:27 -0500 Subject: [PATCH 12/40] fixing the step numbers in our docs (#1545) This change fixes incorrect step numbering in the Sail operator documentation to improve clarity and correctness. Signed-off-by: pbajjuri20 --- docs/addons/observability.adoc | 25 +- .../common/create-and-configure-gateways.adoc | 34 +- docs/general/plugin-ca.adoc | 313 +++++++++--------- docs/update-strategy/update-strategy.adoc | 80 ++--- 4 files changed, 228 insertions(+), 224 deletions(-) diff --git a/docs/addons/observability.adoc b/docs/addons/observability.adoc index f3a0e24de..380f26962 100644 --- a/docs/addons/observability.adoc +++ b/docs/addons/observability.adoc @@ -29,7 +29,7 @@ The easiest way to get started with production-grade metrics collection is to us *Steps* . Create a ServiceMonitor for istiod. - ++ [source,yaml] ---- apiVersion: monitoring.coreos.com/v1 @@ -49,7 +49,7 @@ spec: ---- . Create a PodMonitor to scrape metrics from the istio-proxy containers. Note that *this resource has to be created in all namespaces where you are running sidecars*. - ++ [source,yaml] ---- apiVersion: monitoring.coreos.com/v1 @@ -107,7 +107,7 @@ This section describes how to setup Istio with OpenShift Distributed Tracing to *Steps* . Configure Istio to enable tracing and include the OpenTelemetry settings: - ++ [source,yaml] ---- meshConfig: @@ -121,9 +121,8 @@ meshConfig: The *service* field is the OpenTelemetry collector service in the `istio-system` namespace. -[start=2] . Create an Istio telemetry resource to active the OpenTelemetry tracer - ++ [source,yaml] ---- apiVersion: telemetry.istio.io/v1 @@ -138,14 +137,12 @@ spec: randomSamplingPercentage: 100 ---- -[start=3] . Validate the integration: Generate some traffic - ++ We can link:addons.adoc#deploy-gateway-and-bookinfo[Deploy Bookinfo] and generate some traffic. -[start=4] . Validate the integration: See the traces in the UI - ++ [source,bash,subs="attributes+"] ---- kubectl get routes -n tempo tempo-sample-query-frontend-tempo @@ -169,7 +166,7 @@ If you followed <>, you c *Steps* . Create a ClusterRoleBinding for Kiali, so it can view metrics from user-workload monitoring - ++ [source,yaml] ---- apiVersion: rbac.authorization.k8s.io/v1 @@ -186,9 +183,8 @@ subjects: namespace: istio-system ---- -[start=2] . Find out the revision name of your Istio instance. In our case it is `test`. - ++ [source,console,subs="attributes+"] ---- kubectl get istiorevisions.sailoperator.io @@ -196,9 +192,8 @@ NAME READY STATUS IN USE VERSION AGE test True Healthy True v{istio_latest_version} 119m ---- -[start=3] . Create a Kiali resource and point it to your Istio instance. Make sure to replace `test` with your revision name in the fields `config_map_name`, `istio_sidecar_injector_config_map_name`, `istiod_deployment_name` and `url_service_version`. - ++ [source,yaml] ---- apiVersion: kiali.io/v1alpha1 @@ -233,7 +228,7 @@ This section describes how to setup Kiali with OpenShift Distributed Tracing to *Steps* . Setup Kiali to access traces from the Tempo frontend: - ++ [source,yaml] ---- external_services: diff --git a/docs/common/create-and-configure-gateways.adoc b/docs/common/create-and-configure-gateways.adoc index 99c3800e8..2dddfb912 100644 --- a/docs/common/create-and-configure-gateways.adoc +++ b/docs/common/create-and-configure-gateways.adoc @@ -39,28 +39,28 @@ a link:../../chart/samples/ingress-gateway.yaml[sample gateway configuration] th where the application is installed: . Create the `istio-ingressgateway` deployment and service: - ++ [source,bash,subs="attributes+"] ---- kubectl apply -f ingress-gateway.yaml ---- . Configure the `bookinfo` application with the new gateway: - ++ [source,bash,subs="attributes+"] ---- kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/networking/bookinfo-gateway.yaml ---- . On OpenShift, you can use a https://docs.openshift.com/container-platform/4.13/networking/routes/route-configuration.html[Route] to expose the gateway externally: - ++ [source,bash,subs="attributes+"] ---- kubectl expose service istio-ingressgateway ---- . Finally, obtain the gateway host name and the URL of the product page: - ++ [source,bash,subs="attributes+"] ---- HOST=$(kubectl get route istio-ingressgateway -o jsonpath='{.spec.host}') @@ -75,21 +75,21 @@ Verify that the `productpage` is accessible from a web browser. An egress gateway allows you to control outbound traffic from the service mesh, providing security and monitoring capabilities for external service access. Here's how to configure an egress gateway using gateway injection: . Create the `istio-egressgateway` namespace: - ++ [source,bash,subs="attributes+"] ---- kubectl create namespace istio-egressgateway ---- . Create the `istio-egressgateway` deployment and service using the provided https://raw.githubusercontent.com/istio-ecosystem/sail-operator/main/chart/samples/egress-gateway.yaml[sample egress gateway configuration]: - ++ [source,bash,subs="attributes+"] ---- kubectl apply -f https://raw.githubusercontent.com/istio-ecosystem/sail-operator/main/chart/samples/egress-gateway.yaml -n istio-egressgateway ---- . Configure traffic routing to use the egress gateway by creating these resources in the `istio-egressgateway` namespace. For example, to route traffic to `httpbin.org` through the egress gateway: - ++ [source,yaml] ---- apiVersion: networking.istio.io/v1beta1 @@ -168,8 +168,8 @@ spec: number: 80 ---- -Apply this configuration: - +. Apply this configuration: ++ [source,bash,subs="attributes+"] ---- kubectl apply -f egress-gateway-config.yaml @@ -177,7 +177,7 @@ kubectl apply -f egress-gateway-config.yaml . Test the egress gateway by making a request from a pod in the mesh (EG: using a bookinfo pod within the mesh): - ++ [source,bash,subs="attributes+"] ---- kubectl exec -it $(kubectl get pod -l app=productpage -o jsonpath='{.items[0].metadata.name}') -c productpage -- curl -v http://httpbin.org/get @@ -204,14 +204,14 @@ kubectl get crd gateways.gateway.networking.k8s.io &> /dev/null || { kubectl ku To configure `bookinfo` with a gateway using `Gateway API`: . Create and configure a gateway using a `Gateway` and `HTTPRoute` resource: - ++ [source,bash,subs="attributes+"] ---- kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/bookinfo/gateway-api/bookinfo-gateway.yaml ---- . Retrieve the host, port and gateway URL: - ++ [source,bash,subs="attributes+"] ---- export INGRESS_HOST=$(kubectl get gtw bookinfo-gateway -o jsonpath='{.status.addresses[0].value}') @@ -220,7 +220,7 @@ export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT ---- . Obtain the `productpage` URL and check that you can visit it from a browser: - ++ [source,bash,subs="attributes+"] ---- echo "http://{$GATEWAY_URL}/productpage" @@ -235,7 +235,7 @@ You can also use the Kubernetes Gateway API to configure an egress gateway in Is To deploy an egress gateway using the Gateway API, follow these steps: . *Create the egress gateway namespace:* - ++ [source,bash,subs="attributes+"] ---- kubectl create namespace egress-gateway @@ -243,7 +243,7 @@ kubectl label namespace egress-gateway istio-injection=enabled ---- . *Apply the sample egress gateway configuration:* - ++ We provide a sample manifest that includes a `ServiceEntry`, `Gateway`, and `HTTPRoute`s for egress to `httpbin.org` https://raw.githubusercontent.com/istio-ecosystem/sail-operator/main/chart/samples/egress-gateway-gw-api.yaml[here]: [source,bash,subs="attributes+"] @@ -257,7 +257,7 @@ This will: - Create a `HTTPRoute`s to forward traffic from the mesh pod to the gateway and from the gateway to the external service. . *Test egress traffic:* - ++ From a pod in the mesh, you can test egress traffic to `httpbin.org`. Let's create a sample curl pod: [source,bash,subs="attributes+"] @@ -293,4 +293,4 @@ cluster 'outbound|80||httpbin.org' match for URL '/get' # the egress gateway rou - Ensure the namespace has istio-injection enabled - Verify HTTPRoute status: `kubectl describe httproute -n egress-gateway` -- Check that the egress gateway pod is running: `kubectl get pods -l gateway.networking.k8s.io/gateway-name=httpbin-egress-gateway -n egress-gateway` \ No newline at end of file +- Check that the egress gateway pod is running: `kubectl get pods -l gateway.networking.k8s.io/gateway-name=httpbin-egress-gateway -n egress-gateway` diff --git a/docs/general/plugin-ca.adoc b/docs/general/plugin-ca.adoc index 2dc825914..5f3322603 100644 --- a/docs/general/plugin-ca.adoc +++ b/docs/general/plugin-ca.adoc @@ -52,163 +52,172 @@ Now, when you create your new `cacerts` secret with an intermediate certificate === Avoiding traffic disruptions To achieve the no-downtime update of the certificates, it's necessary to ensure that all workloads at any given time are trusting certificates signed by either the old root or the new intermediate (which is signed by the new root). This can be achieved by enabling Istio's multi-root support. -1. Enable the multi root support: +. Enable the multi-root support: (Prepare the `istio-patch.yaml) - Prepare`istio-patch.yaml`: - ```yaml - apiVersion: sailoperator.io/v1 - kind: Istio - spec: - values: - pilot: - env: - ISTIO_MULTIROOT_MESH: "true" - meshConfig: - defaultConfig: - proxyMetadata: - PROXY_CONFIG_XDS_AGENT: "true" - ``` ++ +---- +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + pilot: + env: + ISTIO_MULTIROOT_MESH: "true" + meshConfig: + defaultConfig: + proxyMetadata: + PROXY_CONFIG_XDS_AGENT: "true" +---- > **_NOTE:_** Visit Istio documentation for details about `ISTIO_MULTIROOT_MESH` and `PROXY_CONFIG_XDS_AGENT`. - Patch the Istio resource: - ```bash - kubectl patch Istio default --type='merge' --patch-file=istio-patch.yaml - ``` -1. Prepare new root and intermediate certificates (you should be using trusted root CA for issuing the intermediate certificate). Here we are using [tooling](https://github.com/istio/istio/tree/master/tools/certs) from the istio repository: - ```bash - mkdir -p certs - pushd certs - make -f ../tools/certs/Makefile.selfsigned.mk root-ca - make -f ../tools/certs/Makefile.selfsigned.mk intermediate-cacerts - ``` -1. Create new `cacerts` secrets with old CA certificate, key and chain and new combined root certificates: +. Patch the Istio resource: ++ +---- +kubectl patch Istio default --type='merge' --patch-file=istio-patch.yaml +---- + +. Prepare new root and intermediate certificates (you should be using trusted root CA for issuing the intermediate certificate). Here we are using [tooling](https://github.com/istio/istio/tree/master/tools/certs) from the istio repository: ++ +---- +mkdir -p certs +pushd certs +make -f ../tools/certs/Makefile.selfsigned.mk root-ca +make -f ../tools/certs/Makefile.selfsigned.mk intermediate-cacerts +---- +. Create new `cacerts` secrets with old CA certificate, key and chain and new combined root certificates: ++ > **_NOTE:_** It's necessary to assure that all workloads trust both old and new root certificates before updating the certificate used for signing workload certificates to avoid traffic disruptions. Get the certificate and the key from existing Istio CA generated secrets and prepare combined root certificates: - ```bash - kubectl get secret istio-ca-secret -n istio-system -o jsonpath={.data.'ca-cert\.pem'} | base64 -d > ca-cert.pem - kubectl get secret istio-ca-secret -n istio-system -o jsonpath={.data.'ca-key\.pem'} | base64 -d > ca-key.pem - kubectl get secret istio-ca-secret -n istio-system -o jsonpath={.data.'ca-cert\.pem'} | base64 -d > cert-chain.pem - kubectl get secret istio-ca-secret -n istio-system -o jsonpath={.data.'ca-cert\.pem'} | base64 -d > combined-root.pem - cat root-cert.pem >> combined-root.pem - ``` - Create new `cacerts` secrets: - ```bash - kubectl create secret generic cacerts -n istio-system \ - --from-file=ca-cert.pem \ - --from-file=ca-key.pem \ - --from-file=root-cert.pem=combined-root.pem \ - --from-file=cert-chain.pem - ``` -1. Restart istiod to pick up new certificates: - [source,bash,subs="attributes+"] - ---- - kubectl rollout restart deployment/istiod -n istio-system - ---- -1. Verify that all workloads are trusting both old and new roots, e.g. for httpbin: - ```bash - istioctl proxy-config secret deployment/httpbin -n httpbin -o json | jq -r '.dynamicActiveSecrets[1].secret.validationContext.trustedCa.inlineBytes' | base64 --decode - -----BEGIN CERTIFICATE----- - MIIC/TCCAeWgAwIBAgIRAOJUkqyDi0j/BlG8jizlmucwDQYJKoZIhvcNAQELBQAw - GDEWMBQGA1UEChMNY2x1c3Rlci5sb2NhbDAeFw0yNTA2MjQxMjA4NDNaFw0zNTA2 - MjIxMjA4NDNaMBgxFjAUBgNVBAoTDWNsdXN0ZXIubG9jYWwwggEiMA0GCSqGSIb3 - DQEBAQUAA4IBDwAwggEKAoIBAQD+VPnSrL8JcESAaQT8xewSqacNfhDOpBT36HgR - UFx1TFPR+dw4uZDlFW+ANOffE2HGVj9sXhA69p51xfISdOYeneZRzd68k6mjZkXV - 0kXB6wf52T/T0NRkprq+17g5jgxbXEu+yvfeEUbL3GLx6NJCkgzHH3zaqBf0nZDX - tfVM14/uep2rGXIRf3/hnwO3qff0uRVLJebE/9lV6cOE1pbUPU4qPA7NEgiFqzzp - ap2FL1MoXa2ptYJ0kX7ZCobXDbOD5IIrFWC+MI2dDLL409EjIv5R22An4TiVV0Qx - oGkvdC5CXYrDes37jJsIdpMxzFBWeESxTd+w8bxXJiPzKOlTAgMBAAGjQjBAMA4G - A1UdDwEB/wQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTJjPo79+xn - WXWG+MSAf5i1nEOdBDANBgkqhkiG9w0BAQsFAAOCAQEAuOUF+zT90k4180bObsTS - QeRAKBp+A9tRIqHSt7kg4QSJFz+KeoQ1CResuquydVtFwJ84ulfATqL6IbfzUWiF - nWgNlQ/fVvW3MS1/0ZjA6qHr5LJABu8ouwsOqo9tWJifKYl6cD7InoKgViLGssL0 - guQzV+mJ8TY8s8RhtB5H5ZQ9nm9/c6Qy4RuoECf9e3PfY/hwNgLXcHIWgBinxYrt - 6N5/96gZ77nUDtbI4qBuHxiGZ0rxcGFJ+/fJTUbKV+QKuF16GRxURUfoyJ5iL9Si - AnmwFWYxglgunft9xqW6tg/+0v8J9hcO1uxe3M0LXj4xh5BUCAtOuGaPcE1uHBtI - qQ== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIFFDCCAvygAwIBAgIULu/YsgYLAcQ1kPc8kyzkDEGjhS8wDQYJKoZIhvcNAQEL - BQAwIjEOMAwGA1UECgwFSXN0aW8xEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjUwNjI0 - MTIxMTA3WhcNMzUwNjIyMTIxMTA3WjAiMQ4wDAYDVQQKDAVJc3RpbzEQMA4GA1UE - AwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJaj/7VE - AdTGAJoylinnqNzuKKV2ZRV6yqFhMeVknRWl4nGOuJp58sQPO0DXG2uxv1Oi6hKo - Q8A2uL3ReQVt60VqrVvoFKFFaBnicnJ9XWOzZWx07uz7PoBc9llj+azUuSrTOWF5 - wxtQ1RHM/v2fPyzoNQMwj6Xohggh1JboFUW09IRXmoDW/HNVuFdoDtlk47ZAeI7S - 9z3yHMhTlOJ1tDrQqQgh2booBfm8DhoDtdIkFCjG9kKj9nB2Wz4hM160fneAlg5m - aP0TZSECfWq3I0QCadXmveUth6jvU+0TI54O/O6/w/Tm9Sd0VuswoKkxFAH+PgJF - /8FifH3BWi0dmLRBSPVBlJiUloFtXeZAsYGjHVlz2hs0R1cL8D0STJwWgLTQGnak - CY9j7S/3CwGKMfuCxxDbFDhCcEoFDC4kO6CyU7GXNN8DZhZSBIjXF5Gj1Ua93Co/ - lmISOxVrFNCEdDODFLEe1dgffUn0m4kWUWaQzbsLWqFQFx1YZs0FjQ61Ap6Y8QjR - edhmTGROCZRm9y4HrHRAZJ2poIfXOSJgkyfu/o7kvkO/zhamYKNbmBMJGvlw7JdS - waMp4I5kFNql27AAFJVG1lyFGagr7fi7wDsY8ohRB5V/mFV1Hu06Ukz03Z+s5+hj - 6c2mPxoO5c/hY7QVt8G2gvYkvRpek2iI1IFHAgMBAAGjQjBAMB0GA1UdDgQWBBTB - thIKcqmem8YGPAkkqvkUdptflDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE - AwIC5DANBgkqhkiG9w0BAQsFAAOCAgEAdE95pB1JOlmZkR9WEXb8F81FESti/z2V - nKkAQsYui39UK3jK93cMRg2axxLH/3hXxLJcVNZ/iV5aTNhL9naatui3dMz0zLBk - 2CduGwctlBooJzOa4c2jUbhpdycyIjsHFd6l9ezrWY/JOf1oLwwjNwPa1AO+VOt+ - ZC4tf4j/O0Q+6ThhGQfZVr0X6UN/jWV89Wpo00QsyACwcn2izbx9o25KSGioNJeS - ZcwpgbW1jzASSEUeklqyc1gfZgxM7HyHC+GUV/QSfJugUB4glyUZzpz6gTZWL6N5 - aq5xkQBSUAP8nOmy4aIAEEx4clL03iq62xbwamzjtET5M5NqRIPc2V2cZqQhs0TJ - iiGT98SBu2IydDGPXI/rruujShrIhmJ9WwiaPBdHBnSQQ+AkeDvA3AOcgFmy6Mbs - HfJ5vvwxtPYLc8VPNGWKlu+Jbknea+N5izpdSca+TqfqQ+QwVpcbAGgplT5CqmHU - Ap0ytVizhMxJpMMDU1GZ2C90SCX9N9hnD/Who/Py1BfbjEvBD9TuNdQ14cRWHDmU - Xmyv/zsOhCBskS7bnQNLqhBUS4JMvSDCb0CUMEzmGzJDCGXOTeYs2d1mcNTvDkLS - Hgv1jKTfpRXP4pMFOGGMY9XC3OYK/TtVhDAyrWewREMNQTtBKSEj2S6R5rT5MD02 - ir4ltxRVyHM= - -----END CERTIFICATE----- - ``` +---- +kubectl get secret istio-ca-secret -n istio-system -o jsonpath={.data.'ca-cert\.pem'} | base64 -d > ca-cert.pem +kubectl get secret istio-ca-secret -n istio-system -o jsonpath={.data.'ca-key\.pem'} | base64 -d > ca-key.pem +kubectl get secret istio-ca-secret -n istio-system -o jsonpath={.data.'ca-cert\.pem'} | base64 -d > cert-chain.pem +kubectl get secret istio-ca-secret -n istio-system -o jsonpath={.data.'ca-cert\.pem'} | base64 -d > combined-root.pem +cat root-cert.pem >> combined-root.pem +---- + +. Create new `cacerts` secrets: ++ +---- +kubectl create secret generic cacerts -n istio-system \ + --from-file=ca-cert.pem \ + --from-file=ca-key.pem \ + --from-file=root-cert.pem=combined-root.pem \ + --from-file=cert-chain.pem +---- +. Restart istiod to pick up new certificates: ++ +[source,bash,subs="attributes+"] +---- +kubectl rollout restart deployment/istiod -n istio-system +---- +. Verify that all workloads are trusting both old and new roots, e.g. for httpbin: ++ +---- +istioctl proxy-config secret deployment/httpbin -n httpbin -o json | jq -r '.dynamicActiveSecrets[1].secret.validationContext.trustedCa.inlineBytes' | base64 --decode +-----BEGIN CERTIFICATE----- +MIIC/TCCAeWgAwIBAgIRAOJUkqyDi0j/BlG8jizlmucwDQYJKoZIhvcNAQELBQAw +GDEWMBQGA1UEChMNY2x1c3Rlci5sb2NhbDAeFw0yNTA2MjQxMjA4NDNaFw0zNTA2 +MjIxMjA4NDNaMBgxFjAUBgNVBAoTDWNsdXN0ZXIubG9jYWwwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQD+VPnSrL8JcESAaQT8xewSqacNfhDOpBT36HgR +UFx1TFPR+dw4uZDlFW+ANOffE2HGVj9sXhA69p51xfISdOYeneZRzd68k6mjZkXV +0kXB6wf52T/T0NRkprq+17g5jgxbXEu+yvfeEUbL3GLx6NJCkgzHH3zaqBf0nZDX +tfVM14/uep2rGXIRf3/hnwO3qff0uRVLJebE/9lV6cOE1pbUPU4qPA7NEgiFqzzp +ap2FL1MoXa2ptYJ0kX7ZCobXDbOD5IIrFWC+MI2dDLL409EjIv5R22An4TiVV0Qx +oGkvdC5CXYrDes37jJsIdpMxzFBWeESxTd+w8bxXJiPzKOlTAgMBAAGjQjBAMA4G +A1UdDwEB/wQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTJjPo79+xn +WXWG+MSAf5i1nEOdBDANBgkqhkiG9w0BAQsFAAOCAQEAuOUF+zT90k4180bObsTS +QeRAKBp+A9tRIqHSt7kg4QSJFz+KeoQ1CResuquydVtFwJ84ulfATqL6IbfzUWiF +nWgNlQ/fVvW3MS1/0ZjA6qHr5LJABu8ouwsOqo9tWJifKYl6cD7InoKgViLGssL0 +guQzV+mJ8TY8s8RhtB5H5ZQ9nm9/c6Qy4RuoECf9e3PfY/hwNgLXcHIWgBinxYrt +6N5/96gZ77nUDtbI4qBuHxiGZ0rxcGFJ+/fJTUbKV+QKuF16GRxURUfoyJ5iL9Si +AnmwFWYxglgunft9xqW6tg/+0v8J9hcO1uxe3M0LXj4xh5BUCAtOuGaPcE1uHBtI +qQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFFDCCAvygAwIBAgIULu/YsgYLAcQ1kPc8kyzkDEGjhS8wDQYJKoZIhvcNAQEL +BQAwIjEOMAwGA1UECgwFSXN0aW8xEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjUwNjI0 +MTIxMTA3WhcNMzUwNjIyMTIxMTA3WjAiMQ4wDAYDVQQKDAVJc3RpbzEQMA4GA1UE +AwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJaj/7VE +AdTGAJoylinnqNzuKKV2ZRV6yqFhMeVknRWl4nGOuJp58sQPO0DXG2uxv1Oi6hKo +Q8A2uL3ReQVt60VqrVvoFKFFaBnicnJ9XWOzZWx07uz7PoBc9llj+azUuSrTOWF5 +wxtQ1RHM/v2fPyzoNQMwj6Xohggh1JboFUW09IRXmoDW/HNVuFdoDtlk47ZAeI7S +9z3yHMhTlOJ1tDrQqQgh2booBfm8DhoDtdIkFCjG9kKj9nB2Wz4hM160fneAlg5m +aP0TZSECfWq3I0QCadXmveUth6jvU+0TI54O/O6/w/Tm9Sd0VuswoKkxFAH+PgJF +/8FifH3BWi0dmLRBSPVBlJiUloFtXeZAsYGjHVlz2hs0R1cL8D0STJwWgLTQGnak +CY9j7S/3CwGKMfuCxxDbFDhCcEoFDC4kO6CyU7GXNN8DZhZSBIjXF5Gj1Ua93Co/ +lmISOxVrFNCEdDODFLEe1dgffUn0m4kWUWaQzbsLWqFQFx1YZs0FjQ61Ap6Y8QjR +edhmTGROCZRm9y4HrHRAZJ2poIfXOSJgkyfu/o7kvkO/zhamYKNbmBMJGvlw7JdS +waMp4I5kFNql27AAFJVG1lyFGagr7fi7wDsY8ohRB5V/mFV1Hu06Ukz03Z+s5+hj +6c2mPxoO5c/hY7QVt8G2gvYkvRpek2iI1IFHAgMBAAGjQjBAMB0GA1UdDgQWBBTB +thIKcqmem8YGPAkkqvkUdptflDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIC5DANBgkqhkiG9w0BAQsFAAOCAgEAdE95pB1JOlmZkR9WEXb8F81FESti/z2V +nKkAQsYui39UK3jK93cMRg2axxLH/3hXxLJcVNZ/iV5aTNhL9naatui3dMz0zLBk +2CduGwctlBooJzOa4c2jUbhpdycyIjsHFd6l9ezrWY/JOf1oLwwjNwPa1AO+VOt+ +ZC4tf4j/O0Q+6ThhGQfZVr0X6UN/jWV89Wpo00QsyACwcn2izbx9o25KSGioNJeS +ZcwpgbW1jzASSEUeklqyc1gfZgxM7HyHC+GUV/QSfJugUB4glyUZzpz6gTZWL6N5 +aq5xkQBSUAP8nOmy4aIAEEx4clL03iq62xbwamzjtET5M5NqRIPc2V2cZqQhs0TJ +iiGT98SBu2IydDGPXI/rruujShrIhmJ9WwiaPBdHBnSQQ+AkeDvA3AOcgFmy6Mbs +HfJ5vvwxtPYLc8VPNGWKlu+Jbknea+N5izpdSca+TqfqQ+QwVpcbAGgplT5CqmHU +Ap0ytVizhMxJpMMDU1GZ2C90SCX9N9hnD/Who/Py1BfbjEvBD9TuNdQ14cRWHDmU +Xmyv/zsOhCBskS7bnQNLqhBUS4JMvSDCb0CUMEzmGzJDCGXOTeYs2d1mcNTvDkLS +Hgv1jKTfpRXP4pMFOGGMY9XC3OYK/TtVhDAyrWewREMNQTtBKSEj2S6R5rT5MD02 +ir4ltxRVyHM= +-----END CERTIFICATE----- +---- > **_NOTE:_** It might be necessary to restart the workload if you only see one certificate. -1. Update `combined-root.pem` by adding the new root certificate again. Using updated `root-cert.pem` will trigger a rotation of workload certificates even without a need to restart the workloads: - [source,bash,subs="attributes+"] - ---- - cat root-cert.pem >> combined-root.pem - ---- -1. Update `cacerts` secrets to use the new intermediate certificate, key and chain and updated combined root certificates: - [source,bash,subs="attributes+"] - ---- - kubectl delete secret cacerts -n istio-system --ignore-not-found && \ - kubectl create secret generic cacerts -n istio-system \ - --from-file=intermediate/ca-cert.pem \ - --from-file=intermediate/ca-key.pem \ - --from-file=root-cert.pem=combined-root.pem \ - --from-file=intermediate/cert-chain.pem - ---- -1. Restart istiod to pick up new certificates: - [source,bash,subs="attributes+"] - ---- - kubectl rollout restart deployment/istiod -n istio-system - ---- -1. Verify that workloads certificates have been rotated and issued by the new intermediate CA: - [source,bash,subs="attributes+"] - ---- - istioctl proxy-config secret deployment/httpbin -n httpbin -o json | jq -r '.dynamicActiveSecrets[0].secret.tlsCertificate.certificateChain.inlineBytes' | base64 -d | openssl x509 -text -noout - Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 37:dc:72:ad:e1:ae:06:e3:0d:fd:3d:61:bb:37:10:16 - Signature Algorithm: sha256WithRSAEncryption - Issuer: O=Istio, CN=Intermediate CA, L=intermediate - Validity - Not Before: Jun 19 15:54:04 2025 GMT - Not After : Jun 20 15:56:04 2025 GMT - ... - ---- -1. Remove old root certificate: - [source,bash,subs="attributes+"] - ---- - kubectl delete secret cacerts -n istio-system --ignore-not-found && \ - kubectl create secret generic cacerts -n istio-system \ - --from-file=intermediate/ca-cert.pem \ - --from-file=intermediate/ca-key.pem \ - --from-file=root-cert.pem \ - --from-file=intermediate/cert-chain.pem - ---- -1. Restart istiod to pick up new certificates: - [source,bash,subs="attributes+"] - ---- - kubectl rollout restart deployment/istiod -n istio-system - ---- +. Update `combined-root.pem` by adding the new root certificate again. Using updated `root-cert.pem` will trigger a rotation of workload certificates even without a need to restart the workloads: ++ +---- +cat root-cert.pem >> combined-root.pem +---- +. Update `cacerts` secrets to use the new intermediate certificate, key and chain and updated combined root certificates: ++ +[source,bash,subs="attributes+"] +---- +kubectl delete secret cacerts -n istio-system --ignore-not-found && \ +kubectl create secret generic cacerts -n istio-system \ + --from-file=intermediate/ca-cert.pem \ + --from-file=intermediate/ca-key.pem \ + --from-file=root-cert.pem=combined-root.pem \ + --from-file=intermediate/cert-chain.pem +---- +. Restart istiod to pick up new certificates: ++ +---- +kubectl rollout restart deployment/istiod -n istio-system +---- +. Verify that workloads certificates have been rotated and issued by the new intermediate CA: ++ +---- +istioctl proxy-config secret deployment/httpbin -n httpbin -o json | jq -r '.dynamicActiveSecrets[0].secret.tlsCertificate.certificateChain.inlineBytes' | base64 -d | openssl x509 -text -noout +Certificate: +Data: + Version: 3 (0x2) + Serial Number: + 37:dc:72:ad:e1:ae:06:e3:0d:fd:3d:61:bb:37:10:16 + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=Istio, CN=Intermediate CA, L=intermediate + Validity + Not Before: Jun 19 15:54:04 2025 GMT + Not After : Jun 20 15:56:04 2025 GMT +... +---- +. Remove old root certificate: ++ +---- +kubectl delete secret cacerts -n istio-system --ignore-not-found && \ +kubectl create secret generic cacerts -n istio-system \ + --from-file=intermediate/ca-cert.pem \ + --from-file=intermediate/ca-key.pem \ + --from-file=root-cert.pem \ + --from-file=intermediate/cert-chain.pem +---- +. Restart istiod to pick up new certificates: ++ +---- +kubectl rollout restart deployment/istiod -n istio-system +---- -At this point, rotation of the new intermediate certificate will be much simpler as long as it's issued by the same root CA. \ No newline at end of file +At this point, rotation of the new intermediate certificate will be much simpler as long as it's issued by the same root CA. diff --git a/docs/update-strategy/update-strategy.adoc b/docs/update-strategy/update-strategy.adoc index 727d2f668..132aead70 100644 --- a/docs/update-strategy/update-strategy.adoc +++ b/docs/update-strategy/update-strategy.adoc @@ -37,14 +37,14 @@ Prerequisites: Steps: . Create the `istio-system` namespace. - ++ [source,bash,subs="attributes+",name="inplace-update-strategy"] ---- kubectl create namespace istio-system ---- . Create the `Istio` resource. - ++ [source,bash,subs="attributes+",name="inplace-update-strategy"] ---- cat < Date: Tue, 27 Jan 2026 01:03:41 -0500 Subject: [PATCH 13/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1546) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/values_types.gen.go | 2 +- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 6 ++-- bundle/manifests/sailoperator.io_istios.yaml | 6 ++-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 6 ++-- chart/crds/sailoperator.io_istios.yaml | 6 ++-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 12 ++++---- go.mod | 10 +++---- go.sum | 20 ++++++------- pkg/istioversion/versions.yaml | 18 ++++++------ ...6b06cd450a7338db8f88463d9adb1e75f.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 7 +++++ .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 10 ++++++- ...6b06cd450a7338db8f88463d9adb1e75f.tgz.etag | 1 + resources/v1.30-alpha.8a7ac6f6/commit | 1 + ...6b06cd450a7338db8f88463d9adb1e75f.tgz.etag | 1 + ...6b06cd450a7338db8f88463d9adb1e75f.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...6b06cd450a7338db8f88463d9adb1e75f.tgz.etag | 1 + ...686458842f328ff53f0d985ec1fa6df5e.tgz.etag | 1 - ...686458842f328ff53f0d985ec1fa6df5e.tgz.etag | 1 - resources/v1.30-alpha.eab5fb06/commit | 1 - ...686458842f328ff53f0d985ec1fa6df5e.tgz.etag | 1 - ...686458842f328ff53f0d985ec1fa6df5e.tgz.etag | 1 - ...686458842f328ff53f0d985ec1fa6df5e.tgz.etag | 1 - 222 files changed, 125 insertions(+), 110 deletions(-) create mode 100644 resources/v1.30-alpha.8a7ac6f6/base-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/README.md (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/templates/daemonset.yaml (97%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/charts/ztunnel/values.yaml (94%) create mode 100644 resources/v1.30-alpha.8a7ac6f6/cni-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag create mode 100644 resources/v1.30-alpha.8a7ac6f6/commit create mode 100644 resources/v1.30-alpha.8a7ac6f6/gateway-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag create mode 100644 resources/v1.30-alpha.8a7ac6f6/istiod-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.eab5fb06 => v1.30-alpha.8a7ac6f6}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.8a7ac6f6/ztunnel-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag delete mode 100644 resources/v1.30-alpha.eab5fb06/base-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag delete mode 100644 resources/v1.30-alpha.eab5fb06/cni-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag delete mode 100644 resources/v1.30-alpha.eab5fb06/commit delete mode 100644 resources/v1.30-alpha.eab5fb06/gateway-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag delete mode 100644 resources/v1.30-alpha.eab5fb06/istiod-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag delete mode 100644 resources/v1.30-alpha.eab5fb06/ztunnel-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index d2cea97d2..8602d52e8 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.eab5fb06 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.8a7ac6f6 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 9819d8a42..e508306ee 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.eab5fb06 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.8a7ac6f6 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 8fc69e720..ce4a1b437 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eab5fb06. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.eab5fb06 + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.8a7ac6f6. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.8a7ac6f6 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/values_types.gen.go b/api/v1/values_types.gen.go index f9ae09ed1..020e1c120 100644 --- a/api/v1/values_types.gen.go +++ b/api/v1/values_types.gen.go @@ -4066,7 +4066,7 @@ type MeshConfigProxyConfig struct { // Optional. FileFlushMinSizeKb *uint32 `json:"fileFlushMinSizeKb,omitempty"` // Offer HTTP compression for stats - // Defaults to false. + // Defaults to true. // Optional. StatsCompression *bool `json:"statsCompression,omitempty"` } diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 1023f7769..22efbc46a 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.eab5fb06 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.8a7ac6f6 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 91449b58f..84c0057b3 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.eab5fb06 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.8a7ac6f6 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index a0ae05982..412ec0263 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-01-23T05:09:58Z" + createdAt: "2026-01-27T05:10:32Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eab5fb06. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.8a7ac6f6. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eab5fb06 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.eab5fb06 + - v1.30-alpha.8a7ac6f6 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_eab5fb06.cni: gcr.io/istio-testing/install-cni:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e - images.v1_30-alpha_eab5fb06.istiod: gcr.io/istio-testing/pilot:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e - images.v1_30-alpha_eab5fb06.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e - images.v1_30-alpha_eab5fb06.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e + images.v1_30-alpha_8a7ac6f6.cni: gcr.io/istio-testing/install-cni:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f + images.v1_30-alpha_8a7ac6f6.istiod: gcr.io/istio-testing/pilot:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f + images.v1_30-alpha_8a7ac6f6.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f + images.v1_30-alpha_8a7ac6f6.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 0a8bb4a3c..31940c7e5 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.eab5fb06 + - v1.30-alpha.8a7ac6f6 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index aeb828780..7649d0412 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -3820,7 +3820,7 @@ spec: statsCompression: description: |- Offer HTTP compression for stats - Defaults to false. + Defaults to true. Optional. type: boolean statsdUdpAddress: @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eab5fb06. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.8a7ac6f6. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.eab5fb06 + - v1.30-alpha.8a7ac6f6 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 8d536c23f..1d7f4547f 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -3893,7 +3893,7 @@ spec: statsCompression: description: |- Offer HTTP compression for stats - Defaults to false. + Defaults to true. Optional. type: boolean statsdUdpAddress: @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.eab5fb06 + - v1.30-alpha.8a7ac6f6 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 56072fa22..7cc977796 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.eab5fb06 + - v1.30-alpha.8a7ac6f6 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.eab5fb06 + - v1.30-alpha.8a7ac6f6 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 36cdc3459..2f3a5860f 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.eab5fb06 + - v1.30-alpha.8a7ac6f6 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index b4093c9dc..bb58186f8 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -3820,7 +3820,7 @@ spec: statsCompression: description: |- Offer HTTP compression for stats - Defaults to false. + Defaults to true. Optional. type: boolean statsdUdpAddress: @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eab5fb06. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.8a7ac6f6. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.eab5fb06 + - v1.30-alpha.8a7ac6f6 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 39a03bf33..2d6a631e8 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -3893,7 +3893,7 @@ spec: statsCompression: description: |- Offer HTTP compression for stats - Defaults to false. + Defaults to true. Optional. type: boolean statsdUdpAddress: @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.eab5fb06 + - v1.30-alpha.8a7ac6f6 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 7d2bccfa8..94ff5a7f9 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.eab5fb06 + - v1.30-alpha.8a7ac6f6 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.eab5fb06 + - v1.30-alpha.8a7ac6f6 type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index 2267797e7..a398b0655 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_eab5fb06.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e - images.v1_30-alpha_eab5fb06.istiod: gcr.io/istio-testing/pilot:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e - images.v1_30-alpha_eab5fb06.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e - images.v1_30-alpha_eab5fb06.cni: gcr.io/istio-testing/install-cni:1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e + images.v1_30-alpha_8a7ac6f6.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f + images.v1_30-alpha_8a7ac6f6.istiod: gcr.io/istio-testing/pilot:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f + images.v1_30-alpha_8a7ac6f6.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f + images.v1_30-alpha_8a7ac6f6.cni: gcr.io/istio-testing/install-cni:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.eab5fb06 + - v1.30-alpha.8a7ac6f6 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index de51de2e6..45e5ff852 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.eab5fb06] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.8a7ac6f6] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eab5fb06. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.eab5fb06] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.8a7ac6f6. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.8a7ac6f6] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.eab5fb06] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.8a7ac6f6] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -2071,7 +2071,7 @@ _Appears in:_ | `proxyHeaders` _[ProxyConfigProxyHeaders](#proxyconfigproxyheaders)_ | Define the set of headers to add/modify for HTTP request/responses. To enable an optional header, simply set the field. If no specific configuration is required, an empty object (`\{\}`) will enable it. Note: currently all headers are enabled by default. Below shows an example of customizing the `server` header and disabling the `X-Envoy-Attempt-Count` header: ```yaml proxyHeaders: server: value: "my-custom-server" # Explicitly enable Request IDs. # As this is the default, this has no effect. requestId: \{\} attemptCount: disabled: true ``` # Below shows an example of preserving the header case for HTTP 1.x requests ```yaml proxyHeaders: preserveHttp1HeaderCase: true ``` Some headers are enabled by default, and require explicitly disabling. See below for an example of disabling all default-enabled headers: ```yaml proxyHeaders: forwardedClientCert: SANITIZE server: disabled: true requestId: disabled: true attemptCount: disabled: true envoyDebugHeaders: disabled: true metadataExchangeHeaders: mode: IN_MESH ``` | | | | `fileFlushInterval` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#duration-v1-meta)_ | File flush interval for envoy flushes buffers to disk in milliseconds. The duration needs to be set to a value greater than or equal to 1 millisecond. Default is 1000ms. Optional. | | | | `fileFlushMinSizeKb` _integer_ | File flush buffer size for envoy flushes buffers to disk in kilobytes. Defaults to 64. Optional. | | | -| `statsCompression` _boolean_ | Offer HTTP compression for stats Defaults to false. Optional. | | | +| `statsCompression` _boolean_ | Offer HTTP compression for stats Defaults to true. Optional. | | | #### MeshConfigProxyPathNormalization @@ -3524,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.eab5fb06] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.8a7ac6f6] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3690,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eab5fb06. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.eab5fb06] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.8a7ac6f6] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index a988c0cca..f32ed9fac 100644 --- a/go.mod +++ b/go.mod @@ -24,14 +24,14 @@ require ( gomodules.xyz/jsonpatch/v2 v2.5.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 - istio.io/client-go v1.29.0-alpha.0.0.20260121180928-8a76f0b496fd - istio.io/istio v0.0.0-20260123024029-eab5fb068645 + istio.io/client-go v1.29.0-alpha.0.0.20260126233326-65dae2164fa2 + istio.io/istio v0.0.0-20260127031141-8a7ac6f6b06c k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 k8s.io/cli-runtime v0.35.0 k8s.io/client-go v0.35.0 - sigs.k8s.io/controller-runtime v0.23.0 + sigs.k8s.io/controller-runtime v0.23.1 ) require ( @@ -169,7 +169,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - istio.io/api v1.29.0-alpha.0.0.20260121180630-6caf94532f72 // indirect + istio.io/api v1.29.0-alpha.0.0.20260126233127-4914fc685fb3 // indirect k8s.io/apiserver v0.35.0 // indirect k8s.io/component-base v0.35.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect @@ -183,6 +183,6 @@ require ( sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.1 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 // indirect sigs.k8s.io/yaml v1.6.0 // indirect ) diff --git a/go.sum b/go.sum index 40c513413..f6780c872 100644 --- a/go.sum +++ b/go.sum @@ -470,12 +470,12 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= helm.sh/helm/v3 v3.18.6 h1:S/2CqcYnNfLckkHLI0VgQbxgcDaU3N4A/46E3n9wSNY= helm.sh/helm/v3 v3.18.6/go.mod h1:L/dXDR2r539oPlFP1PJqKAC1CUgqHJDLkxKpDGrWnyg= -istio.io/api v1.29.0-alpha.0.0.20260121180630-6caf94532f72 h1:2U4teAcER/xDNIdaiieNUBeeMNLzpThPQuEuFegjUGE= -istio.io/api v1.29.0-alpha.0.0.20260121180630-6caf94532f72/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= -istio.io/client-go v1.29.0-alpha.0.0.20260121180928-8a76f0b496fd h1:q1uDf5Vug687vToNAO8rAfQoP94N4CUPew4cZZtOUV0= -istio.io/client-go v1.29.0-alpha.0.0.20260121180928-8a76f0b496fd/go.mod h1:ZBmwk7ji2+WXbBNjPli//CINU3vnZm7+WN8LWoxTLks= -istio.io/istio v0.0.0-20260123024029-eab5fb068645 h1:Gb0fR+BSbzfsr1/ADcIz+UdeBAHIpbeNPsi3BH5nXiI= -istio.io/istio v0.0.0-20260123024029-eab5fb068645/go.mod h1:XnbzpbAp+DxUmnZTybt6FVyabxSJ/5R2du3jzutRymY= +istio.io/api v1.29.0-alpha.0.0.20260126233127-4914fc685fb3 h1:S1MUMQKSCtP4p+Qn159qKrIghMs10maNvo4sF6YHuW0= +istio.io/api v1.29.0-alpha.0.0.20260126233127-4914fc685fb3/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= +istio.io/client-go v1.29.0-alpha.0.0.20260126233326-65dae2164fa2 h1:LRVdFc7s8pXaLpVsPRzOOWareyixXwbAW/reLB3KR7M= +istio.io/client-go v1.29.0-alpha.0.0.20260126233326-65dae2164fa2/go.mod h1:hYl9NytvyOGLcFT5ZPJwk+NiepyelwRwCZUYK7aavug= +istio.io/istio v0.0.0-20260127031141-8a7ac6f6b06c h1:pICc8n/Zz6fcDjU0+4N/Xv6115rt5D5iIjDe8uSkHOI= +istio.io/istio v0.0.0-20260127031141-8a7ac6f6b06c/go.mod h1:qgHT7zOGNgo0IMDEc+MGOtJvS/+XxNl5MTHvOZx0tsM= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= @@ -502,8 +502,8 @@ oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.32.1 h1:Cf+ed5N8038zbsaXFO7mKQDi/+VcSRafb0jM84KX5so= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.32.1/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= -sigs.k8s.io/controller-runtime v0.23.0 h1:Ubi7klJWiwEWqDY+odSVZiFA0aDSevOCXpa38yCSYu8= -sigs.k8s.io/controller-runtime v0.23.0/go.mod h1:DBOIr9NsprUqCZ1ZhsuJ0wAnQSIxY/C6VjZbmLgw0j0= +sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= +sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/controller-tools v0.14.0 h1:rnNoCC5wSXlrNoBKKzL70LNJKIQKEzT6lloG6/LF73A= sigs.k8s.io/controller-tools v0.14.0/go.mod h1:TV7uOtNNnnR72SpzhStvPkoS/U5ir0nMudrkrC4M9Sc= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= @@ -514,7 +514,7 @@ sigs.k8s.io/kustomize/kyaml v0.20.1 h1:PCMnA2mrVbRP3NIB6v9kYCAc38uvFLVs8j/CD567A sigs.k8s.io/kustomize/kyaml v0.20.1/go.mod h1:0EmkQHRUsJxY8Ug9Niig1pUMSCGHxQ5RklbpV/Ri6po= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1 h1:JrhdFMqOd/+3ByqlP2I45kTOZmTRLBUm5pvRjeheg7E= -sigs.k8s.io/structured-merge-diff/v6 v6.3.1/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 h1:2WOzJpHUBVrrkDjU4KBT8n5LDcj824eX0I5UKcgeRUs= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 962fbe519..54f7d552e 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.eab5fb06 - - name: v1.30-alpha.eab5fb06 - version: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e + ref: v1.30-alpha.8a7ac6f6 + - name: v1.30-alpha.8a7ac6f6 + version: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f repo: https://github.com/istio/istio branch: master - commit: eab5fb0686458842f328ff53f0d985ec1fa6df5e + commit: 8a7ac6f6b06cd450a7338db8f88463d9adb1e75f charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e/helm/base-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e/helm/cni-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e/helm/gateway-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e/helm/istiod-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e/helm/ztunnel-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f/helm/base-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f/helm/cni-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f/helm/gateway-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f/helm/istiod-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f/helm/ztunnel-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz diff --git a/resources/v1.30-alpha.8a7ac6f6/base-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag b/resources/v1.30-alpha.8a7ac6f6/base-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag new file mode 100644 index 000000000..7b39d1834 --- /dev/null +++ b/resources/v1.30-alpha.8a7ac6f6/base-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag @@ -0,0 +1 @@ +eaff15337aeec368e3e452ce43da7a75 diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/Chart.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.eab5fb06/charts/base/Chart.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/Chart.yaml index a260720c9..cb3b785f0 100644 --- a/resources/v1.30-alpha.eab5fb06/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.8a7ac6f6/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e +appVersion: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e +version: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/README.md b/resources/v1.30-alpha.8a7ac6f6/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/README.md rename to resources/v1.30-alpha.8a7ac6f6/charts/base/README.md diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.8a7ac6f6/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.8a7ac6f6/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/base/values.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/base/values.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/base/values.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/Chart.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.eab5fb06/charts/cni/Chart.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/Chart.yaml index 4a4ea7d1a..33ea9e5d8 100644 --- a/resources/v1.30-alpha.eab5fb06/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.8a7ac6f6/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e +appVersion: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e +version: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/README.md b/resources/v1.30-alpha.8a7ac6f6/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/README.md rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/README.md diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/cni/values.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.eab5fb06/charts/cni/values.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/cni/values.yaml index e44b543ce..b0b90b5ce 100644 --- a/resources/v1.30-alpha.eab5fb06/charts/cni/values.yaml +++ b/resources/v1.30-alpha.8a7ac6f6/charts/cni/values.yaml @@ -153,7 +153,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e + tag: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/Chart.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/Chart.yaml index 9d6a562c7..1b0136d7e 100644 --- a/resources/v1.30-alpha.eab5fb06/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e +appVersion: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e +version: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/README.md b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/README.md rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/README.md diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/values.schema.json b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/values.schema.json rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.eab5fb06/charts/gateway/values.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/gateway/values.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/Chart.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/Chart.yaml index 07467202e..130c48442 100644 --- a/resources/v1.30-alpha.eab5fb06/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e +appVersion: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e +version: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/README.md b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/README.md rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/README.md diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/istiod/values.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.eab5fb06/charts/istiod/values.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/istiod/values.yaml index a957f5147..a282440bf 100644 --- a/resources/v1.30-alpha.eab5fb06/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.8a7ac6f6/charts/istiod/values.yaml @@ -254,7 +254,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e + tag: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/Chart.yaml index 02278ab28..4c2e4d8df 100644 --- a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e +appVersion: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/values.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.eab5fb06/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/values.yaml index a957f5147..a282440bf 100644 --- a/resources/v1.30-alpha.eab5fb06/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/values.yaml @@ -254,7 +254,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e + tag: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/Chart.yaml index 321f30319..04dbf1ad3 100644 --- a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e +appVersion: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e +version: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/README.md b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/README.md rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/daemonset.yaml similarity index 97% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/daemonset.yaml index 2c85867a0..cb5451a79 100644 --- a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/daemonset.yaml +++ b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/daemonset.yaml @@ -52,6 +52,13 @@ spec: {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | trim | indent 8 }} +{{- end }} +{{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy }} +{{- end }} +{{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | trim | indent 8 }} {{- end }} containers: - name: istio-proxy diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/values.yaml b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/values.yaml similarity index 94% rename from resources/v1.30-alpha.eab5fb06/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/values.yaml index 3bb88b04c..b6f7fe1fe 100644 --- a/resources/v1.30-alpha.eab5fb06/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e + tag: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" @@ -144,3 +144,11 @@ _internal_defaults_do_not_set: rollingUpdate: maxSurge: 1 maxUnavailable: 0 + + # DNS policy for the ztunnel pod + # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy + dnsPolicy: "" + + # DNS config for the ztunnel pod + # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config + dnsConfig: {} diff --git a/resources/v1.30-alpha.8a7ac6f6/cni-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag b/resources/v1.30-alpha.8a7ac6f6/cni-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag new file mode 100644 index 000000000..3bb680a36 --- /dev/null +++ b/resources/v1.30-alpha.8a7ac6f6/cni-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag @@ -0,0 +1 @@ +54ede8472298749d433ad47dae5dfe99 diff --git a/resources/v1.30-alpha.8a7ac6f6/commit b/resources/v1.30-alpha.8a7ac6f6/commit new file mode 100644 index 000000000..2e9098f6c --- /dev/null +++ b/resources/v1.30-alpha.8a7ac6f6/commit @@ -0,0 +1 @@ +8a7ac6f6b06cd450a7338db8f88463d9adb1e75f diff --git a/resources/v1.30-alpha.8a7ac6f6/gateway-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag b/resources/v1.30-alpha.8a7ac6f6/gateway-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag new file mode 100644 index 000000000..7d6325bc7 --- /dev/null +++ b/resources/v1.30-alpha.8a7ac6f6/gateway-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag @@ -0,0 +1 @@ +07176ec3fba33e43226282d351b20ab1 diff --git a/resources/v1.30-alpha.8a7ac6f6/istiod-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag b/resources/v1.30-alpha.8a7ac6f6/istiod-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag new file mode 100644 index 000000000..d04d2896d --- /dev/null +++ b/resources/v1.30-alpha.8a7ac6f6/istiod-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag @@ -0,0 +1 @@ +c932eb2daad4c9c1828bc291464956ce diff --git a/resources/v1.30-alpha.eab5fb06/profiles/ambient.yaml b/resources/v1.30-alpha.8a7ac6f6/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/profiles/ambient.yaml rename to resources/v1.30-alpha.8a7ac6f6/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.eab5fb06/profiles/default.yaml b/resources/v1.30-alpha.8a7ac6f6/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/profiles/default.yaml rename to resources/v1.30-alpha.8a7ac6f6/profiles/default.yaml diff --git a/resources/v1.30-alpha.eab5fb06/profiles/demo.yaml b/resources/v1.30-alpha.8a7ac6f6/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/profiles/demo.yaml rename to resources/v1.30-alpha.8a7ac6f6/profiles/demo.yaml diff --git a/resources/v1.30-alpha.eab5fb06/profiles/empty.yaml b/resources/v1.30-alpha.8a7ac6f6/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/profiles/empty.yaml rename to resources/v1.30-alpha.8a7ac6f6/profiles/empty.yaml diff --git a/resources/v1.30-alpha.eab5fb06/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.8a7ac6f6/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.8a7ac6f6/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.eab5fb06/profiles/openshift.yaml b/resources/v1.30-alpha.8a7ac6f6/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/profiles/openshift.yaml rename to resources/v1.30-alpha.8a7ac6f6/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.eab5fb06/profiles/preview.yaml b/resources/v1.30-alpha.8a7ac6f6/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/profiles/preview.yaml rename to resources/v1.30-alpha.8a7ac6f6/profiles/preview.yaml diff --git a/resources/v1.30-alpha.eab5fb06/profiles/remote.yaml b/resources/v1.30-alpha.8a7ac6f6/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/profiles/remote.yaml rename to resources/v1.30-alpha.8a7ac6f6/profiles/remote.yaml diff --git a/resources/v1.30-alpha.eab5fb06/profiles/stable.yaml b/resources/v1.30-alpha.8a7ac6f6/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.eab5fb06/profiles/stable.yaml rename to resources/v1.30-alpha.8a7ac6f6/profiles/stable.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/ztunnel-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag b/resources/v1.30-alpha.8a7ac6f6/ztunnel-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag new file mode 100644 index 000000000..302aa604f --- /dev/null +++ b/resources/v1.30-alpha.8a7ac6f6/ztunnel-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag @@ -0,0 +1 @@ +d44ad5876d0bd532cbf4a80ca2528541 diff --git a/resources/v1.30-alpha.eab5fb06/base-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag b/resources/v1.30-alpha.eab5fb06/base-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag deleted file mode 100644 index 154edac70..000000000 --- a/resources/v1.30-alpha.eab5fb06/base-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -9049d91323322c13b31b6fd8da9a9949 diff --git a/resources/v1.30-alpha.eab5fb06/cni-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag b/resources/v1.30-alpha.eab5fb06/cni-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag deleted file mode 100644 index 6869b1243..000000000 --- a/resources/v1.30-alpha.eab5fb06/cni-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -21bea6b5a27bdbad224213dc30988a44 diff --git a/resources/v1.30-alpha.eab5fb06/commit b/resources/v1.30-alpha.eab5fb06/commit deleted file mode 100644 index eb8027778..000000000 --- a/resources/v1.30-alpha.eab5fb06/commit +++ /dev/null @@ -1 +0,0 @@ -eab5fb0686458842f328ff53f0d985ec1fa6df5e diff --git a/resources/v1.30-alpha.eab5fb06/gateway-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag b/resources/v1.30-alpha.eab5fb06/gateway-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag deleted file mode 100644 index 8a88dd255..000000000 --- a/resources/v1.30-alpha.eab5fb06/gateway-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -cf981518fbce42ab22b62911b7b5b536 diff --git a/resources/v1.30-alpha.eab5fb06/istiod-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag b/resources/v1.30-alpha.eab5fb06/istiod-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag deleted file mode 100644 index a4177bed3..000000000 --- a/resources/v1.30-alpha.eab5fb06/istiod-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -54250a3eef9b0cbefbbbab6ddc1d55ac diff --git a/resources/v1.30-alpha.eab5fb06/ztunnel-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag b/resources/v1.30-alpha.eab5fb06/ztunnel-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag deleted file mode 100644 index d7a83ad16..000000000 --- a/resources/v1.30-alpha.eab5fb06/ztunnel-1.30-alpha.eab5fb0686458842f328ff53f0d985ec1fa6df5e.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -8de3ffdaf56bbb1c057d58261cfecd2c From e05a1080ad14dc3c6aae951965b937b405d81be3 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Wed, 28 Jan 2026 00:25:42 -0500 Subject: [PATCH 14/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1549) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 2 +- go.sum | 4 +-- pkg/istioversion/versions.yaml | 18 ++++++------ ...b2a6147edf0e6172b55988bdd60052f67.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 8 +++--- .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 8 +++--- .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 4 +++ .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 7 +++-- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 7 +++-- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...b2a6147edf0e6172b55988bdd60052f67.tgz.etag | 1 + resources/v1.30-alpha.299edbbb/commit | 1 + ...b2a6147edf0e6172b55988bdd60052f67.tgz.etag | 1 + ...b2a6147edf0e6172b55988bdd60052f67.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...b2a6147edf0e6172b55988bdd60052f67.tgz.etag | 1 + ...6b06cd450a7338db8f88463d9adb1e75f.tgz.etag | 1 - ...6b06cd450a7338db8f88463d9adb1e75f.tgz.etag | 1 - resources/v1.30-alpha.8a7ac6f6/commit | 1 - ...6b06cd450a7338db8f88463d9adb1e75f.tgz.etag | 1 - ...6b06cd450a7338db8f88463d9adb1e75f.tgz.etag | 1 - ...6b06cd450a7338db8f88463d9adb1e75f.tgz.etag | 1 - 221 files changed, 110 insertions(+), 104 deletions(-) create mode 100644 resources/v1.30-alpha.299edbbb/base-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/README.md (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/grpc-agent.yaml (97%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/injection-template.yaml (98%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/deployment.yaml (98%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.299edbbb/cni-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag create mode 100644 resources/v1.30-alpha.299edbbb/commit create mode 100644 resources/v1.30-alpha.299edbbb/gateway-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag create mode 100644 resources/v1.30-alpha.299edbbb/istiod-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.8a7ac6f6 => v1.30-alpha.299edbbb}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.299edbbb/ztunnel-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag delete mode 100644 resources/v1.30-alpha.8a7ac6f6/base-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag delete mode 100644 resources/v1.30-alpha.8a7ac6f6/cni-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag delete mode 100644 resources/v1.30-alpha.8a7ac6f6/commit delete mode 100644 resources/v1.30-alpha.8a7ac6f6/gateway-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag delete mode 100644 resources/v1.30-alpha.8a7ac6f6/istiod-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag delete mode 100644 resources/v1.30-alpha.8a7ac6f6/ztunnel-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 8602d52e8..05e0cdf1c 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.8a7ac6f6 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.299edbbb // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index e508306ee..4b6a2d476 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.8a7ac6f6 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.299edbbb // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index ce4a1b437..83d14fcc7 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.8a7ac6f6. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.8a7ac6f6 + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.299edbbb. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.299edbbb Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 22efbc46a..cf415fab0 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.8a7ac6f6 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.299edbbb // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 84c0057b3..23f4e4412 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.8a7ac6f6 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.299edbbb // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 412ec0263..cba28f47a 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-01-27T05:10:32Z" + createdAt: "2026-01-28T05:10:30Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.8a7ac6f6. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.299edbbb. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.8a7ac6f6 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.8a7ac6f6 + - v1.30-alpha.299edbbb [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_8a7ac6f6.cni: gcr.io/istio-testing/install-cni:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f - images.v1_30-alpha_8a7ac6f6.istiod: gcr.io/istio-testing/pilot:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f - images.v1_30-alpha_8a7ac6f6.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f - images.v1_30-alpha_8a7ac6f6.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f + images.v1_30-alpha_299edbbb.cni: gcr.io/istio-testing/install-cni:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 + images.v1_30-alpha_299edbbb.istiod: gcr.io/istio-testing/pilot:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 + images.v1_30-alpha_299edbbb.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 + images.v1_30-alpha_299edbbb.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 31940c7e5..11268f1ae 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.8a7ac6f6 + - v1.30-alpha.299edbbb type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 7649d0412..789ee7802 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.8a7ac6f6. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.299edbbb. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.8a7ac6f6 + - v1.30-alpha.299edbbb type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 1d7f4547f..ff8895d34 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.8a7ac6f6 + - v1.30-alpha.299edbbb type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 7cc977796..2bcd386bf 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.8a7ac6f6 + - v1.30-alpha.299edbbb type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.8a7ac6f6 + - v1.30-alpha.299edbbb type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 2f3a5860f..b1fcdbd80 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.8a7ac6f6 + - v1.30-alpha.299edbbb type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index bb58186f8..c41d343ef 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.8a7ac6f6. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.299edbbb. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.8a7ac6f6 + - v1.30-alpha.299edbbb type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 2d6a631e8..2b2dad7d8 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.8a7ac6f6 + - v1.30-alpha.299edbbb type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 94ff5a7f9..f942b544d 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.8a7ac6f6 + - v1.30-alpha.299edbbb type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.8a7ac6f6 + - v1.30-alpha.299edbbb type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index a398b0655..d842fe2f6 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_8a7ac6f6.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f - images.v1_30-alpha_8a7ac6f6.istiod: gcr.io/istio-testing/pilot:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f - images.v1_30-alpha_8a7ac6f6.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f - images.v1_30-alpha_8a7ac6f6.cni: gcr.io/istio-testing/install-cni:1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f + images.v1_30-alpha_299edbbb.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 + images.v1_30-alpha_299edbbb.istiod: gcr.io/istio-testing/pilot:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 + images.v1_30-alpha_299edbbb.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 + images.v1_30-alpha_299edbbb.cni: gcr.io/istio-testing/install-cni:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.8a7ac6f6 + - v1.30-alpha.299edbbb [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 45e5ff852..7d1e84417 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.8a7ac6f6] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.299edbbb] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.8a7ac6f6. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.8a7ac6f6] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.299edbbb. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.299edbbb] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.8a7ac6f6] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.299edbbb] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3524,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.8a7ac6f6] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.299edbbb] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3690,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.8a7ac6f6. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.8a7ac6f6] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.299edbbb] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index f32ed9fac..f49cdeaaf 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260126233326-65dae2164fa2 - istio.io/istio v0.0.0-20260127031141-8a7ac6f6b06c + istio.io/istio v0.0.0-20260128013542-299edbbb2a61 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 diff --git a/go.sum b/go.sum index f6780c872..b9fb7a71e 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260126233127-4914fc685fb3 h1:S1MUMQKSCtP4p+Qn15 istio.io/api v1.29.0-alpha.0.0.20260126233127-4914fc685fb3/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260126233326-65dae2164fa2 h1:LRVdFc7s8pXaLpVsPRzOOWareyixXwbAW/reLB3KR7M= istio.io/client-go v1.29.0-alpha.0.0.20260126233326-65dae2164fa2/go.mod h1:hYl9NytvyOGLcFT5ZPJwk+NiepyelwRwCZUYK7aavug= -istio.io/istio v0.0.0-20260127031141-8a7ac6f6b06c h1:pICc8n/Zz6fcDjU0+4N/Xv6115rt5D5iIjDe8uSkHOI= -istio.io/istio v0.0.0-20260127031141-8a7ac6f6b06c/go.mod h1:qgHT7zOGNgo0IMDEc+MGOtJvS/+XxNl5MTHvOZx0tsM= +istio.io/istio v0.0.0-20260128013542-299edbbb2a61 h1:KMopJA1pahmIbPUWcOLIZ+n4CkqG0SHNso3yWU24+qc= +istio.io/istio v0.0.0-20260128013542-299edbbb2a61/go.mod h1:VAnke99pvFQCN7/9Be8v4oI2jX/jWuP6bb6AZtVnb48= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 54f7d552e..986fde2f6 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.8a7ac6f6 - - name: v1.30-alpha.8a7ac6f6 - version: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f + ref: v1.30-alpha.299edbbb + - name: v1.30-alpha.299edbbb + version: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 repo: https://github.com/istio/istio branch: master - commit: 8a7ac6f6b06cd450a7338db8f88463d9adb1e75f + commit: 299edbbb2a6147edf0e6172b55988bdd60052f67 charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f/helm/base-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f/helm/cni-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f/helm/gateway-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f/helm/istiod-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f/helm/ztunnel-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67/helm/base-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67/helm/cni-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67/helm/gateway-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67/helm/istiod-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67/helm/ztunnel-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz diff --git a/resources/v1.30-alpha.299edbbb/base-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag b/resources/v1.30-alpha.299edbbb/base-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag new file mode 100644 index 000000000..0802d8ff6 --- /dev/null +++ b/resources/v1.30-alpha.299edbbb/base-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag @@ -0,0 +1 @@ +69b652227b2af5b0058a17340a7ab357 diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/Chart.yaml b/resources/v1.30-alpha.299edbbb/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/Chart.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/Chart.yaml index cb3b785f0..f13841910 100644 --- a/resources/v1.30-alpha.8a7ac6f6/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.299edbbb/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f +appVersion: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f +version: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/README.md b/resources/v1.30-alpha.299edbbb/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/README.md rename to resources/v1.30-alpha.299edbbb/charts/base/README.md diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.299edbbb/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.299edbbb/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.299edbbb/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.299edbbb/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.299edbbb/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.299edbbb/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.299edbbb/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.299edbbb/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.299edbbb/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.299edbbb/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.299edbbb/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/base/values.yaml b/resources/v1.30-alpha.299edbbb/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/base/values.yaml rename to resources/v1.30-alpha.299edbbb/charts/base/values.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/Chart.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/Chart.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/Chart.yaml index 33ea9e5d8..e67a323db 100644 --- a/resources/v1.30-alpha.8a7ac6f6/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.299edbbb/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f +appVersion: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f +version: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/README.md b/resources/v1.30-alpha.299edbbb/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/README.md rename to resources/v1.30-alpha.299edbbb/charts/cni/README.md diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.299edbbb/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.299edbbb/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.299edbbb/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.299edbbb/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/cni/values.yaml b/resources/v1.30-alpha.299edbbb/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.8a7ac6f6/charts/cni/values.yaml rename to resources/v1.30-alpha.299edbbb/charts/cni/values.yaml index b0b90b5ce..2641989e9 100644 --- a/resources/v1.30-alpha.8a7ac6f6/charts/cni/values.yaml +++ b/resources/v1.30-alpha.299edbbb/charts/cni/values.yaml @@ -153,7 +153,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f + tag: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/Chart.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/Chart.yaml index 1b0136d7e..2cce9a9a8 100644 --- a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.299edbbb/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f +appVersion: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f +version: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/README.md b/resources/v1.30-alpha.299edbbb/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/README.md rename to resources/v1.30-alpha.299edbbb/charts/gateway/README.md diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.299edbbb/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.299edbbb/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.299edbbb/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.299edbbb/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/values.schema.json b/resources/v1.30-alpha.299edbbb/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/values.schema.json rename to resources/v1.30-alpha.299edbbb/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/gateway/values.yaml b/resources/v1.30-alpha.299edbbb/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/gateway/values.yaml rename to resources/v1.30-alpha.299edbbb/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/Chart.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/Chart.yaml index 130c48442..00faa8aad 100644 --- a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.299edbbb/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f +appVersion: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f +version: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/README.md b/resources/v1.30-alpha.299edbbb/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/README.md rename to resources/v1.30-alpha.299edbbb/charts/istiod/README.md diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/grpc-agent.yaml similarity index 97% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/grpc-agent.yaml index 6e3102e4c..3b9240e36 100644 --- a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/grpc-agent.yaml +++ b/resources/v1.30-alpha.299edbbb/charts/istiod/files/grpc-agent.yaml @@ -3,19 +3,19 @@ {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} requests: {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` | quote }} {{ end }} {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` | quote }} {{ end }} {{- end }} {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} limits: {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` | quote }} {{ end }} {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` | quote }} {{ end }} {{- end }} {{- else }} diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/injection-template.yaml similarity index 98% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/injection-template.yaml index 39210a5e2..82ef16717 100644 --- a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/injection-template.yaml +++ b/resources/v1.30-alpha.299edbbb/charts/istiod/files/injection-template.yaml @@ -3,19 +3,19 @@ {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} requests: {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` | quote }} {{ end }} {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` | quote }} {{ end }} {{- end }} {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} limits: {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` | quote }} {{ end }} {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` | quote }} {{ end }} {{- end }} {{- else }} diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/deployment.yaml similarity index 98% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/deployment.yaml index 455c0ab98..da975afd5 100644 --- a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/deployment.yaml +++ b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/deployment.yaml @@ -190,6 +190,10 @@ spec: - name: PILOT_TRACE_SAMPLING value: "{{ .Values.traceSampling }}" {{- end }} +{{- if .Values.taint.enabled }} + - name: PILOT_ENABLE_NODE_UNTAINT_CONTROLLERS + value: "true" +{{- end }} # If externalIstiod is set via Values.Global, then enable the pilot env variable. However, if it's set via Values.pilot.env, then # don't set it here to avoid duplication. # TODO (nshankar13): Move from Helm chart to code: https://github.com/istio/istio/issues/52449 diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/values.yaml b/resources/v1.30-alpha.299edbbb/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.8a7ac6f6/charts/istiod/values.yaml rename to resources/v1.30-alpha.299edbbb/charts/istiod/values.yaml index a282440bf..84a34eb40 100644 --- a/resources/v1.30-alpha.8a7ac6f6/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.299edbbb/charts/istiod/values.yaml @@ -43,6 +43,7 @@ _internal_defaults_do_not_set: # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes taint: # Controls whether or not the untaint controller is active + # When enabled, this automatically sets PILOT_ENABLE_NODE_UNTAINT_CONTROLLERS environment variable to true in the istiod deployment. enabled: false # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod namespace: "" @@ -254,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f + tag: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" @@ -367,7 +368,7 @@ _internal_defaults_do_not_set: #If set to true, istio-proxy container will have privileged securityContext privileged: false - + seccompProfile: {} # The number of successive failed probes before indicating readiness failure. @@ -571,7 +572,7 @@ _internal_defaults_do_not_set: # type: ClusterIP # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. gatewayClasses: {} - + pdb: # -- Minimum available pods set in PodDisruptionBudget. # Define either 'minAvailable' or 'maxUnavailable', never both. diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/Chart.yaml index 4c2e4d8df..f002d09ca 100644 --- a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.299edbbb/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f +appVersion: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/values.yaml b/resources/v1.30-alpha.299edbbb/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.299edbbb/charts/revisiontags/values.yaml index a282440bf..84a34eb40 100644 --- a/resources/v1.30-alpha.8a7ac6f6/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.299edbbb/charts/revisiontags/values.yaml @@ -43,6 +43,7 @@ _internal_defaults_do_not_set: # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes taint: # Controls whether or not the untaint controller is active + # When enabled, this automatically sets PILOT_ENABLE_NODE_UNTAINT_CONTROLLERS environment variable to true in the istiod deployment. enabled: false # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod namespace: "" @@ -254,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f + tag: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" @@ -367,7 +368,7 @@ _internal_defaults_do_not_set: #If set to true, istio-proxy container will have privileged securityContext privileged: false - + seccompProfile: {} # The number of successive failed probes before indicating readiness failure. @@ -571,7 +572,7 @@ _internal_defaults_do_not_set: # type: ClusterIP # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. gatewayClasses: {} - + pdb: # -- Minimum available pods set in PodDisruptionBudget. # Define either 'minAvailable' or 'maxUnavailable', never both. diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/Chart.yaml index 04dbf1ad3..171dbf025 100644 --- a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.299edbbb/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f +appVersion: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f +version: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/README.md b/resources/v1.30-alpha.299edbbb/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/README.md rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/values.yaml b/resources/v1.30-alpha.299edbbb/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.299edbbb/charts/ztunnel/values.yaml index b6f7fe1fe..29c8129bd 100644 --- a/resources/v1.30-alpha.8a7ac6f6/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.299edbbb/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f + tag: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.299edbbb/cni-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag b/resources/v1.30-alpha.299edbbb/cni-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag new file mode 100644 index 000000000..8596d1abf --- /dev/null +++ b/resources/v1.30-alpha.299edbbb/cni-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag @@ -0,0 +1 @@ +cb76b5ed1c402be1c6d4a0cf65a2f05c diff --git a/resources/v1.30-alpha.299edbbb/commit b/resources/v1.30-alpha.299edbbb/commit new file mode 100644 index 000000000..b1dadf910 --- /dev/null +++ b/resources/v1.30-alpha.299edbbb/commit @@ -0,0 +1 @@ +299edbbb2a6147edf0e6172b55988bdd60052f67 diff --git a/resources/v1.30-alpha.299edbbb/gateway-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag b/resources/v1.30-alpha.299edbbb/gateway-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag new file mode 100644 index 000000000..fd4bb1bc3 --- /dev/null +++ b/resources/v1.30-alpha.299edbbb/gateway-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag @@ -0,0 +1 @@ +a1320e9cbcb6f6cb74de3e3d17a45180 diff --git a/resources/v1.30-alpha.299edbbb/istiod-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag b/resources/v1.30-alpha.299edbbb/istiod-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag new file mode 100644 index 000000000..1f82225e2 --- /dev/null +++ b/resources/v1.30-alpha.299edbbb/istiod-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag @@ -0,0 +1 @@ +94869e6c06aeecd09e619c16364afd19 diff --git a/resources/v1.30-alpha.8a7ac6f6/profiles/ambient.yaml b/resources/v1.30-alpha.299edbbb/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/profiles/ambient.yaml rename to resources/v1.30-alpha.299edbbb/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/profiles/default.yaml b/resources/v1.30-alpha.299edbbb/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/profiles/default.yaml rename to resources/v1.30-alpha.299edbbb/profiles/default.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/profiles/demo.yaml b/resources/v1.30-alpha.299edbbb/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/profiles/demo.yaml rename to resources/v1.30-alpha.299edbbb/profiles/demo.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/profiles/empty.yaml b/resources/v1.30-alpha.299edbbb/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/profiles/empty.yaml rename to resources/v1.30-alpha.299edbbb/profiles/empty.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.299edbbb/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.299edbbb/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/profiles/openshift.yaml b/resources/v1.30-alpha.299edbbb/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/profiles/openshift.yaml rename to resources/v1.30-alpha.299edbbb/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/profiles/preview.yaml b/resources/v1.30-alpha.299edbbb/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/profiles/preview.yaml rename to resources/v1.30-alpha.299edbbb/profiles/preview.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/profiles/remote.yaml b/resources/v1.30-alpha.299edbbb/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/profiles/remote.yaml rename to resources/v1.30-alpha.299edbbb/profiles/remote.yaml diff --git a/resources/v1.30-alpha.8a7ac6f6/profiles/stable.yaml b/resources/v1.30-alpha.299edbbb/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.8a7ac6f6/profiles/stable.yaml rename to resources/v1.30-alpha.299edbbb/profiles/stable.yaml diff --git a/resources/v1.30-alpha.299edbbb/ztunnel-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag b/resources/v1.30-alpha.299edbbb/ztunnel-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag new file mode 100644 index 000000000..d90369a99 --- /dev/null +++ b/resources/v1.30-alpha.299edbbb/ztunnel-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag @@ -0,0 +1 @@ +7de7bf5ce2bf51d3acef212b10499b37 diff --git a/resources/v1.30-alpha.8a7ac6f6/base-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag b/resources/v1.30-alpha.8a7ac6f6/base-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag deleted file mode 100644 index 7b39d1834..000000000 --- a/resources/v1.30-alpha.8a7ac6f6/base-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -eaff15337aeec368e3e452ce43da7a75 diff --git a/resources/v1.30-alpha.8a7ac6f6/cni-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag b/resources/v1.30-alpha.8a7ac6f6/cni-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag deleted file mode 100644 index 3bb680a36..000000000 --- a/resources/v1.30-alpha.8a7ac6f6/cni-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -54ede8472298749d433ad47dae5dfe99 diff --git a/resources/v1.30-alpha.8a7ac6f6/commit b/resources/v1.30-alpha.8a7ac6f6/commit deleted file mode 100644 index 2e9098f6c..000000000 --- a/resources/v1.30-alpha.8a7ac6f6/commit +++ /dev/null @@ -1 +0,0 @@ -8a7ac6f6b06cd450a7338db8f88463d9adb1e75f diff --git a/resources/v1.30-alpha.8a7ac6f6/gateway-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag b/resources/v1.30-alpha.8a7ac6f6/gateway-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag deleted file mode 100644 index 7d6325bc7..000000000 --- a/resources/v1.30-alpha.8a7ac6f6/gateway-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -07176ec3fba33e43226282d351b20ab1 diff --git a/resources/v1.30-alpha.8a7ac6f6/istiod-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag b/resources/v1.30-alpha.8a7ac6f6/istiod-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag deleted file mode 100644 index d04d2896d..000000000 --- a/resources/v1.30-alpha.8a7ac6f6/istiod-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -c932eb2daad4c9c1828bc291464956ce diff --git a/resources/v1.30-alpha.8a7ac6f6/ztunnel-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag b/resources/v1.30-alpha.8a7ac6f6/ztunnel-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag deleted file mode 100644 index 302aa604f..000000000 --- a/resources/v1.30-alpha.8a7ac6f6/ztunnel-1.30-alpha.8a7ac6f6b06cd450a7338db8f88463d9adb1e75f.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -d44ad5876d0bd532cbf4a80ca2528541 From 6e1e7e43b8de302e7acb402236134de9ae1c1a3c Mon Sep 17 00:00:00 2001 From: Rafael Zago Date: Thu, 29 Jan 2026 01:41:44 -0300 Subject: [PATCH 15/40] docs: Add comprehensive Istio Ambient Mode update and waypoint proxy procedures (#1279) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * docs: Add comprehensive Istio Ambient Mode update and waypoint procedures Add detailed documentation for updating Istio in ambient mode: - New istio-ambient-update.adoc with complete update procedures - Updated istio-ambient-mode.adoc with Update section reference - Updated istio-ambient-waypoint.adoc with waypoint update procedures - Updated docs/README.adoc with navigation links Covers both InPlace and RevisionBased update strategies, including: - Understanding versioning and update process - Control plane, IstioCNI, and ZTunnel component updates - Waypoint proxy management and compatibility - Special considerations for ambient mode upgrades - Troubleshooting guidance for common issues Signed-off-by: Rafael Zago * docs: eliminate duplication between update strategy and ambient update docs Addressed documentation duplication by making update-strategy.adoc the single source of truth for strategy concepts while keeping istio-ambient-update.adoc focused on ambient-specific procedures. Changes to docs/update-strategy/update-strategy.adoc: - Added new 'Understanding Versioning' section explaining semantic versioning (X.Y.Z format with major/minor/patch definitions) - Added note clarifying that InPlace and RevisionBased strategies apply to both sidecar and ambient modes - Added cross-reference to istio-ambient-update.adoc for ambient-specific update procedures - Updated table of contents to include new versioning section Changes to docs/common/istio-ambient-update.adoc: - Replaced full 'Understanding versioning' section with reference to update-strategy.adoc#understanding-versioning - Replaced 'About Istio update process' section with streamlined 'Selecting an Update Strategy' section that references the general strategy doc - Refactored 'About InPlace strategy' to 'Updating with InPlace Strategy' with reference to general strategy doc + ambient-specific considerations - Refactored 'About RevisionBased strategy' to 'Updating with RevisionBased Strategy' with reference to general strategy doc + ambient-specific considerations - Enhanced intro section to highlight key ambient mode differences upfront - Kept all unique ambient content: IstioCNI, ZTunnel, Waypoint proxy updates, special considerations, and troubleshooting Changes to docs/README.adoc: - Updated anchor links for ambient update doc sections: - #about-inplace-strategy → #updating-with-inplace-strategy - #about-revisionbased-strategy → #updating-with-revisionbased-strategy Result: Both documents remain, no duplication, clear separation of concerns, and bidirectional cross-references for better navigation. Signed-off-by: Rafael Zago * docs: simplify waypoint proxy verification procedures Streamlined the Layer 7 features verification section by removing redundant resource listing steps: - Removed 'Check HTTPRoute resources' step before testing traffic distribution (users can directly test traffic instead of listing resources first) - Removed 'Check AuthorizationPolicy resources' step before testing policy enforcement (users can directly test enforcement instead of listing first) These changes make the verification process more direct and actionable by focusing on actual testing rather than resource inspection. Users who need to inspect resources can still use kubectl get commands independently. Also added newline at end of file. Signed-off-by: Rafael Zago * docs: Add automation test tags to ambient mode documentation Add proper test tags (subs="attributes+" and name attributes) to code blocks in ambient mode documentation files to enable automated documentation testing, following the pattern established in update-strategy.adoc. Changes to docs/common/istio-ambient-update.adoc: - Added test tags for InPlace strategy: ambient-inplace-update-strategy - Added test tags for RevisionBased strategy: ambient-revision-based-strategy - Added test tags for rollback procedure: ambient-revision-rollback - Added test tags for IstioCNI update: ambient-update-istiocni - Added test tags for ZTunnel update: ambient-update-ztunnel - Added test tags for workload verification: ambient-verify-workloads - Added test tags for waypoint update: ambient-update-waypoint Changes to docs/common/istio-ambient-waypoint.adoc: - Added test tags for prerequisites: ambient-waypoint-prerequisites - Added test tags for waypoint deployment: ambient-waypoint-deploy - Added test tags for cross-namespace deployment: ambient-waypoint-crossns-deploy - Added test tags for InPlace updates: ambient-waypoint-update-inplace - Added test tags for RevisionBased updates: ambient-waypoint-update-revisionbased - Added test tags for L7 verification: ambient-waypoint-verify-l7 - Added test tags for cross-namespace updates: ambient-waypoint-crossns-update - Added test tags for L7 features: ambient-waypoint-l7-features - Added test tags for cleanup: ambient-waypoint-cleanup Addresses PR feedback from https://github.com/istio-ecosystem/sail-operator/pull/1279 requesting proper automation test tags for upstream documentation. Signed-off-by: Rafael Zago * docs: consolidate IstioCNI update documentation Merged the "About the Istio CNI update process" section into the "Updating IstioCNI" section to eliminate duplication and improve documentation flow. Changes: - Enhanced "Updating IstioCNI" section with conceptual explanation of in-place updates and daemonset behavior - Added spec.version field documentation and format guidance - Included notes about RevisionBased compatibility - Removed duplicate "About the Istio CNI update process" section - All procedural content preserved Addresses reviewer feedback from PR #1279 to club duplicate sections into a single comprehensive IstioCNI update guide. Signed-off-by: Rafael Zago * docs: simplify InPlace strategy steps and add inline IstioCNI/ZTunnel update instructions - Streamlined control plane update steps by combining redundant verification steps - Removed separate monitoring and pod status checks (steps 2, 5, 6) - Consolidated verification into a single step with optional log checking - Added inline summary for IstioCNI and ZTunnel updates for completeness - Maintained reference to detailed procedures in Common Update Procedures section Addresses feedback to reduce redundant steps while providing complete upgrade instructions for all ambient components in the InPlace strategy. Signed-off-by: Rafael Zago * docs: Removing the recreation reference for istio ambient mode update Signed-off-by: Rafael Zago * docs: Removing ztunnel reference of supporting multiple control plane versions Signed-off-by: Rafael Zago * docs: consolidate ambient mode update documentation Eliminate duplication between README.adoc, update-strategy.adoc, and istio-ambient-update.adoc while preserving all doc tests and ambient-specific content. Changes: - Simplified README.adoc ambient update section to single link - Enhanced update-strategy.adoc with prominent ambient mode note - Streamlined istio-ambient-update.adoc to reference main update strategy docs for InPlace/RevisionBased explanations - Preserved all 44 ambient-specific doc test markers - Kept detailed ambient-specific procedures (IstioCNI, ZTunnel, Waypoint) The documentation now follows a cleaner structure with minimal duplication while maintaining comprehensive ambient mode guidance. Signed-off-by: Rafael Zago * docs: clarify RevisionBased update limitations in ambient mode Update documentation to accurately reflect that RevisionBased update strategy has significant limitations when used with Istio ambient mode: - Only one ztunnel instance can run cluster-wide at any time - Manual CRD synchronization required between Istio and ZTunnel revisions - Ztunnel must be manually reconfigured to point to appropriate control plane Changes made: - Add prominent warnings in both istio-ambient-mode.adoc and istio-ambient-update.adoc recommending InPlace strategy for ambient mode - Correct misleading statements suggesting ztunnel can communicate with multiple control plane versions simultaneously - Add detailed explanation of limitations in RevisionBased strategy section - Update strategy selection guidance to clearly indicate InPlace as recommended approach for ambient deployments This addresses feedback that the previous documentation incorrectly suggested RevisionBased updates work seamlessly with ambient mode. Signed-off-by: Rafael Zago * docs: clarify HA limitations during ambient mode InPlace upgrades Update the ambient mode upgrade documentation to accurately reflect that running multiple replicas of istiod helps minimize but does not completely eliminate the possibility of brief traffic disruption during InPlace control plane upgrades. Changes: - Updated InPlace strategy section to clarify that HA mode minimizes but doesn't eliminate downtime risk - Added reference to upstream Istio ambient upgrade documentation - Updated tip and recommendations sections with accurate HA limitations This addresses feedback from contributor review pointing to upstream Istio documentation that confirms even with multiple replicas, some brief downtime may still occur during ambient mode upgrades. Signed-off-by: Rafael Zago * docs: Fix AsciiDoc list numbering in waypoint documentation Add list continuation markers (+) before code blocks within numbered lists to prevent list numbering from restarting at 1 after each code block. Fixed sections: - InPlace Strategy: Added 2 continuation markers - RevisionBased Strategy: Added 3 continuation markers - Cross-namespace Waypoint Updates: Added 2 continuation markers This ensures numbered lists render correctly with sequential numbering (1, 2, 3) instead of (1, 1, 1). Signed-off-by: Rafael Zago * docs: Fix AsciiDoc formatting in istio-ambient-update.adoc Add blank line after bold text to ensure proper rendering of bullet list in the Troubleshooting Common Issues section. Signed-off-by: Rafael Zago * docs: Clarify that bookinfo is used as example in ambient verification Add a NOTE to the 'Verifying Ambient Workloads' section explaining that the examples use the bookinfo sample application and that users should adapt the steps to their own applications. Signed-off-by: Rafael Zago * docs: Move IstioCNI update procedure to main README - Add new 'Updating Components' section to README.md with detailed IstioCNI update procedures - Replace detailed content in istio-ambient-update.adoc with reference link to README - Update internal references throughout ambient update documentation This improves discoverability of the IstioCNI update procedure by placing it in the main README while maintaining proper cross-references in the detailed ambient mode documentation. Signed-off-by: Rafael Zago * docs: use generic namespace placeholder in ambient update guide Replace hardcoded 'bookinfo' namespace with '' placeholder in kubectl rollout commands to make the documentation more reusable and clearly indicate to users that they should substitute their own namespace. Changes: - kubectl rollout restart deployment -n - kubectl rollout status deployment -n This aligns with the existing note that bookinfo is just an example. Signed-off-by: Rafael Zago * docs: Add version compatibility guidance for waypoint proxies Add clarification in the RevisionBased strategy section about recommended version compatibility between waypoint proxies and control plane. Documents that waypoint proxies should be kept within one minor version (n or n-1) of the control plane, following Istio's general support policy. This addresses questions about version compatibility recommendations similar to those provided for CNI components. Signed-off-by: Rafael Zago * docs: Fix missing cross-reference link for waypoint proxies section Replace plain text reference with proper AsciiDoc cross-reference link to the 'Updating Waypoint Proxies (If Deployed)' section in the ambient mode update documentation. Signed-off-by: Rafael Zago * docs: Add example log output for waypoint proxy istiod connection verification Add real-world example output to kubectl logs commands in the ambient waypoint documentation to help users understand what they should expect to see when verifying their waypoint proxy is properly connected to the control plane. Examples show: - InPlace strategy: Connection to standard istiod service - RevisionBased strategy: Connection to revision-specific istiod service This addresses the contributor feedback requesting example output for better user guidance. Signed-off-by: Rafael Zago * docs: Replace kubectl logs with istioctl proxy-status for waypoint verification Update waypoint proxy verification steps to use istioctl proxy-status instead of kubectl logs for more reliable connection verification. Changes: - Replace log-based verification with istioctl proxy-status command - Add example outputs showing correct column format - Provide explanations of output fields (CDS, LDS, EDS, RDS, ISTIOD, VERSION) - Update both InPlace and RevisionBased strategy sections The istioctl proxy-status command queries the control plane directly, providing accurate synchronization status and connected istiod information. Addresses PR feedback requesting more reliable verification method and example outputs to help users understand expected results. Signed-off-by: Rafael Zago * docs: enhance traffic routing verification section with examples Improve the L7 Feature Verification section for traffic routing by: - Adding reference to the existing Traffic Routing section example - Providing detailed explanation of the test command - Including sample output showing expected traffic distribution (90/10 split) - Adding interpretive guidance to help users understand results This addresses contributor feedback requesting more context and expected outputs for HTTPRoute traffic distribution testing. Signed-off-by: rzago Signed-off-by: Rafael Zago * docs: Improve L7 authorization policy verification section Add comprehensive context and test cases for verifying L7 authorization policies enforced by waypoint proxies. This enhancement addresses contributor feedback requesting better examples and clearer expectations. Changes: - Add introductory context explaining the productpage-waypoint policy - Include test case for denied access (ratings service) - Add test case for allowed access (curl service) - Provide expected outputs for both scenarios - Explain why each test succeeds or fails This helps users verify that waypoint proxies correctly enforce L7 authorization rules during and after updates. Signed-off-by: Rafael Zago * docs: clarify waypoint proxy update behavior in RevisionBased strategy - Mark step 3 as optional to indicate manual updates are not always required - Add Option A (Recommended): restart waypoint pods using kubectl rollout restart - Keep existing patch command as Option B for explicit version pinning - Document that waypoint proxies automatically use correct proxy version when reconnecting to new control plane revision - Add NOTE explaining when manual image patching is actually necessary - Addresses feedback about automatic update behavior and restart alternative This clarifies the confusion around when manual waypoint proxy updates are needed versus the automatic behavior during RevisionBased control plane updates. Signed-off-by: Rafael Zago * docs: remove node cordoning recommendation from ambient upgrades Remove the recommendation about using node cordoning and blue/green node pools from the ambient mode upgrade documentation until a proper solution is identified. Signed-off-by: Rafael Zago * docs(ambient): clarify revision sync wording, drop unnecessary restarts, add IstioCNI/ZTunnel prereqs - Rephrase "Manual CRD Synchronization" to "Manual Configuration Synchronization" (revision name sync between Istio and ZTunnel resources) - Remove restart rollout/status steps not needed in ambient - Add IstioCNI and ZTunnel prereqs for InPlace and RevisionBased sections Signed-off-by: Rafael Zago * docs: Addressing comments for the ambient mode update Signed-off-by: Rafael Zago * docs: add ifdef blocks for waypoint proxy doc tests Signed-off-by: Rafael Zago * docs: clarify IstioCNI version compatibility range for RevisionBased strategy This update adds clarification about the IstioCNI version compatibility range during RevisionBased upgrades. The documentation now specifies that IstioCNI generally supports n-1 to n+1 minor versions, helping users understand the version compatibility window when managing control plane upgrades in ambient mode. Signed-off-by: Rafael Zago * docs: fix ambient waypoint tests by consolidating into e2e test The ambient waypoint documentation tests were failing in CI because they were split into 9 separate test blocks that each assumed Istio ambient mode, IstioCNI, ZTunnel, and bookinfo were already set up. This commit replaces the 9 individual test blocks with a single comprehensive end-to-end test that includes: - Phase 1: Prerequisites and Setup (Gateway API, namespaces, Istio, IstioCNI, ZTunnel, bookinfo application) - Phase 2: Waypoint Proxy Testing (deployment, enrollment, verification) - Phase 3: L7 Features Testing (HTTPRoute, AuthorizationPolicy) - Phase 4: Cleanup (complete removal of all resources) The new test is self-contained and includes all required prerequisites, ensuring it can run successfully in the docs-test CI job. Fixes: CI docs-test failure Related: commit 6a77ef5d (docs: add ifdef blocks for waypoint proxy doc tests) Signed-off-by: Rafael Zago * docs: Remove test automation from ambient mode documentation Remove all ifdef blocks and name attributes from the ambient mode documentation files to fix the docs-test CI job failures. The documentation test structure was incorrectly implemented with: - ifdef blocks containing complete setup/test/cleanup scripts instead of just validation steps - Multiple name attributes that didn't properly correspond to ifdef blocks - Test automation structure that didn't follow the documentation testing guidelines The documentation remains complete and fully functional for users. All code examples are still visible and properly formatted. Test automation will be properly implemented in a separate PR with correct structure. Files modified: - docs/common/istio-ambient-waypoint.adoc: Removed ifdef::ambient-waypoint-e2e[] block (237 lines) and all name attributes from code blocks - docs/common/istio-ambient-update.adoc: Removed all name attributes from code blocks This change allows the docs-test job to pass while preserving all documentation content and functionality. Signed-off-by: Rafael Zago * chore: Removing unecessary comments on istio ambient waypoint doc Signed-off-by: Rafael Zago * chore: Removing unecessary empty lines Signed-off-by: Rafael Zago * chore: remove unnecessary empty lines Remove trailing blank lines from istio-ambient-waypoint.adoc documentation file. These empty lines were unnecessary formatting artifacts that cluttered the documentation. Signed-off-by: Rafael Zago * docs: merge ambient update content into update-strategy.adoc - Integrate ambient-specific notes within InPlace and RevisionBased sections - Add new 'Updating Ambient Mode Components' section for IstioCNI, ZTunnel, and Waypoint procedures - Remove separate istio-ambient-update.adoc file - Update cross-references in istio-ambient-mode.adoc and README.adoc Signed-off-by: Rafael Zago * docs: remove RevisionBased strategy for ambient mode RevisionBased updates are not supported for ambient mode because: - Only one ztunnel instance can run in the cluster - Manual revision sync between Istio and ZTunnel CRDs would be required Update introduction to clarify only InPlace is supported for ambient. Keep RevisionBased content intact for sidecar mode. Signed-off-by: Rafael Zago * docs: replace hardcoded Istio versions with AsciiDoc variables Replace hardcoded version numbers with variables to ensure docs stay up-to-date automatically: - istio-ambient-waypoint.adoc: replace 1.26.4 with {istio_latest_version} - migration.adoc: add variables header, replace v1.27.0 - istio-ambient-mode.adoc: replace ztunnel image tag Minimum version requirements (1.24.0) left unchanged as they are historical facts, not dynamic values. Signed-off-by: Rafael Zago * docs: remove duplicate update procedures from README Update procedures are now consolidated in docs/update-strategy/update-strategy.adoc. Remove IstioCNI update section and reference to deleted istio-ambient-update.adoc. Signed-off-by: Rafael Zago * docs: fix technical inaccuracies in ambient update documentation - Clarify that ztunnel maintains xDS connections to istiod, not application workloads directly - Update connection reset behavior: existing long-lived TCP connections reset after grace period during ztunnel upgrade - Add recommendation for node cordoning or blue/green node pools for production upgrades Signed-off-by: Rafael Zago * docs: add component version compatibility statement to README Signed-off-by: Rafael Zago * docs: improve RevisionBased strategy description wording Signed-off-by: Rafael Zago * docs: revert InPlace description to original upstream text The statement about not needing pod restarts is only accurate for ambient mode. In sidecar mode, pod restarts are still needed to inject the new sidecar version. Signed-off-by: Rafael Zago Signed-off-by: Rafael Zago * docs: clarify ambient mode update strategy and CNI version compatibility - Change InPlace from "only supported" to "recommended" for ambient mode - Clarify RevisionBased limitation: requires manual effort to sync revisions - Add CNI version compatibility explanation per upstream docs - Add IstioCNI to Version Skew section Signed-off-by: Rafael Zago * docs: clarify ambient mode update strategy and CNI version compatibility Update ambient mode documentation to clearly state that only InPlace strategy is supported. Replace "recommended" with "supported" and improve technical explanation by referencing ZTunnel's singleton architecture instead of vague "manual effort" language. Remove RevisionBased strategy documentation from waypoint proxy procedures to eliminate confusion. Signed-off-by: Rafael Zago --------- Signed-off-by: Rafael Zago Signed-off-by: rzago Signed-off-by: Rafael Zago --- README.md | 8 +- docs/README.adoc | 8 +- docs/common/istio-ambient-mode.adoc | 21 ++- docs/common/istio-ambient-waypoint.adoc | 114 ++++++++++++- .../migration.adoc | 14 +- docs/update-strategy/update-strategy.adoc | 154 ++++++++++++++++-- 6 files changed, 295 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 0521e3190..6266a52e4 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ spec: ## Getting Started -You’ll need a Kubernetes cluster to run against. You can use [KIND](https://sigs.k8s.io/kind) to get a local cluster for testing, or run against a remote cluster. +You’ll need a Kubernetes cluster to run against. You can use [KIND](https://sigs.k8s.io/kind) to get a local cluster for testing, or run against a remote cluster. **Note:** Your controller will automatically use the current context in your kubeconfig file (i.e. whatever cluster `kubectl cluster-info` shows). ### Quick start using a local KIND cluster @@ -205,7 +205,7 @@ kubectl get istiocni default kubectl get ztunnel default ``` -**Note** - The version can be specified by modifying the `version` field within `Istio` and `IstioCNI` manifests. +**Note** - The version can be specified by modifying the `version` field within `Istio` and `IstioCNI` manifests. For other deployment options, refer to the [docs](docs) directory. ### Undeploying the operator @@ -326,6 +326,10 @@ Not all Istio patch versions will be included in Sail Operator releases. Some ma When an Istio release is out of support, the corresponding Sail Operator release will be out of support as well. +### Component Version Compatibility + +When running multiple Istio components (control plane, IstioCNI, ZTunnel), each component at version `1.x` is generally compatible with other components at versions `1.x-1`, `1.x`, and `1.x+1`. This allows for rolling upgrades where components can temporarily run at different minor versions. For best results, keep all components at the same version and follow the recommended update order: control plane first, then IstioCNI, then ZTunnel. + > [!NOTE] > The first stable 1.0 release did not follow this versioning strategy but subsequent releases will. diff --git a/docs/README.adoc b/docs/README.adoc index fb5ad1a78..6e459da23 100644 --- a/docs/README.adoc +++ b/docs/README.adoc @@ -71,9 +71,11 @@ link:../[Return to Project Root] ** link:common/istio-ambient-mode.adoc#visualize-the-application-using-kiali-dashboard[Visualize the application using Kiali dashboard] ** link:common/istio-ambient-mode.adoc#troubleshoot-issues[Troubleshoot issues] ** link:common/istio-ambient-mode.adoc#cleanup[Cleanup] +* link:update-strategy/update-strategy.adoc#updating-ambient-components[Updating Ambient Mode Components] * link:common/istio-ambient-waypoint.adoc#introduction-to-istio-waypoint-proxy[Introduction to Istio Waypoint Proxy] ** link:common/istio-ambient-waypoint.adoc#core-features[Core features] ** link:common/istio-ambient-waypoint.adoc#getting-started[Getting Started] +** link:common/istio-ambient-waypoint.adoc#update[Update] ** link:common/istio-ambient-waypoint.adoc#layer-7-features-in-ambient-mode[Layer 7 Features in Ambient Mode] ** link:common/istio-ambient-waypoint.adoc#troubleshoot-issues[Troubleshoot issues] ** link:common/istio-ambient-waypoint.adoc#cleanup[Cleanup] @@ -107,7 +109,7 @@ link:../[Return to Project Root] Sail Operator manages the lifecycle of your Istio control planes. Instead of creating a new configuration schema, Sail Operator APIs are built around Istio's helm chart APIs. All installation and configuration options that are exposed by Istio's helm charts are available through the Sail Operator CRDs' `values` fields. -Similar to using Istio's Helm charts, the final set of values used to render the charts is determined by a combination of user-provided values, default chart values, and values from selected profiles. +Similar to using Istio's Helm charts, the final set of values used to render the charts is determined by a combination of user-provided values, default chart values, and values from selected profiles. These profiles can include the user-defined profile, the platform profile, and the compatibility version profile. To view the final set of values, inspect the ConfigMap named `values` (or `values-`) in the namespace where the control plane is installed. @@ -141,7 +143,7 @@ Note: If you need a specific Istio version, you can explicitly set it using `spe Istio uses a ConfigMap for its global configuration, called the MeshConfig. All of its settings are available through `spec.meshConfig`. -To support canary updates of the control plane, Sail Operator includes support for multiple Istio versions. You can select a version by setting the `version` field in the `spec` to the version you would like to install, prefixed with a `v`. You can then update to a new version just by changing this field. An `vX.Y-latest` alias can be used for the latest z/patch versions of each supported y/minor versions. As per the example above, `{istio_latest_tag}` can be specified in the `version` field. By doing so, the operator will keep the istio version with the latest `z` version of the same `y` version. +To support canary updates of the control plane, Sail Operator includes support for multiple Istio versions. You can select a version by setting the `version` field in the `spec` to the version you would like to install, prefixed with a `v`. You can then update to a new version just by changing this field. An `vX.Y-latest` alias can be used for the latest z/patch versions of each supported y/minor versions. As per the example above, `{istio_latest_tag}` can be specified in the `version` field. By doing so, the operator will keep the istio version with the latest `z` version of the same `y` version. Sail Operator supports two different update strategies for your control planes: `InPlace` and `RevisionBased`. When using `InPlace`, the operator will immediately replace your existing control plane resources with the ones for the new version, whereas `RevisionBased` uses Istio's canary update mechanism by creating a second control plane to which you can migrate your workloads to complete the update. @@ -203,7 +205,7 @@ If you need a specific Istio version, you can explicitly set it using `spec.vers [#updating-the-istiocni-resource] ==== Updating the IstioCNI resource -Updates for the `IstioCNI` resource are `Inplace` updates, this means that the `DaemonSet` will be updated with the new version of the CNI plugin once the resource is updated and the `istio-cni-node` pods are going to be replaced with the new version. +Updates for the `IstioCNI` resource are `Inplace` updates, this means that the `DaemonSet` will be updated with the new version of the CNI plugin once the resource is updated and the `istio-cni-node` pods are going to be replaced with the new version. To update the CNI plugin, just change the `version` field to the version you want to install. Just like the `Istio` resource, it also has a `values` field that exposes all of the options provided in the `istio-cni` chart: . Create the `IstioCNI` resource. diff --git a/docs/common/istio-ambient-mode.adoc b/docs/common/istio-ambient-mode.adoc index 4f1171408..58dfea7b2 100644 --- a/docs/common/istio-ambient-mode.adoc +++ b/docs/common/istio-ambient-mode.adoc @@ -21,6 +21,7 @@ link:../README.adoc[Return to Project Root] *** <> ** <> ** <> +** <> ** <> [[introduction-to-istio-ambient-mode]] @@ -59,7 +60,7 @@ spec: namespace: ztunnel values: ztunnel: - image: docker.io/istio/ztunnel:1.24.0 + image: docker.io/istio/ztunnel:{istio_latest_version} ---- NOTE: If you need a specific Istio version, you can explicitly set it using `spec.version`. If not specified, the Operator will install the latest supported version. @@ -100,7 +101,7 @@ kubectl create namespace istio-system kubectl label namespace istio-system istio-discovery=enabled ---- -. Create the `Istio` resource. +. Create the `Istio` resource. + NOTE: The Istio resource `.spec.values.pilot.trustedZtunnelNamespace` value should match the namespace that we will install a `ZTunnel` resource at. + @@ -346,7 +347,7 @@ Next, click and select `Show Badges`, `Security` from the `Display` drop-down. Y image::images/kiali-security.png[Kiali Security] -In the https://kiali.io/docs/features/ambient/[Kiali documentation] there is a list of all the Ambient features. +In the https://kiali.io/docs/features/ambient/[Kiali documentation] there is a list of all the Ambient features. [[troubleshoot-issues]] === Troubleshoot issues @@ -398,6 +399,20 @@ kubectl -n ztunnel logs -l app=ztunnel | grep -E "inbound|outbound" Validate the `src.identity` and `dst.identity` values are correct. They are the identities used for the mTLS communication among the source and destination workloads. +[[update]] +== Update + +For detailed information on updating Istio when deployed in ambient mode, see link:../update-strategy/update-strategy.adoc#update-strategy[Update Strategy]. + +IMPORTANT: **Only the InPlace update strategy is supported for ambient mode.** This is due to ZTunnel's cluster-wide singleton architecture - only one ztunnel instance can run in the cluster at a time, making canary-style upgrades impractical with RevisionBased updates. + +The update strategy guide covers: + +- InPlace strategy for ambient mode - see link:../update-strategy/update-strategy.adoc#inplace-ambient-mode-considerations[InPlace Strategy for Ambient Mode] +- Updating IstioCNI, ZTunnel, and Waypoint proxies - see link:../update-strategy/update-strategy.adoc#updating-ambient-components[Updating Ambient Mode Components] + +For waypoint-specific update procedures, see link:./istio-ambient-waypoint.adoc#update[Waypoint Proxy Update Procedures]. + [[cleanup]] === Cleanup diff --git a/docs/common/istio-ambient-waypoint.adoc b/docs/common/istio-ambient-waypoint.adoc index d68348752..6a718342e 100644 --- a/docs/common/istio-ambient-waypoint.adoc +++ b/docs/common/istio-ambient-waypoint.adoc @@ -16,6 +16,10 @@ link:../README.adoc[Return to Project Root] *** <> *** <> **** <> + ** <> + *** <> + *** <> + *** <> ** <> *** <> *** <> @@ -134,6 +138,114 @@ kubectl label ns bookinfo istio.io/use-waypoint-namespace=foo kubectl label ns bookinfo istio.io/use-waypoint=waypoint-foo ---- + +[[update]] +== Update + +This section provides detailed procedures for updating waypoint proxies in ambient mode using the InPlace update strategy. + +[[updating-waypoint-proxies]] +=== Updating Waypoint Proxies + +Waypoint proxies automatically update when the control plane is updated. The istiod control plane reconciles the waypoint deployment and updates it to the new version. + +==== InPlace Strategy + +When using InPlace updates, waypoint proxies automatically transition to the new control plane version. + +1. Verify waypoint proxy pods are running: + +[source,bash,subs="attributes+"] +---- +$ kubectl get pods -n bookinfo -l gateway.networking.k8s.io/gateway-name=waypoint +NAME READY STATUS RESTARTS AGE +waypoint-5d9c8b7f9-abc12 1/1 Running 0 5m +---- + +2. Confirm the waypoint proxy is connected to the new control plane: + +[source,bash,subs="attributes+"] +---- +$ istioctl proxy-status | grep waypoint +waypoint-5d9c8b7f9-abc12.bookinfo SYNCED SYNCED SYNCED SYNCED istiod-6cf8d4f9cb-wm7x6.istio-system {istio_latest_version} +---- + +The `SYNCED` status indicates the waypoint is receiving configuration from the control plane. The version column shows the updated Istio version. + + +[[l7-feature-verification-during-updates]] +=== L7 Feature Verification During Updates + +After updating waypoint proxies, verify Layer 7 features work correctly. + +==== Traffic Routing + +Test that HTTPRoute rules are enforced. See <> for setup details with a 90/10 traffic split. + +1. Test traffic distribution by sending requests and checking which service version handles them: + +[source,bash,subs="attributes+"] +---- +$ for i in {1..10}; do kubectl exec "$(kubectl get pod -l app=productpage -n bookinfo -o jsonpath='{.items[0].metadata.name}')" -c istio-proxy -n bookinfo -- curl -s http://reviews:9080/reviews/0 | grep -o "reviews-v[0-9]"; done +reviews-v1 +reviews-v1 +reviews-v1 +reviews-v1 +reviews-v2 +reviews-v1 +reviews-v1 +reviews-v1 +reviews-v1 +reviews-v1 +---- + +The output should match your HTTPRoute configuration. With a 90/10 split, expect about 9 requests to reviews-v1 and 1 to reviews-v2. + +==== Authorization Policies + +Test that L7 authorization policies are enforced. The `productpage-waypoint` AuthorizationPolicy (see <>) allows only the curl service to send GET requests to productpage. + +1. Test denied access - Services not in the allow list should be denied: + +[source,bash,subs="attributes+"] +---- +$ kubectl exec "$(kubectl get pod -l app=ratings -n bookinfo -o jsonpath='{.items[0].metadata.name}')" -c ratings -n bookinfo -- curl -sS productpage:9080/productpage +RBAC: access denied +---- + +The ratings service is denied because it's not in the allow list. + +2. Test allowed access - The curl service should access productpage successfully: + +[source,bash,subs="attributes+"] +---- +$ kubectl exec "$(kubectl get pod -l app=curl -n default -o jsonpath='{.items[0].metadata.name}')" -c curl -n default -- curl -sS http://productpage.bookinfo:9080/productpage | grep -o ".*" +Simple Bookstore App +---- + +The request succeeds because the curl service matches the policy rules. + +[[cross-namespace-waypoint-updates]] +=== Cross-namespace Waypoint Updates + +For cross-namespace waypoints, verify the namespace labels are correct. + +1. Check namespace labels: + +[source,bash,subs="attributes+"] +---- +$ kubectl get ns bookinfo --show-labels | grep waypoint +bookinfo Active istio.io/use-waypoint-namespace=foo,istio.io/use-waypoint=waypoint-foo +---- + +2. Re-apply labels if needed: + +[source,bash,subs="attributes+"] +---- +$ kubectl label ns bookinfo istio.io/use-waypoint-namespace=foo --overwrite +$ kubectl label ns bookinfo istio.io/use-waypoint=waypoint-foo --overwrite +---- + [[layer-7-features-in-ambient-mode]] == Layer 7 Features in Ambient Mode @@ -258,4 +370,4 @@ kubectl delete -n bookinfo -f https://raw.githubusercontent.com/istio/istio/{ist [source,bash,subs="attributes+"] ---- kubectl delete -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/standard-install.yaml ----- \ No newline at end of file +---- diff --git a/docs/migrate-from-sidecar-to-ambient/migration.adoc b/docs/migrate-from-sidecar-to-ambient/migration.adoc index f6cede2a8..f3deddaab 100644 --- a/docs/migrate-from-sidecar-to-ambient/migration.adoc +++ b/docs/migrate-from-sidecar-to-ambient/migration.adoc @@ -1,3 +1,11 @@ +// Variables embedded for GitHub compatibility +:istio_latest_version: 1.28.0 +:istio_latest_version_revision_format: 1-28-0 +:istio_latest_tag: v1.28-latest +:istio_release_name: release-1.28 +:istio_latest_minus_one_version: 1.27.3 +:istio_latest_minus_one_version_revision_format: 1-27-3 + = Migrating from Sidecar to Ambient Mode This guide provides a comprehensive, step-by-step process for migrating an existing Sail Operator deployment from sidecar mode to ambient mode. The migration approach is designed to achieve a near zero-downtime transition while maintaining all security policies and service mesh functionality. @@ -205,7 +213,7 @@ kubectl get pods -n sail-operator # Check Istio control plane version kubectl get istio -n istio-system NAME NAMESPACE PROFILE REVISIONS READY IN USE ACTIVE REVISION STATUS VERSION AGE -default istio-system 1 1 1 default Healthy v1.27.0 20m +default istio-system 1 1 1 default Healthy v{istio_latest_version} 20m ---- [NOTE] @@ -358,7 +366,7 @@ metadata: name: default namespace: istio-system spec: - version: v1.27.0 + version: v{istio_latest_version} namespace: istio-system updateStrategy: type: InPlace # Set your preferred update strategy @@ -445,7 +453,7 @@ kubectl get daemonset -n ztunnel # Confirm cluster setup validation passes kubectl get ztunnel -n ztunnel NAME NAMESPACE PROFILE READY STATUS VERSION AGE -default ztunnel True Healthy v1.27.0 12m +default ztunnel True Healthy v{istio_latest_version} 12m ---- **If rollback needed**: See <> for Step 2 cluster setup rollback instructions (Low Risk). diff --git a/docs/update-strategy/update-strategy.adoc b/docs/update-strategy/update-strategy.adoc index 132aead70..ad5a879de 100644 --- a/docs/update-strategy/update-strategy.adoc +++ b/docs/update-strategy/update-strategy.adoc @@ -14,18 +14,34 @@ link:../../README.adoc[Return to Project Root] - <> - <> - <> + - <> - <> - <> - <> +- <> + - <> + - <> + - <> + - <> + - <> [[update-strategy]] == Update Strategy -The Sail Operator supports two update strategies to update the version of the Istio control plane: `InPlace` and `RevisionBased`. The default strategy is `InPlace`. +The Sail Operator supports two update strategies: `InPlace` and `RevisionBased`. The default is `InPlace`. + +**For ambient mode updates:** + +IMPORTANT: **Only the InPlace strategy is supported for ambient mode.** This is due to ZTunnel's cluster-wide singleton architecture - only one ztunnel instance can run in the cluster at a time, making canary-style upgrades impractical with RevisionBased updates. + +* Components update order: Control Plane → IstioCNI → ZTunnel +* No pod restart needed (in ambient mode, the ztunnel maintains xDS connections to istiod, not application workloads directly) + +NOTE: Ambient mode requires Istio 1.24.0 or later. For installation, see link:../common/istio-ambient-mode.adoc[Istio Ambient Mode]. [[inplace]] == InPlace -When the `InPlace` strategy is used, the existing Istio control plane is replaced with a new version. The workload sidecars immediately connect to the new control plane. The workloads therefore don't need to be moved from one control plane instance to another. +With InPlace, the existing control plane is replaced with a new version. Workload sidecars immediately connect to the new control plane. Workloads don't need to be moved from one control plane instance to another. [[example-using-the-inplace-strategy]] === Example using the InPlace strategy @@ -148,7 +164,7 @@ endif::[] + [source,bash,subs="attributes+",name="inplace-update-strategy"] ---- -istioctl proxy-status +istioctl proxy-status ---- The column `VERSION` should match the new control plane version. @@ -158,11 +174,26 @@ endif::[] [[recommendations-for-inplace-strategy]] === Recommendations for InPlace Strategy -During `InPlace` updates, the control plane pods are restarted, which may cause temporary service disruptions. To minimize downtime during updates, we recommend configuring the `istiod` deployment with high availability (HA). For more information, please refer to this link:../../docs/general/istiod-ha.adoc[guide]. +InPlace updates restart control plane pods, which may cause brief service disruptions. Configure istiod with high availability (HA) to minimize downtime. See the link:../../docs/general/istiod-ha.adoc[HA guide]. + +[[inplace-ambient-mode-considerations]] +=== InPlace Strategy for Ambient Mode + +With InPlace updates in ambient mode, all components update directly. In ambient mode, the ztunnel maintains xDS connections to istiod, not application workloads directly. IstioCNI and ZTunnel use rolling updates. Brief traffic interruption may occur during control plane updates. Running multiple istiod replicas helps minimize this risk but doesn't eliminate it. For details, see the https://istio.io/latest/docs/ambient/upgrade/helm/#understanding-ambient-mode-upgrades[Istio ambient mode upgrade documentation]. + +**Update sequence for ambient mode:** + +1. Istio control plane (patch version in Istio resource) +2. IstioCNI (patch to same version) +3. ZTunnel (patch to same version) + +See <> for detailed IstioCNI and ZTunnel update procedures. + +*Tip:* Running istiod in HA mode reduces traffic disruptions during updates. See the link:../../docs/general/istiod-ha.adoc[HA guide]. [[revisionbased]] == RevisionBased -When the `RevisionBased` strategy is used, a new Istio control plane instance is created for every change to the `Istio.spec.version` field. The old control plane remains in place until all workloads have been moved to the new control plane instance. This needs to be done by the user by updating the namespace label and restarting all the pods. The old control plane will be deleted after the grace period specified in the `Istio` resource field `spec.updateStrategy.inactiveRevisionDeletionGracePeriodSeconds`. +With RevisionBased, a new control plane instance is created for each version change. The old control plane stays until workloads migrate to the new version. The migration is triggered by updating namespace labels and restarting pods. The old control plane is deleted after the grace period in `spec.updateStrategy.inactiveRevisionDeletionGracePeriodSeconds`. [[example-using-the-revisionbased-strategy]] === Example using the RevisionBased strategy @@ -267,7 +298,7 @@ endif::[] + [source,bash,subs="attributes+"] ---- -istioctl proxy-status +istioctl proxy-status ---- The column `VERSION` should match the control plane version. @@ -322,7 +353,7 @@ endif::[] + [source,bash,subs="attributes+",name="revision-based-strategy"] ---- -istioctl proxy-status +istioctl proxy-status ---- The column `VERSION` should still match the old control plane version. @@ -362,7 +393,7 @@ endif::[] + [source,bash,subs="attributes+",name="revision-based-strategy"] ---- -istioctl proxy-status +istioctl proxy-status ---- The column `VERSION` should match the updated control plane version. @@ -507,7 +538,7 @@ endif::[] + [source,bash,subs="attributes+"] ---- -istioctl proxy-status +istioctl proxy-status ---- The column `VERSION` should match the control plane version. @@ -554,7 +585,7 @@ endif::[] + [source,bash,subs="attributes+",name="revision-istiorevisiontag-strategy"] ---- -istioctl proxy-status +istioctl proxy-status ---- The column `VERSION` should still match the old control plane version. @@ -574,7 +605,7 @@ kubectl rollout restart deployment -n bookinfo + [source,bash,subs="attributes+"] ---- -istioctl proxy-status +istioctl proxy-status ---- The column `VERSION` should match the updated control plane version. @@ -613,4 +644,103 @@ with_retries istiod_pods_count "1" echo "Confirm istiorevision is deleted" with_retries istio_revisions_ready_count "1" print_istio_info -endif::[] \ No newline at end of file +endif::[] + +[[updating-ambient-components]] +== Updating Ambient Mode Components + +This section covers updating IstioCNI, ZTunnel, and Waypoint proxies after control plane updates using the InPlace update strategy. + +[[updating-istiocni-ambient]] +=== Updating IstioCNI + +After updating the Istio control plane, update the IstioCNI component. The CNI at version 1.x is compatible with the control plane at version 1.x+1 and 1.x, so the control plane must be upgraded before IstioCNI. + +[source,bash,subs="attributes+"] +---- +kubectl patch istiocni default --type='merge' -p '{"spec":{"version":"v{istio_latest_version}"}}' +kubectl wait --for=condition=Ready istiocnis/default --timeout=5m +---- + +[[updating-ztunnel-ambient]] +=== Updating ZTunnel + +After updating IstioCNI, update the ZTunnel component. The ZTunnel DaemonSet uses a rolling update strategy, updating one node at a time to maintain mesh connectivity. + +[source,bash,subs="attributes+"] +---- +kubectl patch ztunnel default --type='merge' -p '{"spec":{"version":"v{istio_latest_version}"}}' +kubectl rollout status daemonset/ztunnel -n ztunnel +kubectl wait --for=condition=Ready ztunnel/default --timeout=10m +---- + +*Note:* The ZTunnel DaemonSet update may take several minutes as pods are updated node-by-node to minimize disruption. + +Verify the ZTunnel resource shows the new version: + +[source,bash,subs="attributes+"] +---- +kubectl get ztunnel +kubectl get pods -n ztunnel -o wide +---- + +[[verifying-ambient-workloads]] +=== Verifying Ambient Workloads + +After updating all ambient components, verify that your workloads are functioning correctly: + +[source,bash,subs="attributes+"] +---- +# Check workload status +kubectl get pods -n + +# Verify ZTunnel is processing traffic +istioctl ztunnel-config workloads --namespace ztunnel | grep + +# Test connectivity within your mesh +kubectl exec -n -- curl -sS : +---- + +[[updating-waypoint-proxies]] +=== Updating Waypoint Proxies (If Deployed) + +If you have deployed waypoint proxies for Layer 7 features, they automatically update to use the new control plane. Verify after upgrade: + +[source,bash,subs="attributes+"] +---- +# List waypoint proxies +kubectl get gateway -n + +# Verify waypoint pods are running +kubectl get pods -n -l gateway.networking.k8s.io/gateway-name= +---- + +For detailed waypoint configuration, see link:../common/istio-ambient-waypoint.adoc[Istio Waypoint Proxy Guide]. + +[[ambient-special-considerations]] +=== Special Considerations for Ambient Mode + +**ZTunnel DaemonSet Updates:** + +When upgrading the ambient cluster, new mTLS connections continue to function normally. However, upgrading ztunnel will cause existing long-lived TCP connections on the upgraded node to reset after a grace period. For production upgrades, use node cordoning or blue/green node pools. + +* Rolling updates update one node at a time by default +* New connections may experience brief latency while a node's ZTunnel restarts + +**Version Skew:** + +* ZTunnel at version 1.x is compatible with control plane at version 1.x+1 and 1.x +* Keep all components (Istio, IstioCNI, ZTunnel) at the same version when possible +* Always test version combinations in non-production first +* IstioCNI at version 1.x is compatible with control plane at version 1.x+1 and 1.x + +**Waypoint Proxy Compatibility:** + +* Waypoint proxies automatically reference the active control plane revision +* With InPlace: waypoints transition directly to the new version +* With RevisionBased: waypoints can function with both revisions during migration + +**Troubleshooting:** + +* ZTunnel: https://istio.io/latest/docs/ambient/usage/troubleshoot-ztunnel/ +* Waypoint: https://istio.io/latest/docs/ambient/usage/troubleshoot-waypoint/ \ No newline at end of file From 2c9fc6627f01183daf6abb9574850edef285da01 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Thu, 29 Jan 2026 03:28:43 -0500 Subject: [PATCH 16/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1551) Signed-off-by: openshift-service-mesh-bot --- .devcontainer/devcontainer.json | 2 +- .github/workflows/update-deps.yaml | 2 +- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- common/.commonfiles.sha | 2 +- common/scripts/setup_env.sh | 2 +- docs/api-reference/sailoperator.io.md | 10 +++---- .../migration.adoc | 8 +++--- go.mod | 6 ++-- go.sum | 12 ++++---- pkg/istioversion/versions.yaml | 18 ++++++------ ...b2a6147edf0e6172b55988bdd60052f67.tgz.etag | 1 - ...b2a6147edf0e6172b55988bdd60052f67.tgz.etag | 1 - resources/v1.30-alpha.299edbbb/commit | 1 - ...b2a6147edf0e6172b55988bdd60052f67.tgz.etag | 1 - ...b2a6147edf0e6172b55988bdd60052f67.tgz.etag | 1 - ...b2a6147edf0e6172b55988bdd60052f67.tgz.etag | 1 - ...13f2147b3530261d4bb5a57278bfe3c40.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 1 + .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 4 ++- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...13f2147b3530261d4bb5a57278bfe3c40.tgz.etag | 1 + resources/v1.30-alpha.ec64c671/commit | 1 + ...13f2147b3530261d4bb5a57278bfe3c40.tgz.etag | 1 + ...13f2147b3530261d4bb5a57278bfe3c40.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...13f2147b3530261d4bb5a57278bfe3c40.tgz.etag | 1 + 226 files changed, 109 insertions(+), 106 deletions(-) delete mode 100644 resources/v1.30-alpha.299edbbb/base-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag delete mode 100644 resources/v1.30-alpha.299edbbb/cni-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag delete mode 100644 resources/v1.30-alpha.299edbbb/commit delete mode 100644 resources/v1.30-alpha.299edbbb/gateway-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag delete mode 100644 resources/v1.30-alpha.299edbbb/istiod-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag delete mode 100644 resources/v1.30-alpha.299edbbb/ztunnel-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag create mode 100644 resources/v1.30-alpha.ec64c671/base-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/README.md (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/templates/configmap-cni.yaml (96%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/cni/values.yaml (97%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.ec64c671/cni-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag create mode 100644 resources/v1.30-alpha.ec64c671/commit create mode 100644 resources/v1.30-alpha.ec64c671/gateway-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag create mode 100644 resources/v1.30-alpha.ec64c671/istiod-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.299edbbb => v1.30-alpha.ec64c671}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.ec64c671/ztunnel-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 26235b486..dd653dd89 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "istio build-tools", - "image": "gcr.io/istio-testing/build-tools:master-116bd1273dfc5d27136461597f5ff54f535f416b", + "image": "gcr.io/istio-testing/build-tools:master-eebcdda8856e2d4f528991d27d4808880cce4c52", "privileged": true, "remoteEnv": { "USE_GKE_GCLOUD_AUTH_PLUGIN": "True", diff --git a/.github/workflows/update-deps.yaml b/.github/workflows/update-deps.yaml index 14b95abae..418beec6e 100644 --- a/.github/workflows/update-deps.yaml +++ b/.github/workflows/update-deps.yaml @@ -16,7 +16,7 @@ jobs: update-deps: runs-on: ubuntu-latest container: - image: gcr.io/istio-testing/build-tools:master-116bd1273dfc5d27136461597f5ff54f535f416b + image: gcr.io/istio-testing/build-tools:master-eebcdda8856e2d4f528991d27d4808880cce4c52 options: --entrypoint '' steps: diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 05e0cdf1c..761576632 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.299edbbb + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.ec64c671 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 4b6a2d476..e059a4f14 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.299edbbb + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.ec64c671 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 83d14fcc7..46802b535 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.299edbbb. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.299edbbb + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.ec64c671. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.ec64c671 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index cf415fab0..013bce830 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.299edbbb + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.ec64c671 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 23f4e4412..4d24880c6 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.299edbbb + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.ec64c671 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index cba28f47a..fbd42373a 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-01-28T05:10:30Z" + createdAt: "2026-01-29T05:47:20Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.299edbbb. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.ec64c671. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.299edbbb + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.299edbbb + - v1.30-alpha.ec64c671 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_299edbbb.cni: gcr.io/istio-testing/install-cni:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 - images.v1_30-alpha_299edbbb.istiod: gcr.io/istio-testing/pilot:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 - images.v1_30-alpha_299edbbb.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 - images.v1_30-alpha_299edbbb.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 + images.v1_30-alpha_ec64c671.cni: gcr.io/istio-testing/install-cni:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 + images.v1_30-alpha_ec64c671.istiod: gcr.io/istio-testing/pilot:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 + images.v1_30-alpha_ec64c671.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 + images.v1_30-alpha_ec64c671.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 11268f1ae..b84467b03 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.299edbbb + - v1.30-alpha.ec64c671 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 789ee7802..7647f4b2a 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.299edbbb. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.ec64c671. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.299edbbb + - v1.30-alpha.ec64c671 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index ff8895d34..eea972b81 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.299edbbb + - v1.30-alpha.ec64c671 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 2bcd386bf..1b21a4607 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.299edbbb + - v1.30-alpha.ec64c671 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.299edbbb + - v1.30-alpha.ec64c671 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index b1fcdbd80..1ac62004a 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.299edbbb + - v1.30-alpha.ec64c671 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index c41d343ef..ce8ac8eb4 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.299edbbb. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.ec64c671. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.299edbbb + - v1.30-alpha.ec64c671 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 2b2dad7d8..a9157859d 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.299edbbb + - v1.30-alpha.ec64c671 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index f942b544d..c72ac08c0 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.299edbbb + - v1.30-alpha.ec64c671 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.299edbbb + - v1.30-alpha.ec64c671 type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index d842fe2f6..f90bd765a 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_299edbbb.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 - images.v1_30-alpha_299edbbb.istiod: gcr.io/istio-testing/pilot:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 - images.v1_30-alpha_299edbbb.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 - images.v1_30-alpha_299edbbb.cni: gcr.io/istio-testing/install-cni:1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 + images.v1_30-alpha_ec64c671.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 + images.v1_30-alpha_ec64c671.istiod: gcr.io/istio-testing/pilot:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 + images.v1_30-alpha_ec64c671.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 + images.v1_30-alpha_ec64c671.cni: gcr.io/istio-testing/install-cni:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.299edbbb + - v1.30-alpha.ec64c671 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/common/.commonfiles.sha b/common/.commonfiles.sha index eb2da15e6..2116519f3 100644 --- a/common/.commonfiles.sha +++ b/common/.commonfiles.sha @@ -1 +1 @@ -c8c7da1e37326f09038fbd4d895c69259d73db8c +4b0a2a0dfb7b3473a6a7457bb05029afcb8d4e50 diff --git a/common/scripts/setup_env.sh b/common/scripts/setup_env.sh index 619fd5671..fd289b1da 100755 --- a/common/scripts/setup_env.sh +++ b/common/scripts/setup_env.sh @@ -77,7 +77,7 @@ fi TOOLS_REGISTRY_PROVIDER=${TOOLS_REGISTRY_PROVIDER:-gcr.io} PROJECT_ID=${PROJECT_ID:-istio-testing} if [[ "${IMAGE_VERSION:-}" == "" ]]; then - IMAGE_VERSION=master-116bd1273dfc5d27136461597f5ff54f535f416b + IMAGE_VERSION=master-eebcdda8856e2d4f528991d27d4808880cce4c52 fi if [[ "${IMAGE_NAME:-}" == "" ]]; then IMAGE_NAME=build-tools diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 7d1e84417..719121fd3 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.299edbbb] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.ec64c671] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.299edbbb. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.299edbbb] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.ec64c671. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.ec64c671] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.299edbbb] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.ec64c671] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3524,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.299edbbb] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.ec64c671] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3690,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.299edbbb. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.299edbbb] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.ec64c671] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/docs/migrate-from-sidecar-to-ambient/migration.adoc b/docs/migrate-from-sidecar-to-ambient/migration.adoc index f3deddaab..b4ee6e885 100644 --- a/docs/migrate-from-sidecar-to-ambient/migration.adoc +++ b/docs/migrate-from-sidecar-to-ambient/migration.adoc @@ -1,10 +1,10 @@ // Variables embedded for GitHub compatibility -:istio_latest_version: 1.28.0 -:istio_latest_version_revision_format: 1-28-0 +:istio_latest_version: 1.28.3 +:istio_latest_version_revision_format: 1-28-3 :istio_latest_tag: v1.28-latest :istio_release_name: release-1.28 -:istio_latest_minus_one_version: 1.27.3 -:istio_latest_minus_one_version_revision_format: 1-27-3 +:istio_latest_minus_one_version: 1.28.2 +:istio_latest_minus_one_version_revision_format: 1-28-2 = Migrating from Sidecar to Ambient Mode diff --git a/go.mod b/go.mod index f49cdeaaf..37d39b05e 100644 --- a/go.mod +++ b/go.mod @@ -24,8 +24,8 @@ require ( gomodules.xyz/jsonpatch/v2 v2.5.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 - istio.io/client-go v1.29.0-alpha.0.0.20260126233326-65dae2164fa2 - istio.io/istio v0.0.0-20260128013542-299edbbb2a61 + istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6 + istio.io/istio v0.0.0-20260129045944-ec64c6713f21 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 @@ -169,7 +169,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - istio.io/api v1.29.0-alpha.0.0.20260126233127-4914fc685fb3 // indirect + istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098 // indirect k8s.io/apiserver v0.35.0 // indirect k8s.io/component-base v0.35.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect diff --git a/go.sum b/go.sum index b9fb7a71e..7e4d03229 100644 --- a/go.sum +++ b/go.sum @@ -470,12 +470,12 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= helm.sh/helm/v3 v3.18.6 h1:S/2CqcYnNfLckkHLI0VgQbxgcDaU3N4A/46E3n9wSNY= helm.sh/helm/v3 v3.18.6/go.mod h1:L/dXDR2r539oPlFP1PJqKAC1CUgqHJDLkxKpDGrWnyg= -istio.io/api v1.29.0-alpha.0.0.20260126233127-4914fc685fb3 h1:S1MUMQKSCtP4p+Qn159qKrIghMs10maNvo4sF6YHuW0= -istio.io/api v1.29.0-alpha.0.0.20260126233127-4914fc685fb3/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= -istio.io/client-go v1.29.0-alpha.0.0.20260126233326-65dae2164fa2 h1:LRVdFc7s8pXaLpVsPRzOOWareyixXwbAW/reLB3KR7M= -istio.io/client-go v1.29.0-alpha.0.0.20260126233326-65dae2164fa2/go.mod h1:hYl9NytvyOGLcFT5ZPJwk+NiepyelwRwCZUYK7aavug= -istio.io/istio v0.0.0-20260128013542-299edbbb2a61 h1:KMopJA1pahmIbPUWcOLIZ+n4CkqG0SHNso3yWU24+qc= -istio.io/istio v0.0.0-20260128013542-299edbbb2a61/go.mod h1:VAnke99pvFQCN7/9Be8v4oI2jX/jWuP6bb6AZtVnb48= +istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098 h1:4CfBKcddlIEBA6rOMnIFzd+UN+7MaR3m/3/D/xajJw0= +istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= +istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6 h1:FFx8zZzGLXiKSh+8fZ55DyZ9Dxrgm5yIZQC288zTXJI= +istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6/go.mod h1:xyne+dIQweP+ILjaTFIOQ4Dz01X46xUbVgA0oYTAs5Y= +istio.io/istio v0.0.0-20260129045944-ec64c6713f21 h1:PFjUnkoD0POzu99ITeDByFYisQzrvyR62MWOEpteXys= +istio.io/istio v0.0.0-20260129045944-ec64c6713f21/go.mod h1:PRKQ+jbHvK9zbO5lgOTXxrScyyLlfp9daydPe8mcGiI= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 986fde2f6..54c9ee1c1 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.299edbbb - - name: v1.30-alpha.299edbbb - version: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 + ref: v1.30-alpha.ec64c671 + - name: v1.30-alpha.ec64c671 + version: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 repo: https://github.com/istio/istio branch: master - commit: 299edbbb2a6147edf0e6172b55988bdd60052f67 + commit: ec64c6713f2147b3530261d4bb5a57278bfe3c40 charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67/helm/base-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67/helm/cni-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67/helm/gateway-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67/helm/istiod-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67/helm/ztunnel-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40/helm/base-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40/helm/cni-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40/helm/gateway-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40/helm/istiod-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40/helm/ztunnel-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz diff --git a/resources/v1.30-alpha.299edbbb/base-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag b/resources/v1.30-alpha.299edbbb/base-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag deleted file mode 100644 index 0802d8ff6..000000000 --- a/resources/v1.30-alpha.299edbbb/base-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -69b652227b2af5b0058a17340a7ab357 diff --git a/resources/v1.30-alpha.299edbbb/cni-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag b/resources/v1.30-alpha.299edbbb/cni-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag deleted file mode 100644 index 8596d1abf..000000000 --- a/resources/v1.30-alpha.299edbbb/cni-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -cb76b5ed1c402be1c6d4a0cf65a2f05c diff --git a/resources/v1.30-alpha.299edbbb/commit b/resources/v1.30-alpha.299edbbb/commit deleted file mode 100644 index b1dadf910..000000000 --- a/resources/v1.30-alpha.299edbbb/commit +++ /dev/null @@ -1 +0,0 @@ -299edbbb2a6147edf0e6172b55988bdd60052f67 diff --git a/resources/v1.30-alpha.299edbbb/gateway-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag b/resources/v1.30-alpha.299edbbb/gateway-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag deleted file mode 100644 index fd4bb1bc3..000000000 --- a/resources/v1.30-alpha.299edbbb/gateway-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -a1320e9cbcb6f6cb74de3e3d17a45180 diff --git a/resources/v1.30-alpha.299edbbb/istiod-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag b/resources/v1.30-alpha.299edbbb/istiod-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag deleted file mode 100644 index 1f82225e2..000000000 --- a/resources/v1.30-alpha.299edbbb/istiod-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -94869e6c06aeecd09e619c16364afd19 diff --git a/resources/v1.30-alpha.299edbbb/ztunnel-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag b/resources/v1.30-alpha.299edbbb/ztunnel-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag deleted file mode 100644 index d90369a99..000000000 --- a/resources/v1.30-alpha.299edbbb/ztunnel-1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -7de7bf5ce2bf51d3acef212b10499b37 diff --git a/resources/v1.30-alpha.ec64c671/base-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag b/resources/v1.30-alpha.ec64c671/base-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag new file mode 100644 index 000000000..4cb35cc01 --- /dev/null +++ b/resources/v1.30-alpha.ec64c671/base-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag @@ -0,0 +1 @@ +13bbae924831cfdfed5fea797ee0037f diff --git a/resources/v1.30-alpha.299edbbb/charts/base/Chart.yaml b/resources/v1.30-alpha.ec64c671/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.299edbbb/charts/base/Chart.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/Chart.yaml index f13841910..7e6b3c68c 100644 --- a/resources/v1.30-alpha.299edbbb/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.ec64c671/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 +appVersion: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 +version: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 diff --git a/resources/v1.30-alpha.299edbbb/charts/base/README.md b/resources/v1.30-alpha.ec64c671/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/README.md rename to resources/v1.30-alpha.ec64c671/charts/base/README.md diff --git a/resources/v1.30-alpha.299edbbb/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.ec64c671/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.ec64c671/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.ec64c671/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.ec64c671/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.ec64c671/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.ec64c671/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.ec64c671/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.299edbbb/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.ec64c671/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.ec64c671/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.ec64c671/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.ec64c671/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/base/values.yaml b/resources/v1.30-alpha.ec64c671/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/base/values.yaml rename to resources/v1.30-alpha.ec64c671/charts/base/values.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/Chart.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.299edbbb/charts/cni/Chart.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/Chart.yaml index e67a323db..dc1e7956d 100644 --- a/resources/v1.30-alpha.299edbbb/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.ec64c671/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 +appVersion: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 +version: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/README.md b/resources/v1.30-alpha.ec64c671/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/README.md rename to resources/v1.30-alpha.ec64c671/charts/cni/README.md diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.ec64c671/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.ec64c671/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.ec64c671/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.ec64c671/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/templates/configmap-cni.yaml similarity index 96% rename from resources/v1.30-alpha.299edbbb/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/templates/configmap-cni.yaml index 98bc60ac0..9b5dd4792 100644 --- a/resources/v1.30-alpha.299edbbb/charts/cni/templates/configmap-cni.yaml +++ b/resources/v1.30-alpha.ec64c671/charts/cni/templates/configmap-cni.yaml @@ -18,6 +18,7 @@ data: AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | quote }} AMBIENT_IPV6: {{ .Values.ambient.ipv6 | quote }} AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | quote }} + ENABLE_AMBIENT_DETECTION_RETRY: {{ .Values.ambient.enableAmbientDetectionRetry | quote }} {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. {{- end }} diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/cni/values.yaml b/resources/v1.30-alpha.ec64c671/charts/cni/values.yaml similarity index 97% rename from resources/v1.30-alpha.299edbbb/charts/cni/values.yaml rename to resources/v1.30-alpha.ec64c671/charts/cni/values.yaml index 2641989e9..69913a5d2 100644 --- a/resources/v1.30-alpha.299edbbb/charts/cni/values.yaml +++ b/resources/v1.30-alpha.ec64c671/charts/cni/values.yaml @@ -75,6 +75,8 @@ _internal_defaults_do_not_set: reconcileIptablesOnStartup: true # If enabled, and ambient is enabled, the CNI agent will always share the network namespace of the host node it is running on shareHostNetworkNamespace: false + # If enabled, the CNI agent will retry checking if a pod is ambient enabled when there are errors + enableAmbientDetectionRetry: false repair: @@ -153,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 + tag: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/Chart.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.299edbbb/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/Chart.yaml index 2cce9a9a8..260e4a4c3 100644 --- a/resources/v1.30-alpha.299edbbb/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.ec64c671/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 +appVersion: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 +version: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/README.md b/resources/v1.30-alpha.ec64c671/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/README.md rename to resources/v1.30-alpha.ec64c671/charts/gateway/README.md diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.ec64c671/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.ec64c671/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.ec64c671/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.ec64c671/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/values.schema.json b/resources/v1.30-alpha.ec64c671/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/values.schema.json rename to resources/v1.30-alpha.ec64c671/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.299edbbb/charts/gateway/values.yaml b/resources/v1.30-alpha.ec64c671/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/gateway/values.yaml rename to resources/v1.30-alpha.ec64c671/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/Chart.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.299edbbb/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/Chart.yaml index 00faa8aad..8ffcc7cec 100644 --- a/resources/v1.30-alpha.299edbbb/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.ec64c671/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 +appVersion: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 +version: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/README.md b/resources/v1.30-alpha.ec64c671/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/README.md rename to resources/v1.30-alpha.ec64c671/charts/istiod/README.md diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/istiod/values.yaml b/resources/v1.30-alpha.ec64c671/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.299edbbb/charts/istiod/values.yaml rename to resources/v1.30-alpha.ec64c671/charts/istiod/values.yaml index 84a34eb40..733cb4c94 100644 --- a/resources/v1.30-alpha.299edbbb/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.ec64c671/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 + tag: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/Chart.yaml index f002d09ca..1736ea48a 100644 --- a/resources/v1.30-alpha.299edbbb/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.ec64c671/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 +appVersion: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/revisiontags/values.yaml b/resources/v1.30-alpha.ec64c671/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.299edbbb/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.ec64c671/charts/revisiontags/values.yaml index 84a34eb40..733cb4c94 100644 --- a/resources/v1.30-alpha.299edbbb/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.ec64c671/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 + tag: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/Chart.yaml index 171dbf025..619ffdac3 100644 --- a/resources/v1.30-alpha.299edbbb/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.ec64c671/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 +appVersion: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 +version: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/README.md b/resources/v1.30-alpha.ec64c671/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/README.md rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.299edbbb/charts/ztunnel/values.yaml b/resources/v1.30-alpha.ec64c671/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.299edbbb/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.ec64c671/charts/ztunnel/values.yaml index 29c8129bd..ae08d5dae 100644 --- a/resources/v1.30-alpha.299edbbb/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.ec64c671/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.299edbbb2a6147edf0e6172b55988bdd60052f67 + tag: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.ec64c671/cni-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag b/resources/v1.30-alpha.ec64c671/cni-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag new file mode 100644 index 000000000..e982aef95 --- /dev/null +++ b/resources/v1.30-alpha.ec64c671/cni-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag @@ -0,0 +1 @@ +ad9d83fb80ba1f037cc5a1d1cc11163e diff --git a/resources/v1.30-alpha.ec64c671/commit b/resources/v1.30-alpha.ec64c671/commit new file mode 100644 index 000000000..05165f3c0 --- /dev/null +++ b/resources/v1.30-alpha.ec64c671/commit @@ -0,0 +1 @@ +ec64c6713f2147b3530261d4bb5a57278bfe3c40 diff --git a/resources/v1.30-alpha.ec64c671/gateway-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag b/resources/v1.30-alpha.ec64c671/gateway-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag new file mode 100644 index 000000000..cafe901a8 --- /dev/null +++ b/resources/v1.30-alpha.ec64c671/gateway-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag @@ -0,0 +1 @@ +9468db88e57f702e13c02b008e55daff diff --git a/resources/v1.30-alpha.ec64c671/istiod-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag b/resources/v1.30-alpha.ec64c671/istiod-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag new file mode 100644 index 000000000..3aecaba35 --- /dev/null +++ b/resources/v1.30-alpha.ec64c671/istiod-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag @@ -0,0 +1 @@ +848d87264c171a269187c75054255e9b diff --git a/resources/v1.30-alpha.299edbbb/profiles/ambient.yaml b/resources/v1.30-alpha.ec64c671/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/profiles/ambient.yaml rename to resources/v1.30-alpha.ec64c671/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.299edbbb/profiles/default.yaml b/resources/v1.30-alpha.ec64c671/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/profiles/default.yaml rename to resources/v1.30-alpha.ec64c671/profiles/default.yaml diff --git a/resources/v1.30-alpha.299edbbb/profiles/demo.yaml b/resources/v1.30-alpha.ec64c671/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/profiles/demo.yaml rename to resources/v1.30-alpha.ec64c671/profiles/demo.yaml diff --git a/resources/v1.30-alpha.299edbbb/profiles/empty.yaml b/resources/v1.30-alpha.ec64c671/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/profiles/empty.yaml rename to resources/v1.30-alpha.ec64c671/profiles/empty.yaml diff --git a/resources/v1.30-alpha.299edbbb/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.ec64c671/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.ec64c671/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.299edbbb/profiles/openshift.yaml b/resources/v1.30-alpha.ec64c671/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/profiles/openshift.yaml rename to resources/v1.30-alpha.ec64c671/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.299edbbb/profiles/preview.yaml b/resources/v1.30-alpha.ec64c671/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/profiles/preview.yaml rename to resources/v1.30-alpha.ec64c671/profiles/preview.yaml diff --git a/resources/v1.30-alpha.299edbbb/profiles/remote.yaml b/resources/v1.30-alpha.ec64c671/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/profiles/remote.yaml rename to resources/v1.30-alpha.ec64c671/profiles/remote.yaml diff --git a/resources/v1.30-alpha.299edbbb/profiles/stable.yaml b/resources/v1.30-alpha.ec64c671/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.299edbbb/profiles/stable.yaml rename to resources/v1.30-alpha.ec64c671/profiles/stable.yaml diff --git a/resources/v1.30-alpha.ec64c671/ztunnel-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag b/resources/v1.30-alpha.ec64c671/ztunnel-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag new file mode 100644 index 000000000..cd46dcaae --- /dev/null +++ b/resources/v1.30-alpha.ec64c671/ztunnel-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag @@ -0,0 +1 @@ +3c4ff03da731af06fbffbefe445daef1 From 68740e1a11cd73ce2f33e9820fa5797532ab940b Mon Sep 17 00:00:00 2001 From: Maxim Babushkin Date: Thu, 29 Jan 2026 19:00:44 +0200 Subject: [PATCH 17/40] Fix profile column status (#1553) Fix appearance of the profile value in profile column of Istio and IstioCNI objects, which currently missing. When any kind of profile specified within the manifest, its value should appear under profile column. Signed-off-by: Maxim Babushkin --- api/v1/istio_types.go | 2 +- api/v1/istiocni_types.go | 2 +- bundle/manifests/sailoperator.io_istiocnis.yaml | 2 +- bundle/manifests/sailoperator.io_istios.yaml | 2 +- chart/crds/sailoperator.io_istiocnis.yaml | 2 +- chart/crds/sailoperator.io_istios.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 761576632..d3ab2cbdb 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -261,7 +261,7 @@ const ( // +kubebuilder:resource:scope=Cluster,categories=istio-io // +kubebuilder:subresource:status // +kubebuilder:printcolumn:name="Namespace",type="string",JSONPath=".spec.namespace",description="The namespace for the control plane components." -// +kubebuilder:printcolumn:name="Profile",type="string",JSONPath=".spec.values.profile",description="The selected profile (collection of value presets)." +// +kubebuilder:printcolumn:name="Profile",type="string",JSONPath=".spec.profile",description="The selected profile (collection of value presets)." // +kubebuilder:printcolumn:name="Revisions",type="string",JSONPath=".status.revisions.total",description="Total number of IstioRevision objects currently associated with this object." // +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.revisions.ready",description="Number of revisions that are ready." // +kubebuilder:printcolumn:name="In use",type="string",JSONPath=".status.revisions.inUse",description="Number of revisions that are currently being used by workloads." diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index e059a4f14..5aac59fcb 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -168,7 +168,7 @@ const ( // +kubebuilder:resource:scope=Cluster,categories=istio-io // +kubebuilder:subresource:status // +kubebuilder:printcolumn:name="Namespace",type="string",JSONPath=".spec.namespace",description="The namespace of the istio-cni-node DaemonSet." -// +kubebuilder:printcolumn:name="Profile",type="string",JSONPath=".spec.values.profile",description="The selected profile (collection of value presets)." +// +kubebuilder:printcolumn:name="Profile",type="string",JSONPath=".spec.profile",description="The selected profile (collection of value presets)." // +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Ready\")].status",description="Whether the Istio CNI installation is ready to handle requests." // +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.state",description="The current state of this object." // +kubebuilder:printcolumn:name="Version",type="string",JSONPath=".spec.version",description="The version of the Istio CNI installation." diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index b84467b03..5895ea2e5 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -22,7 +22,7 @@ spec: name: Namespace type: string - description: The selected profile (collection of value presets). - jsonPath: .spec.values.profile + jsonPath: .spec.profile name: Profile type: string - description: Whether the Istio CNI installation is ready to handle requests. diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index eea972b81..61bbcf4e4 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -22,7 +22,7 @@ spec: name: Namespace type: string - description: The selected profile (collection of value presets). - jsonPath: .spec.values.profile + jsonPath: .spec.profile name: Profile type: string - description: Total number of IstioRevision objects currently associated with diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 1ac62004a..371da2eab 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -22,7 +22,7 @@ spec: name: Namespace type: string - description: The selected profile (collection of value presets). - jsonPath: .spec.values.profile + jsonPath: .spec.profile name: Profile type: string - description: Whether the Istio CNI installation is ready to handle requests. diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index a9157859d..928448787 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -22,7 +22,7 @@ spec: name: Namespace type: string - description: The selected profile (collection of value presets). - jsonPath: .spec.values.profile + jsonPath: .spec.profile name: Profile type: string - description: Total number of IstioRevision objects currently associated with From fc53144079ad1e650296f4c4dc3a74085cd4d431 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Fri, 30 Jan 2026 00:41:44 -0500 Subject: [PATCH 18/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1557) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 2 +- go.sum | 4 +-- pkg/istioversion/versions.yaml | 18 ++++++------ ...2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag | 1 + resources/v1.30-alpha.3c78a9f2/commit | 1 + ...2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag | 1 + ...2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag | 1 + ...13f2147b3530261d4bb5a57278bfe3c40.tgz.etag | 1 - ...13f2147b3530261d4bb5a57278bfe3c40.tgz.etag | 1 - resources/v1.30-alpha.ec64c671/commit | 1 - ...13f2147b3530261d4bb5a57278bfe3c40.tgz.etag | 1 - ...13f2147b3530261d4bb5a57278bfe3c40.tgz.etag | 1 - ...13f2147b3530261d4bb5a57278bfe3c40.tgz.etag | 1 - 221 files changed, 92 insertions(+), 92 deletions(-) create mode 100644 resources/v1.30-alpha.3c78a9f2/base-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/README.md (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.3c78a9f2/cni-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag create mode 100644 resources/v1.30-alpha.3c78a9f2/commit create mode 100644 resources/v1.30-alpha.3c78a9f2/gateway-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag create mode 100644 resources/v1.30-alpha.3c78a9f2/istiod-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.ec64c671 => v1.30-alpha.3c78a9f2}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.3c78a9f2/ztunnel-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag delete mode 100644 resources/v1.30-alpha.ec64c671/base-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag delete mode 100644 resources/v1.30-alpha.ec64c671/cni-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag delete mode 100644 resources/v1.30-alpha.ec64c671/commit delete mode 100644 resources/v1.30-alpha.ec64c671/gateway-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag delete mode 100644 resources/v1.30-alpha.ec64c671/istiod-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag delete mode 100644 resources/v1.30-alpha.ec64c671/ztunnel-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index d3ab2cbdb..9b73f7b23 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.ec64c671 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.3c78a9f2 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 5aac59fcb..2f5ec928b 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.ec64c671 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.3c78a9f2 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 46802b535..b5cbd291b 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.ec64c671. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.ec64c671 + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.3c78a9f2. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.3c78a9f2 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 013bce830..2681bb722 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.ec64c671 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.3c78a9f2 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 4d24880c6..b350ee3f5 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.ec64c671 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.3c78a9f2 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index fbd42373a..928767782 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-01-29T05:47:20Z" + createdAt: "2026-01-30T05:21:57Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.ec64c671. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.3c78a9f2. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.ec64c671 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.ec64c671 + - v1.30-alpha.3c78a9f2 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_ec64c671.cni: gcr.io/istio-testing/install-cni:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 - images.v1_30-alpha_ec64c671.istiod: gcr.io/istio-testing/pilot:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 - images.v1_30-alpha_ec64c671.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 - images.v1_30-alpha_ec64c671.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 + images.v1_30-alpha_3c78a9f2.cni: gcr.io/istio-testing/install-cni:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d + images.v1_30-alpha_3c78a9f2.istiod: gcr.io/istio-testing/pilot:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d + images.v1_30-alpha_3c78a9f2.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d + images.v1_30-alpha_3c78a9f2.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 5895ea2e5..c622e82a0 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.ec64c671 + - v1.30-alpha.3c78a9f2 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 7647f4b2a..26281febf 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.ec64c671. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.3c78a9f2. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.ec64c671 + - v1.30-alpha.3c78a9f2 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 61bbcf4e4..883499717 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.ec64c671 + - v1.30-alpha.3c78a9f2 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 1b21a4607..e461c7673 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.ec64c671 + - v1.30-alpha.3c78a9f2 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.ec64c671 + - v1.30-alpha.3c78a9f2 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 371da2eab..cce6be775 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.ec64c671 + - v1.30-alpha.3c78a9f2 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index ce8ac8eb4..b1db5764d 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.ec64c671. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.3c78a9f2. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.ec64c671 + - v1.30-alpha.3c78a9f2 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 928448787..e1512e6df 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.ec64c671 + - v1.30-alpha.3c78a9f2 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index c72ac08c0..3db9e4fcd 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.ec64c671 + - v1.30-alpha.3c78a9f2 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.ec64c671 + - v1.30-alpha.3c78a9f2 type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index f90bd765a..73ab0ce91 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_ec64c671.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 - images.v1_30-alpha_ec64c671.istiod: gcr.io/istio-testing/pilot:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 - images.v1_30-alpha_ec64c671.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 - images.v1_30-alpha_ec64c671.cni: gcr.io/istio-testing/install-cni:1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 + images.v1_30-alpha_3c78a9f2.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d + images.v1_30-alpha_3c78a9f2.istiod: gcr.io/istio-testing/pilot:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d + images.v1_30-alpha_3c78a9f2.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d + images.v1_30-alpha_3c78a9f2.cni: gcr.io/istio-testing/install-cni:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.ec64c671 + - v1.30-alpha.3c78a9f2 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 719121fd3..c5ed75119 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.ec64c671] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.3c78a9f2] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.ec64c671. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.ec64c671] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.3c78a9f2. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.3c78a9f2] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.ec64c671] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.3c78a9f2] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3524,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.ec64c671] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.3c78a9f2] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3690,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.ec64c671. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.ec64c671] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.3c78a9f2] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index 37d39b05e..a30c25948 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6 - istio.io/istio v0.0.0-20260129045944-ec64c6713f21 + istio.io/istio v0.0.0-20260129194645-3c78a9f2c76c k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 diff --git a/go.sum b/go.sum index 7e4d03229..2be8878ca 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098 h1:4CfBKcddlIEBA6rOMn istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6 h1:FFx8zZzGLXiKSh+8fZ55DyZ9Dxrgm5yIZQC288zTXJI= istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6/go.mod h1:xyne+dIQweP+ILjaTFIOQ4Dz01X46xUbVgA0oYTAs5Y= -istio.io/istio v0.0.0-20260129045944-ec64c6713f21 h1:PFjUnkoD0POzu99ITeDByFYisQzrvyR62MWOEpteXys= -istio.io/istio v0.0.0-20260129045944-ec64c6713f21/go.mod h1:PRKQ+jbHvK9zbO5lgOTXxrScyyLlfp9daydPe8mcGiI= +istio.io/istio v0.0.0-20260129194645-3c78a9f2c76c h1:3bC8wuiNe1h7trEbZUNaXMmIkagKVTPJXzZSQ7pEgRw= +istio.io/istio v0.0.0-20260129194645-3c78a9f2c76c/go.mod h1:PRKQ+jbHvK9zbO5lgOTXxrScyyLlfp9daydPe8mcGiI= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 54c9ee1c1..626fe1e42 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.ec64c671 - - name: v1.30-alpha.ec64c671 - version: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 + ref: v1.30-alpha.3c78a9f2 + - name: v1.30-alpha.3c78a9f2 + version: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d repo: https://github.com/istio/istio branch: master - commit: ec64c6713f2147b3530261d4bb5a57278bfe3c40 + commit: 3c78a9f2c76caf2b751054a3ae7ac086a10bae5d charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40/helm/base-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40/helm/cni-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40/helm/gateway-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40/helm/istiod-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40/helm/ztunnel-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d/helm/base-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d/helm/cni-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d/helm/gateway-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d/helm/istiod-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d/helm/ztunnel-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz diff --git a/resources/v1.30-alpha.3c78a9f2/base-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag b/resources/v1.30-alpha.3c78a9f2/base-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag new file mode 100644 index 000000000..fe49c48b5 --- /dev/null +++ b/resources/v1.30-alpha.3c78a9f2/base-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag @@ -0,0 +1 @@ +5a8da0d6fb628eecd59407d3381df06f diff --git a/resources/v1.30-alpha.ec64c671/charts/base/Chart.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.ec64c671/charts/base/Chart.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/Chart.yaml index 7e6b3c68c..69b23da77 100644 --- a/resources/v1.30-alpha.ec64c671/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.3c78a9f2/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 +appVersion: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 +version: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d diff --git a/resources/v1.30-alpha.ec64c671/charts/base/README.md b/resources/v1.30-alpha.3c78a9f2/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/README.md rename to resources/v1.30-alpha.3c78a9f2/charts/base/README.md diff --git a/resources/v1.30-alpha.ec64c671/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.3c78a9f2/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.3c78a9f2/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.ec64c671/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/base/values.yaml b/resources/v1.30-alpha.3c78a9f2/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/base/values.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/base/values.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/Chart.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.ec64c671/charts/cni/Chart.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/Chart.yaml index dc1e7956d..d1cd7c258 100644 --- a/resources/v1.30-alpha.ec64c671/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.3c78a9f2/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 +appVersion: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 +version: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/README.md b/resources/v1.30-alpha.3c78a9f2/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/README.md rename to resources/v1.30-alpha.3c78a9f2/charts/cni/README.md diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.3c78a9f2/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.3c78a9f2/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/cni/values.yaml b/resources/v1.30-alpha.3c78a9f2/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.ec64c671/charts/cni/values.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/cni/values.yaml index 69913a5d2..99c54e783 100644 --- a/resources/v1.30-alpha.ec64c671/charts/cni/values.yaml +++ b/resources/v1.30-alpha.3c78a9f2/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 + tag: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/Chart.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.ec64c671/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/Chart.yaml index 260e4a4c3..8709b2e18 100644 --- a/resources/v1.30-alpha.ec64c671/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.3c78a9f2/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 +appVersion: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 +version: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/README.md b/resources/v1.30-alpha.3c78a9f2/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/README.md rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/README.md diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/values.schema.json b/resources/v1.30-alpha.3c78a9f2/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/values.schema.json rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.ec64c671/charts/gateway/values.yaml b/resources/v1.30-alpha.3c78a9f2/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/gateway/values.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/Chart.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.ec64c671/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/Chart.yaml index 8ffcc7cec..92beeb7ba 100644 --- a/resources/v1.30-alpha.ec64c671/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.3c78a9f2/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 +appVersion: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 +version: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/README.md b/resources/v1.30-alpha.3c78a9f2/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/README.md rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/README.md diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/istiod/values.yaml b/resources/v1.30-alpha.3c78a9f2/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.ec64c671/charts/istiod/values.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/istiod/values.yaml index 733cb4c94..fbfb3e378 100644 --- a/resources/v1.30-alpha.ec64c671/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.3c78a9f2/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 + tag: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/Chart.yaml index 1736ea48a..8744cf703 100644 --- a/resources/v1.30-alpha.ec64c671/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 +appVersion: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/revisiontags/values.yaml b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.ec64c671/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/revisiontags/values.yaml index 733cb4c94..fbfb3e378 100644 --- a/resources/v1.30-alpha.ec64c671/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 + tag: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/Chart.yaml index 619ffdac3..dde9c5f58 100644 --- a/resources/v1.30-alpha.ec64c671/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 +appVersion: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 +version: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/README.md b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/README.md rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.ec64c671/charts/ztunnel/values.yaml b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.ec64c671/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.3c78a9f2/charts/ztunnel/values.yaml index ae08d5dae..56b6787ed 100644 --- a/resources/v1.30-alpha.ec64c671/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40 + tag: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.3c78a9f2/cni-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag b/resources/v1.30-alpha.3c78a9f2/cni-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag new file mode 100644 index 000000000..cb12517cb --- /dev/null +++ b/resources/v1.30-alpha.3c78a9f2/cni-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag @@ -0,0 +1 @@ +ae708054ea96e6e47a41449fc236e4aa diff --git a/resources/v1.30-alpha.3c78a9f2/commit b/resources/v1.30-alpha.3c78a9f2/commit new file mode 100644 index 000000000..5da31d5d9 --- /dev/null +++ b/resources/v1.30-alpha.3c78a9f2/commit @@ -0,0 +1 @@ +3c78a9f2c76caf2b751054a3ae7ac086a10bae5d diff --git a/resources/v1.30-alpha.3c78a9f2/gateway-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag b/resources/v1.30-alpha.3c78a9f2/gateway-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag new file mode 100644 index 000000000..b7ae4644f --- /dev/null +++ b/resources/v1.30-alpha.3c78a9f2/gateway-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag @@ -0,0 +1 @@ +8660a1fe537bdef6a624bc7f60f2b7bf diff --git a/resources/v1.30-alpha.3c78a9f2/istiod-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag b/resources/v1.30-alpha.3c78a9f2/istiod-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag new file mode 100644 index 000000000..82792d9ec --- /dev/null +++ b/resources/v1.30-alpha.3c78a9f2/istiod-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag @@ -0,0 +1 @@ +c71debd083b96bd02b74014681a4cef3 diff --git a/resources/v1.30-alpha.ec64c671/profiles/ambient.yaml b/resources/v1.30-alpha.3c78a9f2/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/profiles/ambient.yaml rename to resources/v1.30-alpha.3c78a9f2/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.ec64c671/profiles/default.yaml b/resources/v1.30-alpha.3c78a9f2/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/profiles/default.yaml rename to resources/v1.30-alpha.3c78a9f2/profiles/default.yaml diff --git a/resources/v1.30-alpha.ec64c671/profiles/demo.yaml b/resources/v1.30-alpha.3c78a9f2/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/profiles/demo.yaml rename to resources/v1.30-alpha.3c78a9f2/profiles/demo.yaml diff --git a/resources/v1.30-alpha.ec64c671/profiles/empty.yaml b/resources/v1.30-alpha.3c78a9f2/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/profiles/empty.yaml rename to resources/v1.30-alpha.3c78a9f2/profiles/empty.yaml diff --git a/resources/v1.30-alpha.ec64c671/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.3c78a9f2/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.3c78a9f2/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.ec64c671/profiles/openshift.yaml b/resources/v1.30-alpha.3c78a9f2/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/profiles/openshift.yaml rename to resources/v1.30-alpha.3c78a9f2/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.ec64c671/profiles/preview.yaml b/resources/v1.30-alpha.3c78a9f2/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/profiles/preview.yaml rename to resources/v1.30-alpha.3c78a9f2/profiles/preview.yaml diff --git a/resources/v1.30-alpha.ec64c671/profiles/remote.yaml b/resources/v1.30-alpha.3c78a9f2/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/profiles/remote.yaml rename to resources/v1.30-alpha.3c78a9f2/profiles/remote.yaml diff --git a/resources/v1.30-alpha.ec64c671/profiles/stable.yaml b/resources/v1.30-alpha.3c78a9f2/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.ec64c671/profiles/stable.yaml rename to resources/v1.30-alpha.3c78a9f2/profiles/stable.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/ztunnel-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag b/resources/v1.30-alpha.3c78a9f2/ztunnel-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag new file mode 100644 index 000000000..26a314d07 --- /dev/null +++ b/resources/v1.30-alpha.3c78a9f2/ztunnel-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag @@ -0,0 +1 @@ +c7326763ac2be073623115ec8ccda8a7 diff --git a/resources/v1.30-alpha.ec64c671/base-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag b/resources/v1.30-alpha.ec64c671/base-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag deleted file mode 100644 index 4cb35cc01..000000000 --- a/resources/v1.30-alpha.ec64c671/base-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -13bbae924831cfdfed5fea797ee0037f diff --git a/resources/v1.30-alpha.ec64c671/cni-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag b/resources/v1.30-alpha.ec64c671/cni-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag deleted file mode 100644 index e982aef95..000000000 --- a/resources/v1.30-alpha.ec64c671/cni-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -ad9d83fb80ba1f037cc5a1d1cc11163e diff --git a/resources/v1.30-alpha.ec64c671/commit b/resources/v1.30-alpha.ec64c671/commit deleted file mode 100644 index 05165f3c0..000000000 --- a/resources/v1.30-alpha.ec64c671/commit +++ /dev/null @@ -1 +0,0 @@ -ec64c6713f2147b3530261d4bb5a57278bfe3c40 diff --git a/resources/v1.30-alpha.ec64c671/gateway-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag b/resources/v1.30-alpha.ec64c671/gateway-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag deleted file mode 100644 index cafe901a8..000000000 --- a/resources/v1.30-alpha.ec64c671/gateway-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -9468db88e57f702e13c02b008e55daff diff --git a/resources/v1.30-alpha.ec64c671/istiod-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag b/resources/v1.30-alpha.ec64c671/istiod-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag deleted file mode 100644 index 3aecaba35..000000000 --- a/resources/v1.30-alpha.ec64c671/istiod-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -848d87264c171a269187c75054255e9b diff --git a/resources/v1.30-alpha.ec64c671/ztunnel-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag b/resources/v1.30-alpha.ec64c671/ztunnel-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag deleted file mode 100644 index cd46dcaae..000000000 --- a/resources/v1.30-alpha.ec64c671/ztunnel-1.30-alpha.ec64c6713f2147b3530261d4bb5a57278bfe3c40.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -3c4ff03da731af06fbffbefe445daef1 From 0413fa8114c917365437caf2f3e8498e8777b955 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Sat, 31 Jan 2026 00:37:44 -0500 Subject: [PATCH 19/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1558) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 2 +- go.sum | 4 +-- pkg/istioversion/versions.yaml | 18 ++++++------ ...2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag | 1 - ...2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag | 1 - resources/v1.30-alpha.3c78a9f2/commit | 1 - ...2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag | 1 - ...2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag | 1 - ...2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag | 1 - ...698a31ee8f735d185ef733897cfd3c68b.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...698a31ee8f735d185ef733897cfd3c68b.tgz.etag | 1 + resources/v1.30-alpha.6b645426/commit | 1 + ...698a31ee8f735d185ef733897cfd3c68b.tgz.etag | 1 + ...698a31ee8f735d185ef733897cfd3c68b.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...698a31ee8f735d185ef733897cfd3c68b.tgz.etag | 1 + 221 files changed, 92 insertions(+), 92 deletions(-) delete mode 100644 resources/v1.30-alpha.3c78a9f2/base-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag delete mode 100644 resources/v1.30-alpha.3c78a9f2/cni-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag delete mode 100644 resources/v1.30-alpha.3c78a9f2/commit delete mode 100644 resources/v1.30-alpha.3c78a9f2/gateway-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag delete mode 100644 resources/v1.30-alpha.3c78a9f2/istiod-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag delete mode 100644 resources/v1.30-alpha.3c78a9f2/ztunnel-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag create mode 100644 resources/v1.30-alpha.6b645426/base-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/README.md (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.6b645426/cni-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag create mode 100644 resources/v1.30-alpha.6b645426/commit create mode 100644 resources/v1.30-alpha.6b645426/gateway-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag create mode 100644 resources/v1.30-alpha.6b645426/istiod-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.3c78a9f2 => v1.30-alpha.6b645426}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.6b645426/ztunnel-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 9b73f7b23..49ae0ce85 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.3c78a9f2 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.6b645426 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 2f5ec928b..245a5bc91 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.3c78a9f2 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.6b645426 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index b5cbd291b..283cebed9 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.3c78a9f2. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.3c78a9f2 + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.6b645426. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.6b645426 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 2681bb722..0ccc03f63 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.3c78a9f2 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.6b645426 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index b350ee3f5..d078b8185 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.3c78a9f2 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.6b645426 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 928767782..aa8ba2a9a 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-01-30T05:21:57Z" + createdAt: "2026-01-31T05:18:11Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.3c78a9f2. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.6b645426. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.3c78a9f2 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.3c78a9f2 + - v1.30-alpha.6b645426 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_3c78a9f2.cni: gcr.io/istio-testing/install-cni:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d - images.v1_30-alpha_3c78a9f2.istiod: gcr.io/istio-testing/pilot:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d - images.v1_30-alpha_3c78a9f2.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d - images.v1_30-alpha_3c78a9f2.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d + images.v1_30-alpha_6b645426.cni: gcr.io/istio-testing/install-cni:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b + images.v1_30-alpha_6b645426.istiod: gcr.io/istio-testing/pilot:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b + images.v1_30-alpha_6b645426.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b + images.v1_30-alpha_6b645426.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index c622e82a0..d51f8a2f0 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.3c78a9f2 + - v1.30-alpha.6b645426 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 26281febf..a7059091a 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.3c78a9f2. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.6b645426. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.3c78a9f2 + - v1.30-alpha.6b645426 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 883499717..bf6fcade4 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.3c78a9f2 + - v1.30-alpha.6b645426 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index e461c7673..f0c1ec414 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.3c78a9f2 + - v1.30-alpha.6b645426 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.3c78a9f2 + - v1.30-alpha.6b645426 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index cce6be775..251aa04f1 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.3c78a9f2 + - v1.30-alpha.6b645426 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index b1db5764d..dfa67e457 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.3c78a9f2. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.6b645426. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.3c78a9f2 + - v1.30-alpha.6b645426 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index e1512e6df..e8560032a 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.3c78a9f2 + - v1.30-alpha.6b645426 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 3db9e4fcd..a5ef9dbba 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.3c78a9f2 + - v1.30-alpha.6b645426 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.3c78a9f2 + - v1.30-alpha.6b645426 type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index 73ab0ce91..6de420292 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_3c78a9f2.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d - images.v1_30-alpha_3c78a9f2.istiod: gcr.io/istio-testing/pilot:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d - images.v1_30-alpha_3c78a9f2.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d - images.v1_30-alpha_3c78a9f2.cni: gcr.io/istio-testing/install-cni:1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d + images.v1_30-alpha_6b645426.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b + images.v1_30-alpha_6b645426.istiod: gcr.io/istio-testing/pilot:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b + images.v1_30-alpha_6b645426.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b + images.v1_30-alpha_6b645426.cni: gcr.io/istio-testing/install-cni:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.3c78a9f2 + - v1.30-alpha.6b645426 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index c5ed75119..70ed3b78a 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.3c78a9f2] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.6b645426] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.3c78a9f2. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.3c78a9f2] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.6b645426. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.6b645426] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.3c78a9f2] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.6b645426] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3524,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.3c78a9f2] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.6b645426] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3690,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.3c78a9f2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.3c78a9f2] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.6b645426] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index a30c25948..af55faa39 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6 - istio.io/istio v0.0.0-20260129194645-3c78a9f2c76c + istio.io/istio v0.0.0-20260130152545-6b64542698a3 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 diff --git a/go.sum b/go.sum index 2be8878ca..814d3319e 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098 h1:4CfBKcddlIEBA6rOMn istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6 h1:FFx8zZzGLXiKSh+8fZ55DyZ9Dxrgm5yIZQC288zTXJI= istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6/go.mod h1:xyne+dIQweP+ILjaTFIOQ4Dz01X46xUbVgA0oYTAs5Y= -istio.io/istio v0.0.0-20260129194645-3c78a9f2c76c h1:3bC8wuiNe1h7trEbZUNaXMmIkagKVTPJXzZSQ7pEgRw= -istio.io/istio v0.0.0-20260129194645-3c78a9f2c76c/go.mod h1:PRKQ+jbHvK9zbO5lgOTXxrScyyLlfp9daydPe8mcGiI= +istio.io/istio v0.0.0-20260130152545-6b64542698a3 h1:Aowhg21KGDs4QssUraUnjt9ZcWZUH+ljdc1Rf6mYGzs= +istio.io/istio v0.0.0-20260130152545-6b64542698a3/go.mod h1:PRKQ+jbHvK9zbO5lgOTXxrScyyLlfp9daydPe8mcGiI= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 626fe1e42..77e6350ce 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.3c78a9f2 - - name: v1.30-alpha.3c78a9f2 - version: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d + ref: v1.30-alpha.6b645426 + - name: v1.30-alpha.6b645426 + version: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b repo: https://github.com/istio/istio branch: master - commit: 3c78a9f2c76caf2b751054a3ae7ac086a10bae5d + commit: 6b64542698a31ee8f735d185ef733897cfd3c68b charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d/helm/base-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d/helm/cni-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d/helm/gateway-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d/helm/istiod-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d/helm/ztunnel-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b/helm/base-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b/helm/cni-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b/helm/gateway-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b/helm/istiod-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b/helm/ztunnel-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz diff --git a/resources/v1.30-alpha.3c78a9f2/base-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag b/resources/v1.30-alpha.3c78a9f2/base-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag deleted file mode 100644 index fe49c48b5..000000000 --- a/resources/v1.30-alpha.3c78a9f2/base-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -5a8da0d6fb628eecd59407d3381df06f diff --git a/resources/v1.30-alpha.3c78a9f2/cni-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag b/resources/v1.30-alpha.3c78a9f2/cni-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag deleted file mode 100644 index cb12517cb..000000000 --- a/resources/v1.30-alpha.3c78a9f2/cni-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -ae708054ea96e6e47a41449fc236e4aa diff --git a/resources/v1.30-alpha.3c78a9f2/commit b/resources/v1.30-alpha.3c78a9f2/commit deleted file mode 100644 index 5da31d5d9..000000000 --- a/resources/v1.30-alpha.3c78a9f2/commit +++ /dev/null @@ -1 +0,0 @@ -3c78a9f2c76caf2b751054a3ae7ac086a10bae5d diff --git a/resources/v1.30-alpha.3c78a9f2/gateway-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag b/resources/v1.30-alpha.3c78a9f2/gateway-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag deleted file mode 100644 index b7ae4644f..000000000 --- a/resources/v1.30-alpha.3c78a9f2/gateway-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -8660a1fe537bdef6a624bc7f60f2b7bf diff --git a/resources/v1.30-alpha.3c78a9f2/istiod-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag b/resources/v1.30-alpha.3c78a9f2/istiod-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag deleted file mode 100644 index 82792d9ec..000000000 --- a/resources/v1.30-alpha.3c78a9f2/istiod-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -c71debd083b96bd02b74014681a4cef3 diff --git a/resources/v1.30-alpha.3c78a9f2/ztunnel-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag b/resources/v1.30-alpha.3c78a9f2/ztunnel-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag deleted file mode 100644 index 26a314d07..000000000 --- a/resources/v1.30-alpha.3c78a9f2/ztunnel-1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -c7326763ac2be073623115ec8ccda8a7 diff --git a/resources/v1.30-alpha.6b645426/base-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag b/resources/v1.30-alpha.6b645426/base-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag new file mode 100644 index 000000000..61ffacc59 --- /dev/null +++ b/resources/v1.30-alpha.6b645426/base-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag @@ -0,0 +1 @@ +1ff5e5acfb6f522e9c2ab3a84c8e6ded diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/Chart.yaml b/resources/v1.30-alpha.6b645426/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.3c78a9f2/charts/base/Chart.yaml rename to resources/v1.30-alpha.6b645426/charts/base/Chart.yaml index 69b23da77..4524d7c32 100644 --- a/resources/v1.30-alpha.3c78a9f2/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.6b645426/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d +appVersion: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d +version: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/README.md b/resources/v1.30-alpha.6b645426/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/README.md rename to resources/v1.30-alpha.6b645426/charts/base/README.md diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.6b645426/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.6b645426/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.6b645426/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.6b645426/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.6b645426/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.6b645426/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.6b645426/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.6b645426/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.6b645426/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.6b645426/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.6b645426/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.6b645426/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.6b645426/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.6b645426/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.6b645426/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.6b645426/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.6b645426/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.6b645426/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.6b645426/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.6b645426/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/base/values.yaml b/resources/v1.30-alpha.6b645426/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/base/values.yaml rename to resources/v1.30-alpha.6b645426/charts/base/values.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/Chart.yaml b/resources/v1.30-alpha.6b645426/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/Chart.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/Chart.yaml index d1cd7c258..24eece363 100644 --- a/resources/v1.30-alpha.3c78a9f2/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.6b645426/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d +appVersion: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d +version: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/README.md b/resources/v1.30-alpha.6b645426/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/README.md rename to resources/v1.30-alpha.6b645426/charts/cni/README.md diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.6b645426/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.6b645426/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.6b645426/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.6b645426/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.6b645426/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.6b645426/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.6b645426/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.6b645426/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.6b645426/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.6b645426/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.6b645426/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.6b645426/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.6b645426/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.6b645426/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.6b645426/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.6b645426/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.6b645426/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.6b645426/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.6b645426/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/cni/values.yaml b/resources/v1.30-alpha.6b645426/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.3c78a9f2/charts/cni/values.yaml rename to resources/v1.30-alpha.6b645426/charts/cni/values.yaml index 99c54e783..b01a0e7a7 100644 --- a/resources/v1.30-alpha.3c78a9f2/charts/cni/values.yaml +++ b/resources/v1.30-alpha.6b645426/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d + tag: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/Chart.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/Chart.yaml index 8709b2e18..2b011e3d5 100644 --- a/resources/v1.30-alpha.3c78a9f2/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.6b645426/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d +appVersion: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d +version: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/README.md b/resources/v1.30-alpha.6b645426/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/README.md rename to resources/v1.30-alpha.6b645426/charts/gateway/README.md diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.6b645426/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.6b645426/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.6b645426/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.6b645426/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/values.schema.json b/resources/v1.30-alpha.6b645426/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/values.schema.json rename to resources/v1.30-alpha.6b645426/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.3c78a9f2/charts/gateway/values.yaml b/resources/v1.30-alpha.6b645426/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/gateway/values.yaml rename to resources/v1.30-alpha.6b645426/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/Chart.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/Chart.yaml index 92beeb7ba..da03c7e83 100644 --- a/resources/v1.30-alpha.3c78a9f2/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.6b645426/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d +appVersion: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d +version: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/README.md b/resources/v1.30-alpha.6b645426/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/README.md rename to resources/v1.30-alpha.6b645426/charts/istiod/README.md diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.6b645426/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.6b645426/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/istiod/values.yaml b/resources/v1.30-alpha.6b645426/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.3c78a9f2/charts/istiod/values.yaml rename to resources/v1.30-alpha.6b645426/charts/istiod/values.yaml index fbfb3e378..a1db2619c 100644 --- a/resources/v1.30-alpha.3c78a9f2/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.6b645426/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d + tag: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/Chart.yaml index 8744cf703..1873c2d0b 100644 --- a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.6b645426/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d +appVersion: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/values.yaml b/resources/v1.30-alpha.6b645426/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.3c78a9f2/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.6b645426/charts/revisiontags/values.yaml index fbfb3e378..a1db2619c 100644 --- a/resources/v1.30-alpha.3c78a9f2/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.6b645426/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d + tag: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/Chart.yaml index dde9c5f58..96947b304 100644 --- a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.6b645426/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d +appVersion: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d +version: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/README.md b/resources/v1.30-alpha.6b645426/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/README.md rename to resources/v1.30-alpha.6b645426/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.6b645426/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.6b645426/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/values.yaml b/resources/v1.30-alpha.6b645426/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.3c78a9f2/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.6b645426/charts/ztunnel/values.yaml index 56b6787ed..150295560 100644 --- a/resources/v1.30-alpha.3c78a9f2/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.6b645426/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.3c78a9f2c76caf2b751054a3ae7ac086a10bae5d + tag: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.6b645426/cni-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag b/resources/v1.30-alpha.6b645426/cni-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag new file mode 100644 index 000000000..b6a75521b --- /dev/null +++ b/resources/v1.30-alpha.6b645426/cni-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag @@ -0,0 +1 @@ +61a24a71440f702db0daa5c7492b9a78 diff --git a/resources/v1.30-alpha.6b645426/commit b/resources/v1.30-alpha.6b645426/commit new file mode 100644 index 000000000..6024a6856 --- /dev/null +++ b/resources/v1.30-alpha.6b645426/commit @@ -0,0 +1 @@ +6b64542698a31ee8f735d185ef733897cfd3c68b diff --git a/resources/v1.30-alpha.6b645426/gateway-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag b/resources/v1.30-alpha.6b645426/gateway-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag new file mode 100644 index 000000000..560a63621 --- /dev/null +++ b/resources/v1.30-alpha.6b645426/gateway-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag @@ -0,0 +1 @@ +a5ece277db3e7c5bb270898cd33bcfeb diff --git a/resources/v1.30-alpha.6b645426/istiod-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag b/resources/v1.30-alpha.6b645426/istiod-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag new file mode 100644 index 000000000..8ca35ca1c --- /dev/null +++ b/resources/v1.30-alpha.6b645426/istiod-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag @@ -0,0 +1 @@ +ef347c3ba5844a02bc82ab7124a1d372 diff --git a/resources/v1.30-alpha.3c78a9f2/profiles/ambient.yaml b/resources/v1.30-alpha.6b645426/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/profiles/ambient.yaml rename to resources/v1.30-alpha.6b645426/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/profiles/default.yaml b/resources/v1.30-alpha.6b645426/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/profiles/default.yaml rename to resources/v1.30-alpha.6b645426/profiles/default.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/profiles/demo.yaml b/resources/v1.30-alpha.6b645426/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/profiles/demo.yaml rename to resources/v1.30-alpha.6b645426/profiles/demo.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/profiles/empty.yaml b/resources/v1.30-alpha.6b645426/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/profiles/empty.yaml rename to resources/v1.30-alpha.6b645426/profiles/empty.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.6b645426/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.6b645426/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/profiles/openshift.yaml b/resources/v1.30-alpha.6b645426/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/profiles/openshift.yaml rename to resources/v1.30-alpha.6b645426/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/profiles/preview.yaml b/resources/v1.30-alpha.6b645426/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/profiles/preview.yaml rename to resources/v1.30-alpha.6b645426/profiles/preview.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/profiles/remote.yaml b/resources/v1.30-alpha.6b645426/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/profiles/remote.yaml rename to resources/v1.30-alpha.6b645426/profiles/remote.yaml diff --git a/resources/v1.30-alpha.3c78a9f2/profiles/stable.yaml b/resources/v1.30-alpha.6b645426/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.3c78a9f2/profiles/stable.yaml rename to resources/v1.30-alpha.6b645426/profiles/stable.yaml diff --git a/resources/v1.30-alpha.6b645426/ztunnel-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag b/resources/v1.30-alpha.6b645426/ztunnel-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag new file mode 100644 index 000000000..bdac6c5fb --- /dev/null +++ b/resources/v1.30-alpha.6b645426/ztunnel-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag @@ -0,0 +1 @@ +9ff1ea9c0f9c153b8c412c13b815d782 From 30dd0fe0f4ca228ba5d06cca586bebdc6815f6f7 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Sun, 1 Feb 2026 00:50:33 -0500 Subject: [PATCH 20/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1559) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 2 +- go.sum | 4 +-- pkg/istioversion/versions.yaml | 18 ++++++------ ...698a31ee8f735d185ef733897cfd3c68b.tgz.etag | 1 - ...698a31ee8f735d185ef733897cfd3c68b.tgz.etag | 1 - resources/v1.30-alpha.6b645426/commit | 1 - ...698a31ee8f735d185ef733897cfd3c68b.tgz.etag | 1 - ...698a31ee8f735d185ef733897cfd3c68b.tgz.etag | 1 - ...698a31ee8f735d185ef733897cfd3c68b.tgz.etag | 1 - ...f47165267e876b4236dc8acf7ee98ce3a.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...f47165267e876b4236dc8acf7ee98ce3a.tgz.etag | 1 + resources/v1.30-alpha.a3b3111f/commit | 1 + ...f47165267e876b4236dc8acf7ee98ce3a.tgz.etag | 1 + ...f47165267e876b4236dc8acf7ee98ce3a.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...f47165267e876b4236dc8acf7ee98ce3a.tgz.etag | 1 + 221 files changed, 92 insertions(+), 92 deletions(-) delete mode 100644 resources/v1.30-alpha.6b645426/base-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag delete mode 100644 resources/v1.30-alpha.6b645426/cni-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag delete mode 100644 resources/v1.30-alpha.6b645426/commit delete mode 100644 resources/v1.30-alpha.6b645426/gateway-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag delete mode 100644 resources/v1.30-alpha.6b645426/istiod-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag delete mode 100644 resources/v1.30-alpha.6b645426/ztunnel-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag create mode 100644 resources/v1.30-alpha.a3b3111f/base-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/README.md (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.a3b3111f/cni-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag create mode 100644 resources/v1.30-alpha.a3b3111f/commit create mode 100644 resources/v1.30-alpha.a3b3111f/gateway-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag create mode 100644 resources/v1.30-alpha.a3b3111f/istiod-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.6b645426 => v1.30-alpha.a3b3111f}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.a3b3111f/ztunnel-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 49ae0ce85..42b0fd778 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.6b645426 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.a3b3111f // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 245a5bc91..2719bc78e 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.6b645426 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.a3b3111f // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 283cebed9..2685a994b 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.6b645426. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.6b645426 + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a3b3111f. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.a3b3111f Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 0ccc03f63..e6ef295de 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.6b645426 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.a3b3111f // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index d078b8185..b541e79ea 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.6b645426 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.a3b3111f // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index aa8ba2a9a..0ddc48407 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-01-31T05:18:11Z" + createdAt: "2026-02-01T05:30:22Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.6b645426. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a3b3111f. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.6b645426 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.6b645426 + - v1.30-alpha.a3b3111f [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_6b645426.cni: gcr.io/istio-testing/install-cni:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b - images.v1_30-alpha_6b645426.istiod: gcr.io/istio-testing/pilot:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b - images.v1_30-alpha_6b645426.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b - images.v1_30-alpha_6b645426.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b + images.v1_30-alpha_a3b3111f.cni: gcr.io/istio-testing/install-cni:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a + images.v1_30-alpha_a3b3111f.istiod: gcr.io/istio-testing/pilot:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a + images.v1_30-alpha_a3b3111f.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a + images.v1_30-alpha_a3b3111f.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index d51f8a2f0..142241d62 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.6b645426 + - v1.30-alpha.a3b3111f type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index a7059091a..c7c4db33d 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.6b645426. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a3b3111f. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.6b645426 + - v1.30-alpha.a3b3111f type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index bf6fcade4..f6349dcfb 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.6b645426 + - v1.30-alpha.a3b3111f type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index f0c1ec414..30ab26df8 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.6b645426 + - v1.30-alpha.a3b3111f type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.6b645426 + - v1.30-alpha.a3b3111f type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 251aa04f1..02c978462 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.6b645426 + - v1.30-alpha.a3b3111f type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index dfa67e457..60c4a26ec 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.6b645426. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a3b3111f. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.6b645426 + - v1.30-alpha.a3b3111f type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index e8560032a..7324c7a81 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.6b645426 + - v1.30-alpha.a3b3111f type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index a5ef9dbba..a32897c7d 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.6b645426 + - v1.30-alpha.a3b3111f type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.6b645426 + - v1.30-alpha.a3b3111f type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index 6de420292..4a7116ffb 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_6b645426.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b - images.v1_30-alpha_6b645426.istiod: gcr.io/istio-testing/pilot:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b - images.v1_30-alpha_6b645426.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b - images.v1_30-alpha_6b645426.cni: gcr.io/istio-testing/install-cni:1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b + images.v1_30-alpha_a3b3111f.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a + images.v1_30-alpha_a3b3111f.istiod: gcr.io/istio-testing/pilot:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a + images.v1_30-alpha_a3b3111f.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a + images.v1_30-alpha_a3b3111f.cni: gcr.io/istio-testing/install-cni:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.6b645426 + - v1.30-alpha.a3b3111f [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 70ed3b78a..54701f485 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.6b645426] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.a3b3111f] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.6b645426. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.6b645426] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a3b3111f. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.a3b3111f] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.6b645426] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.a3b3111f] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3524,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.6b645426] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.a3b3111f] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3690,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.6b645426. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.6b645426] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.a3b3111f] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index af55faa39..2c7293411 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6 - istio.io/istio v0.0.0-20260130152545-6b64542698a3 + istio.io/istio v0.0.0-20260201024933-a3b3111f4716 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 diff --git a/go.sum b/go.sum index 814d3319e..720deea4a 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098 h1:4CfBKcddlIEBA6rOMn istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6 h1:FFx8zZzGLXiKSh+8fZ55DyZ9Dxrgm5yIZQC288zTXJI= istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6/go.mod h1:xyne+dIQweP+ILjaTFIOQ4Dz01X46xUbVgA0oYTAs5Y= -istio.io/istio v0.0.0-20260130152545-6b64542698a3 h1:Aowhg21KGDs4QssUraUnjt9ZcWZUH+ljdc1Rf6mYGzs= -istio.io/istio v0.0.0-20260130152545-6b64542698a3/go.mod h1:PRKQ+jbHvK9zbO5lgOTXxrScyyLlfp9daydPe8mcGiI= +istio.io/istio v0.0.0-20260201024933-a3b3111f4716 h1:WKLUd9cYRiJ4ZWo8zjGXap479sP5cNCkwVScbDflhXc= +istio.io/istio v0.0.0-20260201024933-a3b3111f4716/go.mod h1:s7QytkVMNlO/Lc9cY3zZdhsJ5znUnGxj08IOZTgU0Vk= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 77e6350ce..7e9f7bc0c 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.6b645426 - - name: v1.30-alpha.6b645426 - version: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b + ref: v1.30-alpha.a3b3111f + - name: v1.30-alpha.a3b3111f + version: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a repo: https://github.com/istio/istio branch: master - commit: 6b64542698a31ee8f735d185ef733897cfd3c68b + commit: a3b3111f47165267e876b4236dc8acf7ee98ce3a charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b/helm/base-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b/helm/cni-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b/helm/gateway-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b/helm/istiod-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b/helm/ztunnel-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a/helm/base-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a/helm/cni-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a/helm/gateway-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a/helm/istiod-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a/helm/ztunnel-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz diff --git a/resources/v1.30-alpha.6b645426/base-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag b/resources/v1.30-alpha.6b645426/base-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag deleted file mode 100644 index 61ffacc59..000000000 --- a/resources/v1.30-alpha.6b645426/base-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -1ff5e5acfb6f522e9c2ab3a84c8e6ded diff --git a/resources/v1.30-alpha.6b645426/cni-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag b/resources/v1.30-alpha.6b645426/cni-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag deleted file mode 100644 index b6a75521b..000000000 --- a/resources/v1.30-alpha.6b645426/cni-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -61a24a71440f702db0daa5c7492b9a78 diff --git a/resources/v1.30-alpha.6b645426/commit b/resources/v1.30-alpha.6b645426/commit deleted file mode 100644 index 6024a6856..000000000 --- a/resources/v1.30-alpha.6b645426/commit +++ /dev/null @@ -1 +0,0 @@ -6b64542698a31ee8f735d185ef733897cfd3c68b diff --git a/resources/v1.30-alpha.6b645426/gateway-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag b/resources/v1.30-alpha.6b645426/gateway-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag deleted file mode 100644 index 560a63621..000000000 --- a/resources/v1.30-alpha.6b645426/gateway-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -a5ece277db3e7c5bb270898cd33bcfeb diff --git a/resources/v1.30-alpha.6b645426/istiod-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag b/resources/v1.30-alpha.6b645426/istiod-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag deleted file mode 100644 index 8ca35ca1c..000000000 --- a/resources/v1.30-alpha.6b645426/istiod-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -ef347c3ba5844a02bc82ab7124a1d372 diff --git a/resources/v1.30-alpha.6b645426/ztunnel-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag b/resources/v1.30-alpha.6b645426/ztunnel-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag deleted file mode 100644 index bdac6c5fb..000000000 --- a/resources/v1.30-alpha.6b645426/ztunnel-1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -9ff1ea9c0f9c153b8c412c13b815d782 diff --git a/resources/v1.30-alpha.a3b3111f/base-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag b/resources/v1.30-alpha.a3b3111f/base-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag new file mode 100644 index 000000000..044f4c62f --- /dev/null +++ b/resources/v1.30-alpha.a3b3111f/base-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag @@ -0,0 +1 @@ +d583b89728486938d11e8b57778d0dff diff --git a/resources/v1.30-alpha.6b645426/charts/base/Chart.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.6b645426/charts/base/Chart.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/Chart.yaml index 4524d7c32..5c1b78b15 100644 --- a/resources/v1.30-alpha.6b645426/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.a3b3111f/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b +appVersion: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b +version: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a diff --git a/resources/v1.30-alpha.6b645426/charts/base/README.md b/resources/v1.30-alpha.a3b3111f/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/README.md rename to resources/v1.30-alpha.a3b3111f/charts/base/README.md diff --git a/resources/v1.30-alpha.6b645426/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.a3b3111f/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.a3b3111f/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.6b645426/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/base/values.yaml b/resources/v1.30-alpha.a3b3111f/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/base/values.yaml rename to resources/v1.30-alpha.a3b3111f/charts/base/values.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/Chart.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.6b645426/charts/cni/Chart.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/Chart.yaml index 24eece363..c37796e52 100644 --- a/resources/v1.30-alpha.6b645426/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.a3b3111f/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b +appVersion: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b +version: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a diff --git a/resources/v1.30-alpha.6b645426/charts/cni/README.md b/resources/v1.30-alpha.a3b3111f/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/README.md rename to resources/v1.30-alpha.a3b3111f/charts/cni/README.md diff --git a/resources/v1.30-alpha.6b645426/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.a3b3111f/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.a3b3111f/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.6b645426/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.a3b3111f/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.a3b3111f/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.6b645426/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/cni/values.yaml b/resources/v1.30-alpha.a3b3111f/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.6b645426/charts/cni/values.yaml rename to resources/v1.30-alpha.a3b3111f/charts/cni/values.yaml index b01a0e7a7..9a2db9e02 100644 --- a/resources/v1.30-alpha.6b645426/charts/cni/values.yaml +++ b/resources/v1.30-alpha.a3b3111f/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b + tag: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/Chart.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.6b645426/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/Chart.yaml index 2b011e3d5..fa4cb3e91 100644 --- a/resources/v1.30-alpha.6b645426/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.a3b3111f/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b +appVersion: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b +version: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/README.md b/resources/v1.30-alpha.a3b3111f/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/README.md rename to resources/v1.30-alpha.a3b3111f/charts/gateway/README.md diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.a3b3111f/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.a3b3111f/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/values.schema.json b/resources/v1.30-alpha.a3b3111f/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/values.schema.json rename to resources/v1.30-alpha.a3b3111f/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.6b645426/charts/gateway/values.yaml b/resources/v1.30-alpha.a3b3111f/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/gateway/values.yaml rename to resources/v1.30-alpha.a3b3111f/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/Chart.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.6b645426/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/Chart.yaml index da03c7e83..1670a49cc 100644 --- a/resources/v1.30-alpha.6b645426/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.a3b3111f/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b +appVersion: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b +version: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/README.md b/resources/v1.30-alpha.a3b3111f/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/README.md rename to resources/v1.30-alpha.a3b3111f/charts/istiod/README.md diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/istiod/values.yaml b/resources/v1.30-alpha.a3b3111f/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.6b645426/charts/istiod/values.yaml rename to resources/v1.30-alpha.a3b3111f/charts/istiod/values.yaml index a1db2619c..42e1182c6 100644 --- a/resources/v1.30-alpha.6b645426/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.a3b3111f/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b + tag: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/Chart.yaml index 1873c2d0b..2e389cfd1 100644 --- a/resources/v1.30-alpha.6b645426/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b +appVersion: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/revisiontags/values.yaml b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.6b645426/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.a3b3111f/charts/revisiontags/values.yaml index a1db2619c..42e1182c6 100644 --- a/resources/v1.30-alpha.6b645426/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.a3b3111f/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b + tag: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/Chart.yaml index 96947b304..79c162c92 100644 --- a/resources/v1.30-alpha.6b645426/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b +appVersion: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b +version: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/README.md b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/README.md rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.6b645426/charts/ztunnel/values.yaml b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.6b645426/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.a3b3111f/charts/ztunnel/values.yaml index 150295560..d7e2f03e0 100644 --- a/resources/v1.30-alpha.6b645426/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.a3b3111f/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.6b64542698a31ee8f735d185ef733897cfd3c68b + tag: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.a3b3111f/cni-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag b/resources/v1.30-alpha.a3b3111f/cni-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag new file mode 100644 index 000000000..3378201cf --- /dev/null +++ b/resources/v1.30-alpha.a3b3111f/cni-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag @@ -0,0 +1 @@ +ee841bea07ad2a1b92f95585a8386bf4 diff --git a/resources/v1.30-alpha.a3b3111f/commit b/resources/v1.30-alpha.a3b3111f/commit new file mode 100644 index 000000000..d81801eb1 --- /dev/null +++ b/resources/v1.30-alpha.a3b3111f/commit @@ -0,0 +1 @@ +a3b3111f47165267e876b4236dc8acf7ee98ce3a diff --git a/resources/v1.30-alpha.a3b3111f/gateway-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag b/resources/v1.30-alpha.a3b3111f/gateway-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag new file mode 100644 index 000000000..17ab31ac0 --- /dev/null +++ b/resources/v1.30-alpha.a3b3111f/gateway-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag @@ -0,0 +1 @@ +5f4be49a061dd9f84f0e2fb0b71b5c72 diff --git a/resources/v1.30-alpha.a3b3111f/istiod-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag b/resources/v1.30-alpha.a3b3111f/istiod-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag new file mode 100644 index 000000000..ff98476de --- /dev/null +++ b/resources/v1.30-alpha.a3b3111f/istiod-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag @@ -0,0 +1 @@ +2f48280e0845d9e266a8602edb3b1393 diff --git a/resources/v1.30-alpha.6b645426/profiles/ambient.yaml b/resources/v1.30-alpha.a3b3111f/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/profiles/ambient.yaml rename to resources/v1.30-alpha.a3b3111f/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.6b645426/profiles/default.yaml b/resources/v1.30-alpha.a3b3111f/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/profiles/default.yaml rename to resources/v1.30-alpha.a3b3111f/profiles/default.yaml diff --git a/resources/v1.30-alpha.6b645426/profiles/demo.yaml b/resources/v1.30-alpha.a3b3111f/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/profiles/demo.yaml rename to resources/v1.30-alpha.a3b3111f/profiles/demo.yaml diff --git a/resources/v1.30-alpha.6b645426/profiles/empty.yaml b/resources/v1.30-alpha.a3b3111f/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/profiles/empty.yaml rename to resources/v1.30-alpha.a3b3111f/profiles/empty.yaml diff --git a/resources/v1.30-alpha.6b645426/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.a3b3111f/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.a3b3111f/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.6b645426/profiles/openshift.yaml b/resources/v1.30-alpha.a3b3111f/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/profiles/openshift.yaml rename to resources/v1.30-alpha.a3b3111f/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.6b645426/profiles/preview.yaml b/resources/v1.30-alpha.a3b3111f/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/profiles/preview.yaml rename to resources/v1.30-alpha.a3b3111f/profiles/preview.yaml diff --git a/resources/v1.30-alpha.6b645426/profiles/remote.yaml b/resources/v1.30-alpha.a3b3111f/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/profiles/remote.yaml rename to resources/v1.30-alpha.a3b3111f/profiles/remote.yaml diff --git a/resources/v1.30-alpha.6b645426/profiles/stable.yaml b/resources/v1.30-alpha.a3b3111f/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.6b645426/profiles/stable.yaml rename to resources/v1.30-alpha.a3b3111f/profiles/stable.yaml diff --git a/resources/v1.30-alpha.a3b3111f/ztunnel-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag b/resources/v1.30-alpha.a3b3111f/ztunnel-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag new file mode 100644 index 000000000..5bac3afcb --- /dev/null +++ b/resources/v1.30-alpha.a3b3111f/ztunnel-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag @@ -0,0 +1 @@ +08c3e7245b01280f0a314b7fa1a5c532 From 857518b93b16212908d5479efa057998101a8dae Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Mon, 2 Feb 2026 00:50:34 -0500 Subject: [PATCH 21/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1560) Signed-off-by: openshift-service-mesh-bot --- Makefile.core.mk | 2 +- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 2 +- go.sum | 4 +-- pkg/istioversion/versions.yaml | 18 ++++++------ ...f47165267e876b4236dc8acf7ee98ce3a.tgz.etag | 1 - ...f47165267e876b4236dc8acf7ee98ce3a.tgz.etag | 1 - resources/v1.30-alpha.a3b3111f/commit | 1 - ...f47165267e876b4236dc8acf7ee98ce3a.tgz.etag | 1 - ...f47165267e876b4236dc8acf7ee98ce3a.tgz.etag | 1 - ...f47165267e876b4236dc8acf7ee98ce3a.tgz.etag | 1 - ...e8e84d7a3cd62417214e27b38300efdfa.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...e8e84d7a3cd62417214e27b38300efdfa.tgz.etag | 1 + resources/v1.30-alpha.eed996de/commit | 1 + ...e8e84d7a3cd62417214e27b38300efdfa.tgz.etag | 1 + ...e8e84d7a3cd62417214e27b38300efdfa.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...e8e84d7a3cd62417214e27b38300efdfa.tgz.etag | 1 + 222 files changed, 93 insertions(+), 93 deletions(-) delete mode 100644 resources/v1.30-alpha.a3b3111f/base-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag delete mode 100644 resources/v1.30-alpha.a3b3111f/cni-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag delete mode 100644 resources/v1.30-alpha.a3b3111f/commit delete mode 100644 resources/v1.30-alpha.a3b3111f/gateway-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag delete mode 100644 resources/v1.30-alpha.a3b3111f/istiod-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag delete mode 100644 resources/v1.30-alpha.a3b3111f/ztunnel-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag create mode 100644 resources/v1.30-alpha.eed996de/base-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/README.md (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.eed996de/cni-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag create mode 100644 resources/v1.30-alpha.eed996de/commit create mode 100644 resources/v1.30-alpha.eed996de/gateway-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag create mode 100644 resources/v1.30-alpha.eed996de/istiod-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.a3b3111f => v1.30-alpha.eed996de}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.eed996de/ztunnel-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag diff --git a/Makefile.core.mk b/Makefile.core.mk index c4e7296d7..e0507f79a 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -575,7 +575,7 @@ OPM_VERSION ?= v1.62.0 OLM_VERSION ?= v0.39.0 GITLEAKS_VERSION ?= v8.30.0 ISTIOCTL_VERSION ?= 1.26.2 -RUNME_VERSION ?= 3.16.4 +RUNME_VERSION ?= 3.16.5 MISSPELL_VERSION ?= v0.3.4 .PHONY: helm $(HELM) diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 42b0fd778..7cca5a953 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.a3b3111f + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.eed996de // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 2719bc78e..0f501add1 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.a3b3111f + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.eed996de // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 2685a994b..0474fa3dd 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a3b3111f. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.a3b3111f + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eed996de. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.eed996de Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index e6ef295de..1f400addc 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.a3b3111f + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.eed996de // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index b541e79ea..4fe09e87d 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.a3b3111f + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.eed996de // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 0ddc48407..630f0774d 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-01T05:30:22Z" + createdAt: "2026-02-02T05:32:00Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a3b3111f. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eed996de. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a3b3111f + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.a3b3111f + - v1.30-alpha.eed996de [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_a3b3111f.cni: gcr.io/istio-testing/install-cni:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a - images.v1_30-alpha_a3b3111f.istiod: gcr.io/istio-testing/pilot:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a - images.v1_30-alpha_a3b3111f.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a - images.v1_30-alpha_a3b3111f.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a + images.v1_30-alpha_eed996de.cni: gcr.io/istio-testing/install-cni:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa + images.v1_30-alpha_eed996de.istiod: gcr.io/istio-testing/pilot:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa + images.v1_30-alpha_eed996de.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa + images.v1_30-alpha_eed996de.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 142241d62..1479c3563 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.a3b3111f + - v1.30-alpha.eed996de type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index c7c4db33d..cb3802247 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a3b3111f. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eed996de. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.a3b3111f + - v1.30-alpha.eed996de type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index f6349dcfb..dc8ea3c1c 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.a3b3111f + - v1.30-alpha.eed996de type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 30ab26df8..3d29de6f2 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.a3b3111f + - v1.30-alpha.eed996de type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.a3b3111f + - v1.30-alpha.eed996de type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 02c978462..91c457548 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.a3b3111f + - v1.30-alpha.eed996de type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index 60c4a26ec..4cef9a2cf 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a3b3111f. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eed996de. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.a3b3111f + - v1.30-alpha.eed996de type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 7324c7a81..5917c1663 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.a3b3111f + - v1.30-alpha.eed996de type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index a32897c7d..91b48690a 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.a3b3111f + - v1.30-alpha.eed996de type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.a3b3111f + - v1.30-alpha.eed996de type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index 4a7116ffb..bfac96658 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_a3b3111f.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a - images.v1_30-alpha_a3b3111f.istiod: gcr.io/istio-testing/pilot:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a - images.v1_30-alpha_a3b3111f.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a - images.v1_30-alpha_a3b3111f.cni: gcr.io/istio-testing/install-cni:1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a + images.v1_30-alpha_eed996de.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa + images.v1_30-alpha_eed996de.istiod: gcr.io/istio-testing/pilot:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa + images.v1_30-alpha_eed996de.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa + images.v1_30-alpha_eed996de.cni: gcr.io/istio-testing/install-cni:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.a3b3111f + - v1.30-alpha.eed996de [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 54701f485..1146494e0 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.a3b3111f] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.eed996de] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a3b3111f. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.a3b3111f] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eed996de. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.eed996de] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.a3b3111f] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.eed996de] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3524,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.a3b3111f] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.eed996de] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3690,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a3b3111f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.a3b3111f] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.eed996de] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index 2c7293411..210b38129 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6 - istio.io/istio v0.0.0-20260201024933-a3b3111f4716 + istio.io/istio v0.0.0-20260202003434-eed996de8e84 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 diff --git a/go.sum b/go.sum index 720deea4a..11f2213ed 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098 h1:4CfBKcddlIEBA6rOMn istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6 h1:FFx8zZzGLXiKSh+8fZ55DyZ9Dxrgm5yIZQC288zTXJI= istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6/go.mod h1:xyne+dIQweP+ILjaTFIOQ4Dz01X46xUbVgA0oYTAs5Y= -istio.io/istio v0.0.0-20260201024933-a3b3111f4716 h1:WKLUd9cYRiJ4ZWo8zjGXap479sP5cNCkwVScbDflhXc= -istio.io/istio v0.0.0-20260201024933-a3b3111f4716/go.mod h1:s7QytkVMNlO/Lc9cY3zZdhsJ5znUnGxj08IOZTgU0Vk= +istio.io/istio v0.0.0-20260202003434-eed996de8e84 h1:l+BAK75XYkbR0GdQUUDUdjXjMcbW0o4wwNkUY7nfFek= +istio.io/istio v0.0.0-20260202003434-eed996de8e84/go.mod h1:s7QytkVMNlO/Lc9cY3zZdhsJ5znUnGxj08IOZTgU0Vk= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 7e9f7bc0c..92d4d8014 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.a3b3111f - - name: v1.30-alpha.a3b3111f - version: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a + ref: v1.30-alpha.eed996de + - name: v1.30-alpha.eed996de + version: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa repo: https://github.com/istio/istio branch: master - commit: a3b3111f47165267e876b4236dc8acf7ee98ce3a + commit: eed996de8e84d7a3cd62417214e27b38300efdfa charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a/helm/base-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a/helm/cni-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a/helm/gateway-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a/helm/istiod-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a/helm/ztunnel-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa/helm/base-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa/helm/cni-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa/helm/gateway-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa/helm/istiod-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa/helm/ztunnel-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz diff --git a/resources/v1.30-alpha.a3b3111f/base-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag b/resources/v1.30-alpha.a3b3111f/base-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag deleted file mode 100644 index 044f4c62f..000000000 --- a/resources/v1.30-alpha.a3b3111f/base-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -d583b89728486938d11e8b57778d0dff diff --git a/resources/v1.30-alpha.a3b3111f/cni-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag b/resources/v1.30-alpha.a3b3111f/cni-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag deleted file mode 100644 index 3378201cf..000000000 --- a/resources/v1.30-alpha.a3b3111f/cni-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -ee841bea07ad2a1b92f95585a8386bf4 diff --git a/resources/v1.30-alpha.a3b3111f/commit b/resources/v1.30-alpha.a3b3111f/commit deleted file mode 100644 index d81801eb1..000000000 --- a/resources/v1.30-alpha.a3b3111f/commit +++ /dev/null @@ -1 +0,0 @@ -a3b3111f47165267e876b4236dc8acf7ee98ce3a diff --git a/resources/v1.30-alpha.a3b3111f/gateway-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag b/resources/v1.30-alpha.a3b3111f/gateway-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag deleted file mode 100644 index 17ab31ac0..000000000 --- a/resources/v1.30-alpha.a3b3111f/gateway-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -5f4be49a061dd9f84f0e2fb0b71b5c72 diff --git a/resources/v1.30-alpha.a3b3111f/istiod-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag b/resources/v1.30-alpha.a3b3111f/istiod-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag deleted file mode 100644 index ff98476de..000000000 --- a/resources/v1.30-alpha.a3b3111f/istiod-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -2f48280e0845d9e266a8602edb3b1393 diff --git a/resources/v1.30-alpha.a3b3111f/ztunnel-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag b/resources/v1.30-alpha.a3b3111f/ztunnel-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag deleted file mode 100644 index 5bac3afcb..000000000 --- a/resources/v1.30-alpha.a3b3111f/ztunnel-1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -08c3e7245b01280f0a314b7fa1a5c532 diff --git a/resources/v1.30-alpha.eed996de/base-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag b/resources/v1.30-alpha.eed996de/base-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag new file mode 100644 index 000000000..7bfd4d02a --- /dev/null +++ b/resources/v1.30-alpha.eed996de/base-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag @@ -0,0 +1 @@ +7ae9b116e8b1cf2d3358f366fab5dd68 diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/Chart.yaml b/resources/v1.30-alpha.eed996de/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.a3b3111f/charts/base/Chart.yaml rename to resources/v1.30-alpha.eed996de/charts/base/Chart.yaml index 5c1b78b15..c806dfcc2 100644 --- a/resources/v1.30-alpha.a3b3111f/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.eed996de/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a +appVersion: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a +version: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/README.md b/resources/v1.30-alpha.eed996de/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/README.md rename to resources/v1.30-alpha.eed996de/charts/base/README.md diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.eed996de/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.eed996de/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.eed996de/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.eed996de/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.eed996de/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.eed996de/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.eed996de/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.eed996de/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.eed996de/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.eed996de/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.eed996de/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.eed996de/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.eed996de/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.eed996de/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.eed996de/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.eed996de/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.eed996de/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.eed996de/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.eed996de/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.eed996de/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/base/values.yaml b/resources/v1.30-alpha.eed996de/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/base/values.yaml rename to resources/v1.30-alpha.eed996de/charts/base/values.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/Chart.yaml b/resources/v1.30-alpha.eed996de/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.a3b3111f/charts/cni/Chart.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/Chart.yaml index c37796e52..498c0deed 100644 --- a/resources/v1.30-alpha.a3b3111f/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.eed996de/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a +appVersion: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a +version: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/README.md b/resources/v1.30-alpha.eed996de/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/README.md rename to resources/v1.30-alpha.eed996de/charts/cni/README.md diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.eed996de/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.eed996de/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.eed996de/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.eed996de/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.eed996de/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.eed996de/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.eed996de/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.eed996de/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.eed996de/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.eed996de/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.eed996de/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.eed996de/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.eed996de/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.eed996de/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.eed996de/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.eed996de/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.eed996de/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.eed996de/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.eed996de/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/cni/values.yaml b/resources/v1.30-alpha.eed996de/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.a3b3111f/charts/cni/values.yaml rename to resources/v1.30-alpha.eed996de/charts/cni/values.yaml index 9a2db9e02..0418d27df 100644 --- a/resources/v1.30-alpha.a3b3111f/charts/cni/values.yaml +++ b/resources/v1.30-alpha.eed996de/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a + tag: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/Chart.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/Chart.yaml index fa4cb3e91..3cda0ae2b 100644 --- a/resources/v1.30-alpha.a3b3111f/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.eed996de/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a +appVersion: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a +version: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/README.md b/resources/v1.30-alpha.eed996de/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/README.md rename to resources/v1.30-alpha.eed996de/charts/gateway/README.md diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.eed996de/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.eed996de/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.eed996de/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.eed996de/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/values.schema.json b/resources/v1.30-alpha.eed996de/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/values.schema.json rename to resources/v1.30-alpha.eed996de/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.a3b3111f/charts/gateway/values.yaml b/resources/v1.30-alpha.eed996de/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/gateway/values.yaml rename to resources/v1.30-alpha.eed996de/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/Chart.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/Chart.yaml index 1670a49cc..987616d2b 100644 --- a/resources/v1.30-alpha.a3b3111f/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.eed996de/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a +appVersion: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a +version: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/README.md b/resources/v1.30-alpha.eed996de/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/README.md rename to resources/v1.30-alpha.eed996de/charts/istiod/README.md diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.eed996de/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.eed996de/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/istiod/values.yaml b/resources/v1.30-alpha.eed996de/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.a3b3111f/charts/istiod/values.yaml rename to resources/v1.30-alpha.eed996de/charts/istiod/values.yaml index 42e1182c6..ea8554c0e 100644 --- a/resources/v1.30-alpha.a3b3111f/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.eed996de/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a + tag: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/Chart.yaml index 2e389cfd1..fe17f1925 100644 --- a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.eed996de/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a +appVersion: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/values.yaml b/resources/v1.30-alpha.eed996de/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.a3b3111f/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.eed996de/charts/revisiontags/values.yaml index 42e1182c6..ea8554c0e 100644 --- a/resources/v1.30-alpha.a3b3111f/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.eed996de/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a + tag: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/Chart.yaml index 79c162c92..b9567a473 100644 --- a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.eed996de/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a +appVersion: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a +version: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/README.md b/resources/v1.30-alpha.eed996de/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/README.md rename to resources/v1.30-alpha.eed996de/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.eed996de/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.eed996de/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/values.yaml b/resources/v1.30-alpha.eed996de/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.a3b3111f/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.eed996de/charts/ztunnel/values.yaml index d7e2f03e0..5cf5c7374 100644 --- a/resources/v1.30-alpha.a3b3111f/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.eed996de/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.a3b3111f47165267e876b4236dc8acf7ee98ce3a + tag: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.eed996de/cni-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag b/resources/v1.30-alpha.eed996de/cni-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag new file mode 100644 index 000000000..df12ec54b --- /dev/null +++ b/resources/v1.30-alpha.eed996de/cni-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag @@ -0,0 +1 @@ +ca0cfb7ffae6d6a8df92a8e8c1e7cf70 diff --git a/resources/v1.30-alpha.eed996de/commit b/resources/v1.30-alpha.eed996de/commit new file mode 100644 index 000000000..e468c5b55 --- /dev/null +++ b/resources/v1.30-alpha.eed996de/commit @@ -0,0 +1 @@ +eed996de8e84d7a3cd62417214e27b38300efdfa diff --git a/resources/v1.30-alpha.eed996de/gateway-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag b/resources/v1.30-alpha.eed996de/gateway-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag new file mode 100644 index 000000000..b88c2d8ad --- /dev/null +++ b/resources/v1.30-alpha.eed996de/gateway-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag @@ -0,0 +1 @@ +4a8446f2be970e0ea6c010ff69a2f536 diff --git a/resources/v1.30-alpha.eed996de/istiod-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag b/resources/v1.30-alpha.eed996de/istiod-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag new file mode 100644 index 000000000..e7846d754 --- /dev/null +++ b/resources/v1.30-alpha.eed996de/istiod-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag @@ -0,0 +1 @@ +dcfcbefd7a8a17dcfccafbf896b8ce85 diff --git a/resources/v1.30-alpha.a3b3111f/profiles/ambient.yaml b/resources/v1.30-alpha.eed996de/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/profiles/ambient.yaml rename to resources/v1.30-alpha.eed996de/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.a3b3111f/profiles/default.yaml b/resources/v1.30-alpha.eed996de/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/profiles/default.yaml rename to resources/v1.30-alpha.eed996de/profiles/default.yaml diff --git a/resources/v1.30-alpha.a3b3111f/profiles/demo.yaml b/resources/v1.30-alpha.eed996de/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/profiles/demo.yaml rename to resources/v1.30-alpha.eed996de/profiles/demo.yaml diff --git a/resources/v1.30-alpha.a3b3111f/profiles/empty.yaml b/resources/v1.30-alpha.eed996de/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/profiles/empty.yaml rename to resources/v1.30-alpha.eed996de/profiles/empty.yaml diff --git a/resources/v1.30-alpha.a3b3111f/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.eed996de/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.eed996de/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.a3b3111f/profiles/openshift.yaml b/resources/v1.30-alpha.eed996de/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/profiles/openshift.yaml rename to resources/v1.30-alpha.eed996de/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.a3b3111f/profiles/preview.yaml b/resources/v1.30-alpha.eed996de/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/profiles/preview.yaml rename to resources/v1.30-alpha.eed996de/profiles/preview.yaml diff --git a/resources/v1.30-alpha.a3b3111f/profiles/remote.yaml b/resources/v1.30-alpha.eed996de/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/profiles/remote.yaml rename to resources/v1.30-alpha.eed996de/profiles/remote.yaml diff --git a/resources/v1.30-alpha.a3b3111f/profiles/stable.yaml b/resources/v1.30-alpha.eed996de/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.a3b3111f/profiles/stable.yaml rename to resources/v1.30-alpha.eed996de/profiles/stable.yaml diff --git a/resources/v1.30-alpha.eed996de/ztunnel-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag b/resources/v1.30-alpha.eed996de/ztunnel-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag new file mode 100644 index 000000000..03e297a7e --- /dev/null +++ b/resources/v1.30-alpha.eed996de/ztunnel-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag @@ -0,0 +1 @@ +5403316be000ea5da1b2ebcdee20db6c From 6b6c5bac5445d2d5d72667bb8c607ae838415d4c Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Tue, 3 Feb 2026 00:39:45 -0500 Subject: [PATCH 22/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1563) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 2 +- go.sum | 4 +-- pkg/istioversion/versions.yaml | 18 ++++++------ ...2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag | 1 + resources/v1.30-alpha.a6c6f0b2/commit | 1 + ...2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag | 1 + ...2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag | 1 + ...e8e84d7a3cd62417214e27b38300efdfa.tgz.etag | 1 - ...e8e84d7a3cd62417214e27b38300efdfa.tgz.etag | 1 - resources/v1.30-alpha.eed996de/commit | 1 - ...e8e84d7a3cd62417214e27b38300efdfa.tgz.etag | 1 - ...e8e84d7a3cd62417214e27b38300efdfa.tgz.etag | 1 - ...e8e84d7a3cd62417214e27b38300efdfa.tgz.etag | 1 - 221 files changed, 92 insertions(+), 92 deletions(-) create mode 100644 resources/v1.30-alpha.a6c6f0b2/base-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/README.md (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.a6c6f0b2/cni-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag create mode 100644 resources/v1.30-alpha.a6c6f0b2/commit create mode 100644 resources/v1.30-alpha.a6c6f0b2/gateway-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag create mode 100644 resources/v1.30-alpha.a6c6f0b2/istiod-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.eed996de => v1.30-alpha.a6c6f0b2}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.a6c6f0b2/ztunnel-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag delete mode 100644 resources/v1.30-alpha.eed996de/base-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag delete mode 100644 resources/v1.30-alpha.eed996de/cni-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag delete mode 100644 resources/v1.30-alpha.eed996de/commit delete mode 100644 resources/v1.30-alpha.eed996de/gateway-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag delete mode 100644 resources/v1.30-alpha.eed996de/istiod-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag delete mode 100644 resources/v1.30-alpha.eed996de/ztunnel-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 7cca5a953..567a6b248 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.eed996de + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.a6c6f0b2 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 0f501add1..3e33e87c9 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.eed996de + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.a6c6f0b2 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 0474fa3dd..4223cfcb2 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eed996de. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.eed996de + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a6c6f0b2. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.a6c6f0b2 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 1f400addc..4f7ae3699 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.eed996de + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.a6c6f0b2 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 4fe09e87d..c6efd1e58 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.eed996de + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.a6c6f0b2 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 630f0774d..535070080 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-02T05:32:00Z" + createdAt: "2026-02-03T05:25:31Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eed996de. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a6c6f0b2. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.eed996de + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.eed996de + - v1.30-alpha.a6c6f0b2 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_eed996de.cni: gcr.io/istio-testing/install-cni:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa - images.v1_30-alpha_eed996de.istiod: gcr.io/istio-testing/pilot:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa - images.v1_30-alpha_eed996de.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa - images.v1_30-alpha_eed996de.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa + images.v1_30-alpha_a6c6f0b2.cni: gcr.io/istio-testing/install-cni:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f + images.v1_30-alpha_a6c6f0b2.istiod: gcr.io/istio-testing/pilot:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f + images.v1_30-alpha_a6c6f0b2.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f + images.v1_30-alpha_a6c6f0b2.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 1479c3563..5a689f111 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.eed996de + - v1.30-alpha.a6c6f0b2 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index cb3802247..afd6aead6 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eed996de. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a6c6f0b2. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.eed996de + - v1.30-alpha.a6c6f0b2 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index dc8ea3c1c..389750081 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.eed996de + - v1.30-alpha.a6c6f0b2 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 3d29de6f2..62ed096cd 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.eed996de + - v1.30-alpha.a6c6f0b2 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.eed996de + - v1.30-alpha.a6c6f0b2 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 91c457548..e6d0a9338 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.eed996de + - v1.30-alpha.a6c6f0b2 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index 4cef9a2cf..140034b91 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10122,7 +10122,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eed996de. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a6c6f0b2. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.eed996de + - v1.30-alpha.a6c6f0b2 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 5917c1663..de6250307 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10196,7 +10196,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.eed996de + - v1.30-alpha.a6c6f0b2 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 91b48690a..91e321574 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.eed996de + - v1.30-alpha.a6c6f0b2 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.eed996de + - v1.30-alpha.a6c6f0b2 type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index bfac96658..4840659a7 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_eed996de.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa - images.v1_30-alpha_eed996de.istiod: gcr.io/istio-testing/pilot:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa - images.v1_30-alpha_eed996de.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa - images.v1_30-alpha_eed996de.cni: gcr.io/istio-testing/install-cni:1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa + images.v1_30-alpha_a6c6f0b2.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f + images.v1_30-alpha_a6c6f0b2.istiod: gcr.io/istio-testing/pilot:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f + images.v1_30-alpha_a6c6f0b2.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f + images.v1_30-alpha_a6c6f0b2.cni: gcr.io/istio-testing/install-cni:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.eed996de + - v1.30-alpha.a6c6f0b2 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 1146494e0..9a9dc2680 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.eed996de] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.a6c6f0b2] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.eed996de. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.eed996de] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a6c6f0b2. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.a6c6f0b2] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.eed996de] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.a6c6f0b2] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3524,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.eed996de] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.a6c6f0b2] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3690,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.eed996de. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.eed996de] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.a6c6f0b2] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index 210b38129..d43e2f84e 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6 - istio.io/istio v0.0.0-20260202003434-eed996de8e84 + istio.io/istio v0.0.0-20260202143537-a6c6f0b2386a k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 diff --git a/go.sum b/go.sum index 11f2213ed..54b6d84c6 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098 h1:4CfBKcddlIEBA6rOMn istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6 h1:FFx8zZzGLXiKSh+8fZ55DyZ9Dxrgm5yIZQC288zTXJI= istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6/go.mod h1:xyne+dIQweP+ILjaTFIOQ4Dz01X46xUbVgA0oYTAs5Y= -istio.io/istio v0.0.0-20260202003434-eed996de8e84 h1:l+BAK75XYkbR0GdQUUDUdjXjMcbW0o4wwNkUY7nfFek= -istio.io/istio v0.0.0-20260202003434-eed996de8e84/go.mod h1:s7QytkVMNlO/Lc9cY3zZdhsJ5znUnGxj08IOZTgU0Vk= +istio.io/istio v0.0.0-20260202143537-a6c6f0b2386a h1:TvPAtCaZVcITDBhORQOBc2BG2JyssKDIxadwPQV5c/E= +istio.io/istio v0.0.0-20260202143537-a6c6f0b2386a/go.mod h1:s7QytkVMNlO/Lc9cY3zZdhsJ5znUnGxj08IOZTgU0Vk= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 92d4d8014..a2d1874ed 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.eed996de - - name: v1.30-alpha.eed996de - version: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa + ref: v1.30-alpha.a6c6f0b2 + - name: v1.30-alpha.a6c6f0b2 + version: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f repo: https://github.com/istio/istio branch: master - commit: eed996de8e84d7a3cd62417214e27b38300efdfa + commit: a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa/helm/base-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa/helm/cni-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa/helm/gateway-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa/helm/istiod-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa/helm/ztunnel-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f/helm/base-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f/helm/cni-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f/helm/gateway-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f/helm/istiod-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f/helm/ztunnel-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz diff --git a/resources/v1.30-alpha.a6c6f0b2/base-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag b/resources/v1.30-alpha.a6c6f0b2/base-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag new file mode 100644 index 000000000..925a64438 --- /dev/null +++ b/resources/v1.30-alpha.a6c6f0b2/base-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag @@ -0,0 +1 @@ +4d86e506dbe10bd7652726c312e7d5c0 diff --git a/resources/v1.30-alpha.eed996de/charts/base/Chart.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.eed996de/charts/base/Chart.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/Chart.yaml index c806dfcc2..91b03873d 100644 --- a/resources/v1.30-alpha.eed996de/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.a6c6f0b2/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa +appVersion: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa +version: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f diff --git a/resources/v1.30-alpha.eed996de/charts/base/README.md b/resources/v1.30-alpha.a6c6f0b2/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/README.md rename to resources/v1.30-alpha.a6c6f0b2/charts/base/README.md diff --git a/resources/v1.30-alpha.eed996de/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.a6c6f0b2/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.a6c6f0b2/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.eed996de/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/base/values.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/base/values.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/base/values.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/Chart.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.eed996de/charts/cni/Chart.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/Chart.yaml index 498c0deed..a993f92f5 100644 --- a/resources/v1.30-alpha.eed996de/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.a6c6f0b2/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa +appVersion: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa +version: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f diff --git a/resources/v1.30-alpha.eed996de/charts/cni/README.md b/resources/v1.30-alpha.a6c6f0b2/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/README.md rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/README.md diff --git a/resources/v1.30-alpha.eed996de/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.eed996de/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.eed996de/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/cni/values.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.eed996de/charts/cni/values.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/cni/values.yaml index 0418d27df..d62a8c84b 100644 --- a/resources/v1.30-alpha.eed996de/charts/cni/values.yaml +++ b/resources/v1.30-alpha.a6c6f0b2/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa + tag: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/Chart.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.eed996de/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/Chart.yaml index 3cda0ae2b..816e51c55 100644 --- a/resources/v1.30-alpha.eed996de/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa +appVersion: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa +version: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/README.md b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/README.md rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/README.md diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/values.schema.json b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/values.schema.json rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.eed996de/charts/gateway/values.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/gateway/values.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/Chart.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.eed996de/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/Chart.yaml index 987616d2b..61925696a 100644 --- a/resources/v1.30-alpha.eed996de/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa +appVersion: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa +version: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/README.md b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/README.md rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/README.md diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/istiod/values.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.eed996de/charts/istiod/values.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/istiod/values.yaml index ea8554c0e..4e0a91817 100644 --- a/resources/v1.30-alpha.eed996de/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.a6c6f0b2/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa + tag: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/Chart.yaml index fe17f1925..b7d8e4f39 100644 --- a/resources/v1.30-alpha.eed996de/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa +appVersion: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/revisiontags/values.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.eed996de/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/values.yaml index ea8554c0e..4e0a91817 100644 --- a/resources/v1.30-alpha.eed996de/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa + tag: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/Chart.yaml index b9567a473..39ea01676 100644 --- a/resources/v1.30-alpha.eed996de/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa +appVersion: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa +version: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/README.md b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/README.md rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.eed996de/charts/ztunnel/values.yaml b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.eed996de/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/values.yaml index 5cf5c7374..fefb29eed 100644 --- a/resources/v1.30-alpha.eed996de/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa + tag: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.a6c6f0b2/cni-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag b/resources/v1.30-alpha.a6c6f0b2/cni-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag new file mode 100644 index 000000000..5e44e0816 --- /dev/null +++ b/resources/v1.30-alpha.a6c6f0b2/cni-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag @@ -0,0 +1 @@ +871c63e6fc2ffbee329396b4750bf562 diff --git a/resources/v1.30-alpha.a6c6f0b2/commit b/resources/v1.30-alpha.a6c6f0b2/commit new file mode 100644 index 000000000..b932e2604 --- /dev/null +++ b/resources/v1.30-alpha.a6c6f0b2/commit @@ -0,0 +1 @@ +a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f diff --git a/resources/v1.30-alpha.a6c6f0b2/gateway-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag b/resources/v1.30-alpha.a6c6f0b2/gateway-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag new file mode 100644 index 000000000..145c1ed5d --- /dev/null +++ b/resources/v1.30-alpha.a6c6f0b2/gateway-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag @@ -0,0 +1 @@ +339bbbc2e6fb7d7245a8ccb2990e1035 diff --git a/resources/v1.30-alpha.a6c6f0b2/istiod-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag b/resources/v1.30-alpha.a6c6f0b2/istiod-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag new file mode 100644 index 000000000..53b7e8de5 --- /dev/null +++ b/resources/v1.30-alpha.a6c6f0b2/istiod-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag @@ -0,0 +1 @@ +d1ac716a9a42329a88dca5601564a04b diff --git a/resources/v1.30-alpha.eed996de/profiles/ambient.yaml b/resources/v1.30-alpha.a6c6f0b2/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/profiles/ambient.yaml rename to resources/v1.30-alpha.a6c6f0b2/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.eed996de/profiles/default.yaml b/resources/v1.30-alpha.a6c6f0b2/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/profiles/default.yaml rename to resources/v1.30-alpha.a6c6f0b2/profiles/default.yaml diff --git a/resources/v1.30-alpha.eed996de/profiles/demo.yaml b/resources/v1.30-alpha.a6c6f0b2/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/profiles/demo.yaml rename to resources/v1.30-alpha.a6c6f0b2/profiles/demo.yaml diff --git a/resources/v1.30-alpha.eed996de/profiles/empty.yaml b/resources/v1.30-alpha.a6c6f0b2/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/profiles/empty.yaml rename to resources/v1.30-alpha.a6c6f0b2/profiles/empty.yaml diff --git a/resources/v1.30-alpha.eed996de/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.a6c6f0b2/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.a6c6f0b2/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.eed996de/profiles/openshift.yaml b/resources/v1.30-alpha.a6c6f0b2/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/profiles/openshift.yaml rename to resources/v1.30-alpha.a6c6f0b2/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.eed996de/profiles/preview.yaml b/resources/v1.30-alpha.a6c6f0b2/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/profiles/preview.yaml rename to resources/v1.30-alpha.a6c6f0b2/profiles/preview.yaml diff --git a/resources/v1.30-alpha.eed996de/profiles/remote.yaml b/resources/v1.30-alpha.a6c6f0b2/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/profiles/remote.yaml rename to resources/v1.30-alpha.a6c6f0b2/profiles/remote.yaml diff --git a/resources/v1.30-alpha.eed996de/profiles/stable.yaml b/resources/v1.30-alpha.a6c6f0b2/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.eed996de/profiles/stable.yaml rename to resources/v1.30-alpha.a6c6f0b2/profiles/stable.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/ztunnel-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag b/resources/v1.30-alpha.a6c6f0b2/ztunnel-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag new file mode 100644 index 000000000..fbf9c850a --- /dev/null +++ b/resources/v1.30-alpha.a6c6f0b2/ztunnel-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag @@ -0,0 +1 @@ +324050adc72bb5cb55bb7df4a620c1d5 diff --git a/resources/v1.30-alpha.eed996de/base-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag b/resources/v1.30-alpha.eed996de/base-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag deleted file mode 100644 index 7bfd4d02a..000000000 --- a/resources/v1.30-alpha.eed996de/base-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -7ae9b116e8b1cf2d3358f366fab5dd68 diff --git a/resources/v1.30-alpha.eed996de/cni-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag b/resources/v1.30-alpha.eed996de/cni-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag deleted file mode 100644 index df12ec54b..000000000 --- a/resources/v1.30-alpha.eed996de/cni-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -ca0cfb7ffae6d6a8df92a8e8c1e7cf70 diff --git a/resources/v1.30-alpha.eed996de/commit b/resources/v1.30-alpha.eed996de/commit deleted file mode 100644 index e468c5b55..000000000 --- a/resources/v1.30-alpha.eed996de/commit +++ /dev/null @@ -1 +0,0 @@ -eed996de8e84d7a3cd62417214e27b38300efdfa diff --git a/resources/v1.30-alpha.eed996de/gateway-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag b/resources/v1.30-alpha.eed996de/gateway-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag deleted file mode 100644 index b88c2d8ad..000000000 --- a/resources/v1.30-alpha.eed996de/gateway-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -4a8446f2be970e0ea6c010ff69a2f536 diff --git a/resources/v1.30-alpha.eed996de/istiod-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag b/resources/v1.30-alpha.eed996de/istiod-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag deleted file mode 100644 index e7846d754..000000000 --- a/resources/v1.30-alpha.eed996de/istiod-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -dcfcbefd7a8a17dcfccafbf896b8ce85 diff --git a/resources/v1.30-alpha.eed996de/ztunnel-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag b/resources/v1.30-alpha.eed996de/ztunnel-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag deleted file mode 100644 index 03e297a7e..000000000 --- a/resources/v1.30-alpha.eed996de/ztunnel-1.30-alpha.eed996de8e84d7a3cd62417214e27b38300efdfa.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -5403316be000ea5da1b2ebcdee20db6c From 02722bd1177202d6b54cf8c3bdd2cec38d3891bf Mon Sep 17 00:00:00 2001 From: Filip Brychta Date: Tue, 3 Feb 2026 10:54:45 +0100 Subject: [PATCH 23/40] Adding documentation for zero downtime ztunnel upgrade (#1552) * Adding documentation for zero downtime ztunnel upgrade Adding two options for ztunnel upgrade Signed-off-by: Filip Brychta * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam * Review changes Signed-off-by: Filip Brychta * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam * Update docs/update-strategy/update-strategy.adoc Co-authored-by: Sridhar Gaddam --------- Signed-off-by: Filip Brychta Co-authored-by: Sridhar Gaddam --- docs/README.adoc | 2 +- docs/update-strategy/update-strategy.adoc | 74 +++++++++++++++++++++-- 2 files changed, 69 insertions(+), 7 deletions(-) diff --git a/docs/README.adoc b/docs/README.adoc index 6e459da23..c54da09ce 100644 --- a/docs/README.adoc +++ b/docs/README.adoc @@ -7,7 +7,7 @@ link:../[Return to Project Root] -*Note*: To add new topics to this documentation, please follow the guidelines in the link:../../docs/guidelines/guidelines.adoc[guidelines] doc. +*Note*: To add new topics to this documentation, please follow the guidelines in the link:guidelines/guidelines.adoc[guidelines] doc. == Table of Contents diff --git a/docs/update-strategy/update-strategy.adoc b/docs/update-strategy/update-strategy.adoc index ad5a879de..bce866b3d 100644 --- a/docs/update-strategy/update-strategy.adoc +++ b/docs/update-strategy/update-strategy.adoc @@ -179,7 +179,7 @@ InPlace updates restart control plane pods, which may cause brief service disrup [[inplace-ambient-mode-considerations]] === InPlace Strategy for Ambient Mode -With InPlace updates in ambient mode, all components update directly. In ambient mode, the ztunnel maintains xDS connections to istiod, not application workloads directly. IstioCNI and ZTunnel use rolling updates. Brief traffic interruption may occur during control plane updates. Running multiple istiod replicas helps minimize this risk but doesn't eliminate it. For details, see the https://istio.io/latest/docs/ambient/upgrade/helm/#understanding-ambient-mode-upgrades[Istio ambient mode upgrade documentation]. +With InPlace updates in ambient mode, all components update directly. Update sequence is described below. In contrast to sidecar mode, ambient mode supports moving application pods to an upgraded ztunnel proxy without a mandatory restart or reschedule of running application pods. However, upgrading ztunnel could cause all long-lived TCP connections on the upgraded node to reset. See <> for instruction how to avoid this problem. Recommendation to configure istiod with high availability (HA) applies for ambient mode as well. **Update sequence for ambient mode:** @@ -189,8 +189,6 @@ With InPlace updates in ambient mode, all components update directly. In ambient See <> for detailed IstioCNI and ZTunnel update procedures. -*Tip:* Running istiod in HA mode reduces traffic disruptions during updates. See the link:../../docs/general/istiod-ha.adoc[HA guide]. - [[revisionbased]] == RevisionBased With RevisionBased, a new control plane instance is created for each version change. The old control plane stays until workloads migrate to the new version. The migration is triggered by updating namespace labels and restarting pods. The old control plane is deleted after the grace period in `spec.updateStrategy.inactiveRevisionDeletionGracePeriodSeconds`. @@ -722,10 +720,74 @@ For detailed waypoint configuration, see link:../common/istio-ambient-waypoint.a **ZTunnel DaemonSet Updates:** -When upgrading the ambient cluster, new mTLS connections continue to function normally. However, upgrading ztunnel will cause existing long-lived TCP connections on the upgraded node to reset after a grace period. For production upgrades, use node cordoning or blue/green node pools. +Ztunnel operates at Layer 4 of the OSI model, proxying TCP traffic, and does not have application-layer visibility. Because of this, it cannot transfer connection state to another process. This has significant implications for the long-lived TCP connections on the upgraded node. The ztunnel runs as a DaemonSet — a per-node proxy — meaning that ztunnel upgrades affect, at minimum, an entire node at a time. + +**ZTunnel LifeCycle** + +By default ztunnel DaemonSet is using RollingUpdate update strategy and during every restart will go through following phases (node by node): + +. New ztunnel pod starts on a node (while old one is still running) +. New ztunnel establishes listeners in each pod running on the node, and marks itself "ready". +. At this point, we have both ztunnels running. New connections may be handled by either instance, for a very brief period of time as ztunnel uses SO_REUSEPORT. +. Shortly after, Kubernetes will start terminating the old ztunnel. It does this initially by sending a SIGTERM. Old ztunnel will catch this, and start "draining". +. Immediately upon starting a drain, the old ztunnel will close its listeners. Now only the new ztunnel is listening. Critically, at all times there will be at least one ztunnel available to accept new connections. +. While old ztunnel will not accept new connections, it will continue processing existing connections. +. After the drain period, the old ztunnel will forcefully terminate any outstanding connections. + +The drain period is configured by https://github.com/istio/istio/blob/master/manifests/charts/ztunnel/values.yaml#L96C3-L96C32[terminationGracePeriodSeconds]. Every connection still open after the drain period will be forcefully terminated. + +**Upgrade using high terminationGracePeriodSeconds** + +The simplest option to avoid dropping connections is to configure high enough terminationGracePeriodSeconds so all application connections can naturally and gracefully terminate. This however requires good knowledge of applications running in the mesh. Also with high terminationGracePeriodSeconds it will take a long time to finish the upgrade as only one node is being processed at the time. Therefore a wise balance is necessary. + +Default terminationGracePeriodSeconds value can be changed via: +[source,yaml,subs="attributes+"] +---- +apiVersion: sailoperator.io/v1 +kind: ZTunnel +metadata: + name: default +spec: + version: {istio_latest_version} + namespace: ztunnel + values: + ztunnel: + terminationGracePeriodSeconds: 300 # 5 minutes - adjust based on workload +---- + + +**A safe upgrade using node draining** + +As it's not possible to pass TCP connection to another process, only reliable option to force an application to reconnect through a new ztunnel is by graceful restart of the application. This can be done manually by restarting selected applications or all at once by node draining. Applications would have to be restarted at the correct time when the new ztunnel is started and the old ztunnel is in the draining phase. This would be difficult to achieve. + +[NOTE] +Applications with retry logic or short keepalive timeouts will naturally recover better than ones with very long idle TCP connections. + +For better control over the upgrade process it is possible to use https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy[OnDelete update strategy] which can be set via: + +[source,yaml,subs="attributes+"] +---- +apiVersion: sailoperator.io/v1 +kind: ZTunnel +metadata: + name: default +spec: + version: {istio_latest_version} + namespace: ztunnel + values: + ztunnel: + updateStrategy: + type: OnDelete +---- + +With this update strategy, following workflow will avoid forceful termination of long-lived connections: + +. Update ZTunnel version +. Drain a node: This forces all applications to move to other nodes, closing their long-lived connections gracefully (per their own terminationGracePeriodSeconds). +. Delete old ztunnel pod and wait for new one to be started: Since the node is empty, deleting the old ztunnel and starting the new one carries zero risk to traffic. +. Mark the node as schedulable: This allows applications to schedule back onto the node and they will now automatically use the new ztunnel. +. repeat steps 2 -- 4 for all nodes -* Rolling updates update one node at a time by default -* New connections may experience brief latency while a node's ZTunnel restarts **Version Skew:** From 4711092fd116834c7ca2e3df95abc43db6643981 Mon Sep 17 00:00:00 2001 From: Aslak Knutsen Date: Tue, 3 Feb 2026 14:39:47 +0100 Subject: [PATCH 24/40] Migrate to fs.FS as the sole resource loading interface (#1561) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * refactor(helm)!: migrate to fs.FS as the sole resource loading interface Replace string-based ResourceDirectory with fs.FS throughout the codebase to provide a unified abstraction for loading Helm charts and profiles. Changes: - ReconcilerConfig.ResourceDirectory string → ResourceFS fs.FS - cmd/main.go wraps flag value with os.DirFS() at startup - All controllers use ResourceFS directly (no path construction with ResourceDirectory) - UpgradeOrInstallChart now takes (fs.FS, chartPath) instead of chartDir - Renamed getChartDir() → getChartPath() (returns relative path) - Added pkg/helm/fsloader.go with LoadChart() for loading charts from fs.FS This enables consumers to use embed.FS for bundled resources or os.DirFS for filesystem-based resources through a single consistent interface. BREAKING CHANGE: ReconcilerConfig.ResourceDirectory replaced with ResourceFS fs.FS. ChartManager.UpgradeOrInstallChart signature changed to accept fs.FS. Signed-off-by: Aslak Knutsen * feat(resources): add embedded fs.FS for library consumers Provide an embed.FS in the resources package so downstream consumers can bundle Helm charts and profiles directly in their binary instead of relying on filesystem paths. The Sail Operator itself does not import this package, keeping its binary size unchanged. This is intended for library consumers who want self-contained binaries with embedded resources. Usage: import "github.com/istio-ecosystem/sail-operator/resources" cfg := config.ReconcilerConfig{ResourceFS: resources.FS} Signed-off-by: Aslak Knutsen * feat(resources): use embedded resources by default Add embedded fs.FS from the resources package and use it as the default resource source. The operator now embeds all Helm charts and profiles directly in the binary, eliminating the need for external resource files. Changes: - Change --resource-directory default from /var/lib/sail-operator/resources to "" - When --resource-directory is empty (default), use embedded resources.FS - When --resource-directory is specified, use os.DirFS for filesystem access - Removed --resource-directory from Makefile - Removed --resource-directory from Dockerfile This increases binary size by ~10MB but simplifies deployment by removing the dependency on external resource files mounted into the container. Signed-off-by: Aslak Knutsen --------- Signed-off-by: Aslak Knutsen --- Dockerfile | 1 - Makefile.core.mk | 2 +- cmd/main.go | 11 ++- controllers/istio/istio_controller.go | 2 +- controllers/istio/istio_controller_test.go | 3 +- controllers/istiocni/istiocni_controller.go | 9 +- .../istiocni/istiocni_controller_test.go | 3 +- .../istiorevision/istiorevision_controller.go | 8 +- .../istiorevision_controller_test.go | 3 +- .../istiorevisiontag_controller.go | 8 +- .../istiorevisiontag_controller_test.go | 3 +- .../webhook/webhook_controller_test.go | 3 +- controllers/ztunnel/ztunnel_controller.go | 9 +- .../ztunnel/ztunnel_controller_test.go | 7 +- pkg/config/config.go | 3 +- pkg/helm/chartmanager.go | 26 ++++-- pkg/helm/chartmanager_test.go | 44 +++++----- pkg/helm/fsloader.go | 74 +++++++++++++++++ pkg/helm/fsloader_test.go | 83 +++++++++++++++++++ pkg/istiovalues/profiles.go | 26 ++++-- pkg/istiovalues/profiles_test.go | 2 +- pkg/revision/dependency.go | 8 +- pkg/revision/dependency_test.go | 3 +- pkg/revision/values.go | 7 +- pkg/revision/values_test.go | 4 +- resources/resources.go | 69 +++++++++++++++ tests/integration/api/suite_test.go | 3 +- 27 files changed, 346 insertions(+), 78 deletions(-) create mode 100644 pkg/helm/fsloader.go create mode 100644 pkg/helm/fsloader_test.go create mode 100644 resources/resources.go diff --git a/Dockerfile b/Dockerfile index d7fde71f8..af59dd086 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,6 @@ ARG TARGETOS TARGETARCH COPY --from=packager /output / ADD out/${TARGETOS:-linux}_${TARGETARCH:-amd64}/sail-operator /sail-operator -ADD resources /var/lib/sail-operator/resources USER 65532:65532 WORKDIR / diff --git a/Makefile.core.mk b/Makefile.core.mk index e0507f79a..123bb6ea5 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -251,7 +251,7 @@ build: build-$(TARGET_ARCH) ## Build the sail-operator binary. .PHONY: run run: gen ## Run a controller from your host. - POD_NAMESPACE=${NAMESPACE} go run ./cmd/main.go --config-file=./hack/config.properties --resource-directory=./resources + POD_NAMESPACE=${NAMESPACE} go run ./cmd/main.go --config-file=./hack/config.properties # docker build -t ${IMAGE} --build-arg GIT_TAG=${GIT_TAG} --build-arg GIT_REVISION=${GIT_REVISION} --build-arg GIT_STATUS=${GIT_STATUS} . .PHONY: docker-build diff --git a/cmd/main.go b/cmd/main.go index 55c3da4c5..3514b19c3 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -32,6 +32,7 @@ import ( "github.com/istio-ecosystem/sail-operator/pkg/helm" "github.com/istio-ecosystem/sail-operator/pkg/scheme" "github.com/istio-ecosystem/sail-operator/pkg/version" + "github.com/istio-ecosystem/sail-operator/resources" _ "k8s.io/client-go/plugin/pkg/client/auth" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/healthz" @@ -47,6 +48,7 @@ func main() { var metricsAddr string var probeAddr string var configFile string + var resourceDirectory string var logAPIRequests bool var printVersion bool var leaderElectionEnabled bool @@ -55,7 +57,7 @@ func main() { flag.StringVar(&metricsAddr, "metrics-bind-address", ":8443", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") flag.StringVar(&configFile, "config-file", "/etc/sail-operator/config.properties", "Location of the config file, propagated by k8s downward APIs") - flag.StringVar(&reconcilerCfg.ResourceDirectory, "resource-directory", "/var/lib/sail-operator/resources", "Where to find resources (e.g. charts)") + flag.StringVar(&resourceDirectory, "resource-directory", "", "Where to find resources (e.g. charts). If empty, uses embedded resources.") flag.IntVar(&reconcilerCfg.MaxConcurrentReconciles, "max-concurrent-reconciles", 1, "MaxConcurrentReconciles is the maximum number of concurrent Reconciles which can be run.") flag.BoolVar(&logAPIRequests, "log-api-requests", false, "Whether to log each request sent to the Kubernetes API server") @@ -78,6 +80,13 @@ func main() { ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) + if resourceDirectory != "" { + setupLog.Info("using filesystem resources", "directory", resourceDirectory) + reconcilerCfg.ResourceFS = os.DirFS(resourceDirectory) + } else { + setupLog.Info("using embedded resources") + reconcilerCfg.ResourceFS = resources.FS + } reconcilerCfg.OperatorNamespace = os.Getenv("POD_NAMESPACE") if reconcilerCfg.OperatorNamespace == "" { contents, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace") diff --git a/controllers/istio/istio_controller.go b/controllers/istio/istio_controller.go index 04ed53879..1e19d63f7 100644 --- a/controllers/istio/istio_controller.go +++ b/controllers/istio/istio_controller.go @@ -128,7 +128,7 @@ func (r *Reconciler) reconcileActiveRevision(ctx context.Context, istio *v1.Isti values, err := revision.ComputeValues( istio.Spec.Values, istio.Spec.Namespace, version, r.Config.Platform, r.Config.DefaultProfile, istio.Spec.Profile, - r.Config.ResourceDirectory, getActiveRevisionName(istio)) + r.Config.ResourceFS, getActiveRevisionName(istio)) if err != nil { return err } diff --git a/controllers/istio/istio_controller_test.go b/controllers/istio/istio_controller_test.go index b00cbaaff..766e678da 100644 --- a/controllers/istio/istio_controller_test.go +++ b/controllers/istio/istio_controller_test.go @@ -17,6 +17,7 @@ package istio import ( "context" "fmt" + "os" "runtime/debug" "strings" "testing" @@ -1091,7 +1092,7 @@ func noWrites(t *testing.T) interceptor.Funcs { func newReconcilerTestConfig(t *testing.T) config.ReconcilerConfig { return config.ReconcilerConfig{ - ResourceDirectory: t.TempDir(), + ResourceFS: os.DirFS(t.TempDir()), Platform: config.PlatformKubernetes, DefaultProfile: "", MaxConcurrentReconciles: 1, diff --git a/controllers/istiocni/istiocni_controller.go b/controllers/istiocni/istiocni_controller.go index 4a5b6e38e..db9aaef78 100644 --- a/controllers/istiocni/istiocni_controller.go +++ b/controllers/istiocni/istiocni_controller.go @@ -162,20 +162,21 @@ func (r *Reconciler) installHelmChart(ctx context.Context, cni *v1.IstioCNI) err // apply userValues on top of defaultValues from profiles mergedHelmValues, err := istiovalues.ApplyProfilesAndPlatform( - r.Config.ResourceDirectory, version, r.Config.Platform, r.Config.DefaultProfile, cni.Spec.Profile, helm.FromValues(userValues)) + r.Config.ResourceFS, version, r.Config.Platform, r.Config.DefaultProfile, cni.Spec.Profile, helm.FromValues(userValues)) if err != nil { return fmt.Errorf("failed to apply profile: %w", err) } - _, err = r.ChartManager.UpgradeOrInstallChart(ctx, r.getChartDir(version), mergedHelmValues, cni.Spec.Namespace, cniReleaseName, &ownerReference) + _, err = r.ChartManager.UpgradeOrInstallChart( + ctx, r.Config.ResourceFS, r.getChartPath(version), mergedHelmValues, cni.Spec.Namespace, cniReleaseName, &ownerReference) if err != nil { return fmt.Errorf("failed to install/update Helm chart %q: %w", cniChartName, err) } return nil } -func (r *Reconciler) getChartDir(version string) string { - return path.Join(r.Config.ResourceDirectory, version, "charts", cniChartName) +func (r *Reconciler) getChartPath(version string) string { + return path.Join(version, "charts", cniChartName) } func applyImageDigests(version string, values *v1.CNIValues, config config.OperatorConfig) *v1.CNIValues { diff --git a/controllers/istiocni/istiocni_controller_test.go b/controllers/istiocni/istiocni_controller_test.go index 97920c647..ee851d424 100644 --- a/controllers/istiocni/istiocni_controller_test.go +++ b/controllers/istiocni/istiocni_controller_test.go @@ -17,6 +17,7 @@ package istiocni import ( "context" "fmt" + "os" "testing" "github.com/google/go-cmp/cmp" @@ -705,7 +706,7 @@ func normalize(condition v1.IstioCNICondition) v1.IstioCNICondition { func newReconcilerTestConfig(t *testing.T) config.ReconcilerConfig { return config.ReconcilerConfig{ - ResourceDirectory: t.TempDir(), + ResourceFS: os.DirFS(t.TempDir()), Platform: config.PlatformKubernetes, DefaultProfile: "", MaxConcurrentReconciles: 1, diff --git a/controllers/istiorevision/istiorevision_controller.go b/controllers/istiorevision/istiorevision_controller.go index d98b865e4..c1f786e54 100644 --- a/controllers/istiorevision/istiorevision_controller.go +++ b/controllers/istiorevision/istiorevision_controller.go @@ -176,13 +176,13 @@ func (r *Reconciler) installHelmCharts(ctx context.Context, rev *v1.IstioRevisio } values := helm.FromValues(rev.Spec.Values) - _, err := r.ChartManager.UpgradeOrInstallChart(ctx, r.getChartDir(rev, constants.IstiodChartName), + _, err := r.ChartManager.UpgradeOrInstallChart(ctx, r.Config.ResourceFS, r.getChartPath(rev, constants.IstiodChartName), values, rev.Spec.Namespace, getReleaseName(rev, constants.IstiodChartName), &ownerReference) if err != nil { return fmt.Errorf("failed to install/update Helm chart %q: %w", constants.IstiodChartName, err) } if rev.Name == v1.DefaultRevision { - _, err := r.ChartManager.UpgradeOrInstallChart(ctx, r.getChartDir(rev, constants.BaseChartName), + _, err := r.ChartManager.UpgradeOrInstallChart(ctx, r.Config.ResourceFS, r.getChartPath(rev, constants.BaseChartName), values, r.Config.OperatorNamespace, getReleaseName(rev, constants.BaseChartName), &ownerReference) if err != nil { return fmt.Errorf("failed to install/update Helm chart %q: %w", constants.BaseChartName, err) @@ -195,8 +195,8 @@ func getReleaseName(rev *v1.IstioRevision, chartName string) string { return fmt.Sprintf("%s-%s", rev.Name, chartName) } -func (r *Reconciler) getChartDir(rev *v1.IstioRevision, chartName string) string { - return path.Join(r.Config.ResourceDirectory, rev.Spec.Version, "charts", chartName) +func (r *Reconciler) getChartPath(rev *v1.IstioRevision, chartName string) string { + return path.Join(rev.Spec.Version, "charts", chartName) } func (r *Reconciler) uninstallHelmCharts(ctx context.Context, rev *v1.IstioRevision) error { diff --git a/controllers/istiorevision/istiorevision_controller_test.go b/controllers/istiorevision/istiorevision_controller_test.go index b39882e00..598f6c4e0 100644 --- a/controllers/istiorevision/istiorevision_controller_test.go +++ b/controllers/istiorevision/istiorevision_controller_test.go @@ -17,6 +17,7 @@ package istiorevision import ( "context" "fmt" + "os" "strings" "testing" @@ -1053,7 +1054,7 @@ func TestIgnoreStatusChangePredicate(t *testing.T) { func newReconcilerTestConfig(t *testing.T) config.ReconcilerConfig { return config.ReconcilerConfig{ - ResourceDirectory: t.TempDir(), + ResourceFS: os.DirFS(t.TempDir()), Platform: config.PlatformKubernetes, DefaultProfile: "", MaxConcurrentReconciles: 1, diff --git a/controllers/istiorevisiontag/istiorevisiontag_controller.go b/controllers/istiorevisiontag/istiorevisiontag_controller.go index 7bf027c24..b03b70e30 100644 --- a/controllers/istiorevisiontag/istiorevisiontag_controller.go +++ b/controllers/istiorevisiontag/istiorevisiontag_controller.go @@ -198,13 +198,13 @@ func (r *Reconciler) installHelmCharts(ctx context.Context, tag *v1.IstioRevisio return err } - _, err := r.ChartManager.UpgradeOrInstallChart(ctx, r.getChartDir(rev, revisionTagsChartName), + _, err := r.ChartManager.UpgradeOrInstallChart(ctx, r.Config.ResourceFS, r.getChartPath(rev, revisionTagsChartName), values, rev.Spec.Namespace, getReleaseName(tag, revisionTagsChartName), &ownerReference) if err != nil { return fmt.Errorf("failed to install/update Helm chart %q: %w", revisionTagsChartName, err) } if tag.Name == v1.DefaultRevision { - _, err := r.ChartManager.UpgradeOrInstallChart(ctx, r.getChartDir(rev, constants.BaseChartName), + _, err := r.ChartManager.UpgradeOrInstallChart(ctx, r.Config.ResourceFS, r.getChartPath(rev, constants.BaseChartName), values, r.Config.OperatorNamespace, getReleaseName(tag, constants.BaseChartName), &ownerReference) if err != nil { return fmt.Errorf("failed to install/update Helm chart %q: %w", constants.BaseChartName, err) @@ -217,8 +217,8 @@ func getReleaseName(tag *v1.IstioRevisionTag, chartName string) string { return fmt.Sprintf("%s-%s", tag.Name, chartName) } -func (r *Reconciler) getChartDir(tag *v1.IstioRevision, chartName string) string { - return path.Join(r.Config.ResourceDirectory, tag.Spec.Version, "charts", chartName) +func (r *Reconciler) getChartPath(rev *v1.IstioRevision, chartName string) string { + return path.Join(rev.Spec.Version, "charts", chartName) } func (r *Reconciler) uninstallHelmCharts(ctx context.Context, tag *v1.IstioRevisionTag) error { diff --git a/controllers/istiorevisiontag/istiorevisiontag_controller_test.go b/controllers/istiorevisiontag/istiorevisiontag_controller_test.go index 90c288901..88026c713 100644 --- a/controllers/istiorevisiontag/istiorevisiontag_controller_test.go +++ b/controllers/istiorevisiontag/istiorevisiontag_controller_test.go @@ -17,6 +17,7 @@ package istiorevisiontag import ( "context" "fmt" + "os" "strings" "testing" @@ -277,7 +278,7 @@ func TestDetermineInUseCondition(t *testing.T) { func newReconcilerTestConfig(t *testing.T) config.ReconcilerConfig { return config.ReconcilerConfig{ - ResourceDirectory: t.TempDir(), + ResourceFS: os.DirFS(t.TempDir()), Platform: config.PlatformKubernetes, DefaultProfile: "", MaxConcurrentReconciles: 1, diff --git a/controllers/webhook/webhook_controller_test.go b/controllers/webhook/webhook_controller_test.go index 966a1033a..206f250e5 100644 --- a/controllers/webhook/webhook_controller_test.go +++ b/controllers/webhook/webhook_controller_test.go @@ -29,6 +29,7 @@ import ( "net" "net/http" "net/http/httptest" + "os" "testing" "time" @@ -615,7 +616,7 @@ func generateSelfSignedCert(dnsNames ...string) (certPEM []byte, keyPEM []byte, func newReconcilerTestConfig(t *testing.T) config.ReconcilerConfig { return config.ReconcilerConfig{ - ResourceDirectory: t.TempDir(), + ResourceFS: os.DirFS(t.TempDir()), Platform: config.PlatformKubernetes, DefaultProfile: "", MaxConcurrentReconciles: 1, diff --git a/controllers/ztunnel/ztunnel_controller.go b/controllers/ztunnel/ztunnel_controller.go index 284ad4b07..710802982 100644 --- a/controllers/ztunnel/ztunnel_controller.go +++ b/controllers/ztunnel/ztunnel_controller.go @@ -152,7 +152,7 @@ func (r *Reconciler) installHelmChart(ctx context.Context, ztunnel *v1.ZTunnel) // apply userValues on top of defaultValues from profiles mergedHelmValues, err := istiovalues.ApplyProfilesAndPlatform( - r.Config.ResourceDirectory, version, r.Config.Platform, r.Config.DefaultProfile, defaultProfile, helm.FromValues(userValues)) + r.Config.ResourceFS, version, r.Config.Platform, r.Config.DefaultProfile, defaultProfile, helm.FromValues(userValues)) if err != nil { return fmt.Errorf("failed to apply profile: %w", err) } @@ -166,15 +166,16 @@ func (r *Reconciler) installHelmChart(ctx context.Context, ztunnel *v1.ZTunnel) return fmt.Errorf("failed to apply user overrides: %w", err) } - _, err = r.ChartManager.UpgradeOrInstallChart(ctx, r.getChartDir(version), finalHelmValues, ztunnel.Spec.Namespace, ztunnelChart, &ownerReference) + _, err = r.ChartManager.UpgradeOrInstallChart( + ctx, r.Config.ResourceFS, r.getChartPath(version), finalHelmValues, ztunnel.Spec.Namespace, ztunnelChart, &ownerReference) if err != nil { return fmt.Errorf("failed to install/update Helm chart %q: %w", ztunnelChart, err) } return nil } -func (r *Reconciler) getChartDir(version string) string { - return path.Join(r.Config.ResourceDirectory, version, "charts", ztunnelChart) +func (r *Reconciler) getChartPath(version string) string { + return path.Join(version, "charts", ztunnelChart) } func applyImageDigests(version string, values *v1.ZTunnelValues, config config.OperatorConfig) *v1.ZTunnelValues { diff --git a/controllers/ztunnel/ztunnel_controller_test.go b/controllers/ztunnel/ztunnel_controller_test.go index 8a519e05a..df879ac68 100644 --- a/controllers/ztunnel/ztunnel_controller_test.go +++ b/controllers/ztunnel/ztunnel_controller_test.go @@ -17,6 +17,7 @@ package ztunnel import ( "context" "fmt" + "os" "testing" "time" @@ -581,8 +582,8 @@ func normalize(condition v1.ZTunnelCondition) v1.ZTunnelCondition { func newReconcilerTestConfig(t *testing.T) config.ReconcilerConfig { return config.ReconcilerConfig{ - ResourceDirectory: t.TempDir(), - Platform: config.PlatformKubernetes, - DefaultProfile: "", + ResourceFS: os.DirFS(t.TempDir()), + Platform: config.PlatformKubernetes, + DefaultProfile: "", } } diff --git a/pkg/config/config.go b/pkg/config/config.go index 64bbe85d4..9c402b63c 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -15,6 +15,7 @@ package config import ( + "io/fs" "strings" "github.com/magiconair/properties" @@ -34,7 +35,7 @@ type IstioImageConfig struct { } type ReconcilerConfig struct { - ResourceDirectory string + ResourceFS fs.FS Platform Platform DefaultProfile string OperatorNamespace string diff --git a/pkg/helm/chartmanager.go b/pkg/helm/chartmanager.go index caf05d44a..703e310db 100644 --- a/pkg/helm/chartmanager.go +++ b/pkg/helm/chartmanager.go @@ -18,9 +18,10 @@ import ( "context" "errors" "fmt" + "io/fs" "helm.sh/helm/v3/pkg/action" - chartLoader "helm.sh/helm/v3/pkg/chart/loader" + "helm.sh/helm/v3/pkg/chart" "helm.sh/helm/v3/pkg/release" "helm.sh/helm/v3/pkg/storage/driver" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -60,19 +61,28 @@ func (h *ChartManager) newActionConfig(ctx context.Context, namespace string) (* return actionConfig, err } -// UpgradeOrInstallChart upgrades a chart in cluster or installs it new if it does not already exist +// UpgradeOrInstallChart upgrades a chart in cluster or installs it new if it does not already exist. +// It loads the chart from an fs.FS (e.g., embed.FS or os.DirFS). func (h *ChartManager) UpgradeOrInstallChart( - ctx context.Context, chartDir string, values Values, + ctx context.Context, resourceFS fs.FS, chartPath string, values Values, namespace, releaseName string, ownerReference *metav1.OwnerReference, ) (*release.Release, error) { - log := logf.FromContext(ctx) - - cfg, err := h.newActionConfig(ctx, namespace) + loadedChart, err := LoadChart(resourceFS, chartPath) if err != nil { - return nil, err + return nil, fmt.Errorf("failed to load chart from fs: %w", err) } - chart, err := chartLoader.Load(chartDir) + return h.upgradeOrInstallChart(ctx, loadedChart, values, namespace, releaseName, ownerReference) +} + +// upgradeOrInstallChart is the internal implementation that works with an already-loaded chart +func (h *ChartManager) upgradeOrInstallChart( + ctx context.Context, chart *chart.Chart, values Values, + namespace, releaseName string, ownerReference *metav1.OwnerReference, +) (*release.Release, error) { + log := logf.FromContext(ctx) + + cfg, err := h.newActionConfig(ctx, namespace) if err != nil { return nil, err } diff --git a/pkg/helm/chartmanager_test.go b/pkg/helm/chartmanager_test.go index 7db37d180..e93dbd2cf 100644 --- a/pkg/helm/chartmanager_test.go +++ b/pkg/helm/chartmanager_test.go @@ -17,7 +17,6 @@ package helm import ( "context" "os" - "path/filepath" "testing" "github.com/istio-ecosystem/sail-operator/pkg/test" @@ -36,8 +35,9 @@ import ( var ctx = context.TODO() var ( - relName = "my-release" - chartDir = filepath.Join("testdata", "chart") + relName = "my-release" + chartFS = os.DirFS("testdata") + chartPath = "chart" owner = metav1.OwnerReference{ APIVersion: "v1", @@ -59,50 +59,50 @@ var ( { name: "release exists", setup: func(g *WithT, cl client.Client, helm *ChartManager, ns string) { - install(g, helm, chartDir, ns, relName, owner) + install(g, helm, ns, relName, owner) }, }, { name: "release in failed state with previous revision", setup: func(g *WithT, cl client.Client, helm *ChartManager, ns string) { - install(g, helm, chartDir, ns, relName, owner) - upgrade(g, helm, chartDir, ns, relName, owner) + install(g, helm, ns, relName, owner) + upgrade(g, helm, ns, relName, owner) setReleaseStatus(g, helm, ns, relName, release.StatusFailed) }, }, { name: "release in failed state with no previous revision", setup: func(g *WithT, cl client.Client, helm *ChartManager, ns string) { - install(g, helm, chartDir, ns, relName, owner) + install(g, helm, ns, relName, owner) setReleaseStatus(g, helm, ns, relName, release.StatusFailed) }, }, { name: "release in pending-install state", setup: func(g *WithT, cl client.Client, helm *ChartManager, ns string) { - install(g, helm, chartDir, ns, relName, owner) + install(g, helm, ns, relName, owner) setReleaseStatus(g, helm, ns, relName, release.StatusPendingInstall) }, }, { name: "release in pending-upgrade state", setup: func(g *WithT, cl client.Client, helm *ChartManager, ns string) { - install(g, helm, chartDir, ns, relName, owner) - upgrade(g, helm, chartDir, ns, relName, owner) + install(g, helm, ns, relName, owner) + upgrade(g, helm, ns, relName, owner) setReleaseStatus(g, helm, ns, relName, release.StatusPendingUpgrade) }, }, { name: "release in uninstalling state", setup: func(g *WithT, cl client.Client, helm *ChartManager, ns string) { - install(g, helm, chartDir, ns, relName, owner) + install(g, helm, ns, relName, owner) setReleaseStatus(g, helm, ns, relName, release.StatusUninstalling) }, }, { name: "release in uninstalled state", setup: func(g *WithT, cl client.Client, helm *ChartManager, ns string) { - install(g, helm, chartDir, ns, relName, owner) + install(g, helm, ns, relName, owner) setReleaseStatus(g, helm, ns, relName, release.StatusUninstalled) }, wantErrOnInstall: true, @@ -111,7 +111,7 @@ var ( { name: "release in unknown state", setup: func(g *WithT, cl client.Client, helm *ChartManager, ns string) { - install(g, helm, chartDir, ns, relName, owner) + install(g, helm, ns, relName, owner) setReleaseStatus(g, helm, ns, relName, release.StatusUnknown) }, wantErrOnInstall: true, @@ -119,7 +119,7 @@ var ( { name: "release in superseded state", setup: func(g *WithT, cl client.Client, helm *ChartManager, ns string) { - install(g, helm, chartDir, ns, relName, owner) + install(g, helm, ns, relName, owner) setReleaseStatus(g, helm, ns, relName, release.StatusSuperseded) }, wantErrOnInstall: true, @@ -127,7 +127,7 @@ var ( { name: "release in pending-rollback state", setup: func(g *WithT, cl client.Client, helm *ChartManager, ns string) { - install(g, helm, chartDir, ns, relName, owner) + install(g, helm, ns, relName, owner) setReleaseStatus(g, helm, ns, relName, release.StatusPendingRollback) }, }, @@ -149,7 +149,7 @@ func TestUpgradeOrInstallChart(t *testing.T) { tc.setup(g, cl, helm, ns) } - rel, err := helm.UpgradeOrInstallChart(ctx, chartDir, Values{"value": "my-value"}, ns, relName, &owner) + rel, err := helm.UpgradeOrInstallChart(ctx, chartFS, chartPath, Values{"value": "my-value"}, ns, relName, &owner) if tc.wantErrOnInstall { g.Expect(err).To(HaveOccurred()) @@ -205,16 +205,16 @@ func createNamespace(cl client.Client, ns string) error { }) } -func install(g *WithT, helm *ChartManager, chartDir string, ns string, relName string, owner metav1.OwnerReference) { - upgradeOrInstall(g, helm, chartDir, ns, relName, owner) +func install(g *WithT, helm *ChartManager, ns string, relName string, owner metav1.OwnerReference) { + upgradeOrInstall(g, helm, ns, relName, owner) } -func upgrade(g *WithT, helm *ChartManager, chartDir string, ns string, relName string, owner metav1.OwnerReference) { - upgradeOrInstall(g, helm, chartDir, ns, relName, owner) +func upgrade(g *WithT, helm *ChartManager, ns string, relName string, owner metav1.OwnerReference) { + upgradeOrInstall(g, helm, ns, relName, owner) } -func upgradeOrInstall(g *WithT, helm *ChartManager, chartDir string, ns string, relName string, owner metav1.OwnerReference) { - _, err := helm.UpgradeOrInstallChart(ctx, chartDir, Values{"value": "other-value"}, ns, relName, &owner) +func upgradeOrInstall(g *WithT, helm *ChartManager, ns string, relName string, owner metav1.OwnerReference) { + _, err := helm.UpgradeOrInstallChart(ctx, chartFS, chartPath, Values{"value": "other-value"}, ns, relName, &owner) g.Expect(err).ToNot(HaveOccurred()) } diff --git a/pkg/helm/fsloader.go b/pkg/helm/fsloader.go new file mode 100644 index 000000000..af95c94bb --- /dev/null +++ b/pkg/helm/fsloader.go @@ -0,0 +1,74 @@ +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package helm + +import ( + "fmt" + "io/fs" + "strings" + + "helm.sh/helm/v3/pkg/chart" + chartLoader "helm.sh/helm/v3/pkg/chart/loader" +) + +// LoadChart loads a Helm chart from an fs.FS at the specified path. +// This allows loading charts from embed.FS, os.DirFS, or any other fs.FS implementation. +// +// The chartPath should be the path to the chart directory within the filesystem, +// e.g., "v1.28.2/charts/istiod". +func LoadChart(resourceFS fs.FS, chartPath string) (*chart.Chart, error) { + var files []*chartLoader.BufferedFile + + err := fs.WalkDir(resourceFS, chartPath, func(path string, d fs.DirEntry, err error) error { + if err != nil { + return err + } + + // Skip directories + if d.IsDir() { + return nil + } + + data, err := fs.ReadFile(resourceFS, path) + if err != nil { + return fmt.Errorf("failed to read file %s: %w", path, err) + } + + // Make path relative to chart root + // e.g., "v1.28.2/charts/istiod/Chart.yaml" -> "Chart.yaml" + relPath := strings.TrimPrefix(path, chartPath) + relPath = strings.TrimPrefix(relPath, "/") + + files = append(files, &chartLoader.BufferedFile{ + Name: relPath, + Data: data, + }) + return nil + }) + if err != nil { + return nil, fmt.Errorf("failed to walk chart directory %s: %w", chartPath, err) + } + + if len(files) == 0 { + return nil, fmt.Errorf("no files found in chart directory %s", chartPath) + } + + loadedChart, err := chartLoader.LoadFiles(files) + if err != nil { + return nil, fmt.Errorf("failed to load chart from files: %w", err) + } + + return loadedChart, nil +} diff --git a/pkg/helm/fsloader_test.go b/pkg/helm/fsloader_test.go new file mode 100644 index 000000000..35d55785e --- /dev/null +++ b/pkg/helm/fsloader_test.go @@ -0,0 +1,83 @@ +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package helm + +import ( + "os" + "testing" + "testing/fstest" +) + +func TestLoadChart(t *testing.T) { + testFS := os.DirFS("testdata") + + t.Run("loads chart successfully", func(t *testing.T) { + chart, err := LoadChart(testFS, "chart") + if err != nil { + t.Fatalf("expected no error, got: %v", err) + } + if chart == nil { + t.Fatal("expected chart to be non-nil") + } + if chart.Name() != "test-chart" { + t.Errorf("expected chart name 'test-chart', got: %s", chart.Name()) + } + if chart.Metadata.Version != "0.1.0" { + t.Errorf("expected chart version '0.1.0', got: %s", chart.Metadata.Version) + } + }) + + t.Run("returns error for non-existent path", func(t *testing.T) { + _, err := LoadChart(testFS, "nonexistent") + if err == nil { + t.Fatal("expected error for non-existent path") + } + }) + + t.Run("returns error for empty directory", func(t *testing.T) { + emptyFS := fstest.MapFS{ + "empty/.gitkeep": &fstest.MapFile{}, // directory marker, but we skip it + } + // Create a truly empty directory by having only a subdirectory + emptyDirFS := fstest.MapFS{ + "emptydir/subdir/.gitkeep": &fstest.MapFile{}, + } + _, err := LoadChart(emptyDirFS, "emptydir/subdir") + if err == nil { + t.Fatal("expected error for empty directory") + } + _ = emptyFS // silence unused variable + }) + + t.Run("loads chart from nested path", func(t *testing.T) { + // Create a mock filesystem with nested chart structure + nestedFS := fstest.MapFS{ + "v1.28.0/charts/istiod/Chart.yaml": &fstest.MapFile{ + Data: []byte("apiVersion: v2\nname: istiod\nversion: 1.28.0\n"), + }, + "v1.28.0/charts/istiod/values.yaml": &fstest.MapFile{ + Data: []byte("# default values\n"), + }, + } + + chart, err := LoadChart(nestedFS, "v1.28.0/charts/istiod") + if err != nil { + t.Fatalf("expected no error, got: %v", err) + } + if chart.Name() != "istiod" { + t.Errorf("expected chart name 'istiod', got: %s", chart.Name()) + } + }) +} diff --git a/pkg/istiovalues/profiles.go b/pkg/istiovalues/profiles.go index dc8a9d647..92dc11481 100644 --- a/pkg/istiovalues/profiles.go +++ b/pkg/istiovalues/profiles.go @@ -16,7 +16,7 @@ package istiovalues import ( "fmt" - "os" + "io/fs" "path" "github.com/istio-ecosystem/sail-operator/pkg/config" @@ -28,11 +28,14 @@ import ( "istio.io/istio/pkg/util/sets" ) +// ApplyProfilesAndPlatform loads profiles from an fs.FS and applies them with platform settings. +// Works with embed.FS, os.DirFS, or any other fs.FS implementation. func ApplyProfilesAndPlatform( - resourceDir string, version string, platform config.Platform, defaultProfile, userProfile string, userValues helm.Values, + resourceFS fs.FS, version string, platform config.Platform, defaultProfile, userProfile string, userValues helm.Values, ) (helm.Values, error) { profile := resolve(defaultProfile, userProfile) - defaultValues, err := getValuesFromProfiles(path.Join(resourceDir, version, "profiles"), profile) + profilesPath := path.Join(version, "profiles") + defaultValues, err := getValuesFromProfiles(resourceFS, profilesPath, profile) if err != nil { return nil, fmt.Errorf("failed to get values from profile %q: %w", profile, err) } @@ -63,7 +66,7 @@ func resolve(defaultProfile, userProfile string) []string { } } -func getValuesFromProfiles(profilesDir string, profiles []string) (helm.Values, error) { +func getValuesFromProfiles(resourceFS fs.FS, profilesDir string, profiles []string) (helm.Values, error) { // start with an empty values map values := helm.Values{} @@ -84,7 +87,7 @@ func getValuesFromProfiles(profilesDir string, profiles []string) (helm.Values, return nil, reconciler.NewValidationError(fmt.Sprintf("invalid profile name %s", profile)) } - profileValues, err := getProfileValues(file) + profileValues, err := getProfileValues(resourceFS, file) if err != nil { return nil, err } @@ -94,16 +97,21 @@ func getValuesFromProfiles(profilesDir string, profiles []string) (helm.Values, return values, nil } -func getProfileValues(file string) (helm.Values, error) { - fileContents, err := os.ReadFile(file) +func getProfileValues(resourceFS fs.FS, file string) (helm.Values, error) { + fileContents, err := fs.ReadFile(resourceFS, file) if err != nil { return nil, fmt.Errorf("failed to read profile file %v: %w", file, err) } + return parseProfileYAML(fileContents, file) +} + +// parseProfileYAML parses the profile YAML content and extracts spec.values +func parseProfileYAML(fileContents []byte, filename string) (helm.Values, error) { var profile map[string]any - err = yaml.Unmarshal(fileContents, &profile) + err := yaml.Unmarshal(fileContents, &profile) if err != nil { - return nil, fmt.Errorf("failed to unmarshal profile YAML %s: %w", file, err) + return nil, fmt.Errorf("failed to unmarshal profile YAML %s: %w", filename, err) } val, found, err := unstructured.NestedFieldNoCopy(profile, "spec", "values") diff --git a/pkg/istiovalues/profiles_test.go b/pkg/istiovalues/profiles_test.go index 426c019ee..3f98273b3 100644 --- a/pkg/istiovalues/profiles_test.go +++ b/pkg/istiovalues/profiles_test.go @@ -105,7 +105,7 @@ spec: for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - actual, err := getValuesFromProfiles(profilesDir, tt.profiles) + actual, err := getValuesFromProfiles(os.DirFS(resourceDir), path.Join(version, "profiles"), tt.profiles) if (err != nil) != tt.expectErr { t.Errorf("applyProfile() error = %v, expectErr %v", err, tt.expectErr) } diff --git a/pkg/revision/dependency.go b/pkg/revision/dependency.go index d03b14b3f..554faeabc 100644 --- a/pkg/revision/dependency.go +++ b/pkg/revision/dependency.go @@ -15,18 +15,20 @@ package revision import ( + "io/fs" + v1 "github.com/istio-ecosystem/sail-operator/api/v1" "github.com/istio-ecosystem/sail-operator/pkg/config" ) -type computeValuesFunc func(*v1.Values, string, string, config.Platform, string, string, string, string) (*v1.Values, error) +type computeValuesFunc func(*v1.Values, string, string, config.Platform, string, string, fs.FS, string) (*v1.Values, error) var defaultComputeValues computeValuesFunc = ComputeValues // DependsOnIstioCNI returns true if CNI is enabled in the revision func DependsOnIstioCNI(rev *v1.IstioRevision, cfg config.ReconcilerConfig) bool { values, err := defaultComputeValues(rev.Spec.Values, rev.Spec.Namespace, rev.Spec.Version, - cfg.Platform, cfg.DefaultProfile, "", cfg.ResourceDirectory, rev.Name) + cfg.Platform, cfg.DefaultProfile, "", cfg.ResourceFS, rev.Name) if err != nil || values == nil { return false } @@ -48,7 +50,7 @@ func DependsOnIstioCNI(rev *v1.IstioRevision, cfg config.ReconcilerConfig) bool // DependsOnZTunnel returns true if the revision is configured for ambient mode and requires ZTunnel func DependsOnZTunnel(rev *v1.IstioRevision, cfg config.ReconcilerConfig) bool { values, err := defaultComputeValues(rev.Spec.Values, rev.Spec.Namespace, rev.Spec.Version, - cfg.Platform, cfg.DefaultProfile, "", cfg.ResourceDirectory, rev.Name) + cfg.Platform, cfg.DefaultProfile, "", cfg.ResourceFS, rev.Name) if err != nil || values == nil { return false } diff --git a/pkg/revision/dependency_test.go b/pkg/revision/dependency_test.go index 5653cc91f..de31356fb 100644 --- a/pkg/revision/dependency_test.go +++ b/pkg/revision/dependency_test.go @@ -15,6 +15,7 @@ package revision import ( + "io/fs" "testing" v1 "github.com/istio-ecosystem/sail-operator/api/v1" @@ -26,7 +27,7 @@ import ( // mockComputeValues returns the input values without any computation // this simulates what ComputeValues would do but without requiring actual files -func mockComputeValues(values *v1.Values, _, _ string, platform config.Platform, defaultProfile, userProfile, _, _ string) (*v1.Values, error) { +func mockComputeValues(values *v1.Values, _, _ string, platform config.Platform, defaultProfile, userProfile string, _ fs.FS, _ string) (*v1.Values, error) { if values == nil { values = &v1.Values{} } diff --git a/pkg/revision/values.go b/pkg/revision/values.go index 759e84a59..805d13cee 100644 --- a/pkg/revision/values.go +++ b/pkg/revision/values.go @@ -16,6 +16,7 @@ package revision import ( "fmt" + "io/fs" v1 "github.com/istio-ecosystem/sail-operator/api/v1" "github.com/istio-ecosystem/sail-operator/pkg/config" @@ -28,9 +29,11 @@ import ( // - applies vendor-specific default values // - applies the user-provided values on top of the default values from the default and user-selected profiles // - applies overrides that are not configurable by the user +// +// The resourceFS parameter accepts any fs.FS implementation (embed.FS, os.DirFS, etc.). func ComputeValues( userValues *v1.Values, namespace string, version string, - platform config.Platform, defaultProfile, userProfile string, resourceDir string, + platform config.Platform, defaultProfile, userProfile string, resourceFS fs.FS, activeRevisionName string, ) (*v1.Values, error) { // apply image digests from configuration, if not already set by user @@ -43,7 +46,7 @@ func ComputeValues( } // apply userValues on top of defaultValues from profiles - mergedHelmValues, err := istiovalues.ApplyProfilesAndPlatform(resourceDir, version, platform, defaultProfile, userProfile, helm.FromValues(userValues)) + mergedHelmValues, err := istiovalues.ApplyProfilesAndPlatform(resourceFS, version, platform, defaultProfile, userProfile, helm.FromValues(userValues)) if err != nil { return nil, fmt.Errorf("failed to apply profile: %w", err) } diff --git a/pkg/revision/values_test.go b/pkg/revision/values_test.go index f55d2edf4..ec3cda777 100644 --- a/pkg/revision/values_test.go +++ b/pkg/revision/values_test.go @@ -68,7 +68,7 @@ spec: }, } - result, err := ComputeValues(values, namespace, version, config.PlatformOpenShift, "default", "my-profile", resourceDir, revisionName) + result, err := ComputeValues(values, namespace, version, config.PlatformOpenShift, "default", "my-profile", os.DirFS(resourceDir), revisionName) if err != nil { t.Errorf("Expected no error, but got an error: %v", err) } @@ -111,7 +111,7 @@ spec:`)), 0o644)) istiovalues.FipsEnabled = true values := &v1.Values{} result, err := ComputeValues(values, namespace, version, config.PlatformOpenShift, "default", "", - resourceDir, revisionName) + os.DirFS(resourceDir), revisionName) if err != nil { t.Errorf("Expected no error, but got an error: %v", err) } diff --git a/resources/resources.go b/resources/resources.go new file mode 100644 index 000000000..081c6ea65 --- /dev/null +++ b/resources/resources.go @@ -0,0 +1,69 @@ +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package resources provides embedded Istio Helm charts and profiles. +// +// This package embeds all version directories (v1.28.2, etc.) containing +// Helm charts and profiles. Importing this package will increase the binary +// size significantly (~10MB) as it includes all chart files. +// +// This package is intended for consumers who want to embed the charts +// directly in their binary. +// +// Usage: +// +// import "github.com/istio-ecosystem/sail-operator/resources" +// +// cfg := config.ReconcilerConfig{ +// ResourceFS: resources.FS, +// } +// +// The embedded paths are relative to this directory, e.g.: +// - v1.28.2/charts/istiod/Chart.yaml +// - v1.28.2/profiles/default.yaml +package resources + +import ( + "embed" + "io/fs" +) + +// FS contains the embedded resources directory with all Helm charts and profiles. +// Paths are relative to this directory (e.g., "v1.28.2/charts/istiod"). +// +//go:embed all:v* +var FS embed.FS + +// SubFS creates a sub-filesystem rooted at the specified directory. +// This is useful for stripping prefixes from embedded filesystems. +// +// Example: +// +// // If you have your own embed with a prefix: +// //go:embed my-resources +// var rawFS embed.FS +// fs := resources.SubFS(rawFS, "my-resources") +func SubFS(fsys fs.FS, dir string) (fs.FS, error) { + return fs.Sub(fsys, dir) +} + +// MustSubFS is like SubFS but panics on error. +// Use this when the directory is known to exist. +func MustSubFS(fsys fs.FS, dir string) fs.FS { + sub, err := fs.Sub(fsys, dir) + if err != nil { + panic("failed to create sub-filesystem for " + dir + ": " + err.Error()) + } + return sub +} diff --git a/tests/integration/api/suite_test.go b/tests/integration/api/suite_test.go index 560cef425..248758cde 100644 --- a/tests/integration/api/suite_test.go +++ b/tests/integration/api/suite_test.go @@ -18,6 +18,7 @@ package integration import ( "context" + "os" "path" "testing" @@ -86,7 +87,7 @@ var _ = BeforeSuite(func() { Expect(k8sClient.Create(context.TODO(), operatorNs)).To(Succeed()) cfg := config.ReconcilerConfig{ - ResourceDirectory: path.Join(project.RootDir, "resources"), + ResourceFS: os.DirFS(path.Join(project.RootDir, "resources")), Platform: config.PlatformKubernetes, DefaultProfile: "", OperatorNamespace: operatorNs.Name, From 1382585149146bae20d95f45368316990e295249 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Wed, 4 Feb 2026 00:40:45 -0500 Subject: [PATCH 25/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1565) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/values_types.gen.go | 1 - api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 5 ++-- bundle/manifests/sailoperator.io_istios.yaml | 5 ++-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 5 ++-- chart/crds/sailoperator.io_istios.yaml | 5 ++-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 12 ++++---- go.mod | 6 ++-- go.sum | 12 ++++---- pkg/istioversion/versions.yaml | 18 ++++++------ ...fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag | 1 + resources/v1.30-alpha.15986c2f/commit | 1 + ...fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag | 1 + ...fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag | 1 + ...2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag | 1 - ...2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag | 1 - resources/v1.30-alpha.a6c6f0b2/commit | 1 - ...2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag | 1 - ...2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag | 1 - ...2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag | 1 - 222 files changed, 99 insertions(+), 104 deletions(-) create mode 100644 resources/v1.30-alpha.15986c2f/base-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/README.md (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.15986c2f/cni-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag create mode 100644 resources/v1.30-alpha.15986c2f/commit create mode 100644 resources/v1.30-alpha.15986c2f/gateway-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag create mode 100644 resources/v1.30-alpha.15986c2f/istiod-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.a6c6f0b2 => v1.30-alpha.15986c2f}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.15986c2f/ztunnel-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag delete mode 100644 resources/v1.30-alpha.a6c6f0b2/base-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag delete mode 100644 resources/v1.30-alpha.a6c6f0b2/cni-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag delete mode 100644 resources/v1.30-alpha.a6c6f0b2/commit delete mode 100644 resources/v1.30-alpha.a6c6f0b2/gateway-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag delete mode 100644 resources/v1.30-alpha.a6c6f0b2/istiod-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag delete mode 100644 resources/v1.30-alpha.a6c6f0b2/ztunnel-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 567a6b248..68c5bb3e2 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.a6c6f0b2 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.15986c2f // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 3e33e87c9..17ae45694 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.a6c6f0b2 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.15986c2f // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 4223cfcb2..b91f0331d 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a6c6f0b2. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.a6c6f0b2 + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.15986c2f. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.15986c2f Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/values_types.gen.go b/api/v1/values_types.gen.go index 020e1c120..f1edb4744 100644 --- a/api/v1/values_types.gen.go +++ b/api/v1/values_types.gen.go @@ -2077,7 +2077,6 @@ type MeshConfig struct { // Note: Mesh mTLS does not respect ECDH curves. MeshMTLS *MeshConfigTLSConfig `json:"meshMTLS,omitempty"` // Configuration of TLS for all traffic except for ISTIO_MUTUAL mode. - // Currently, this supports configuration of ecdhCurves and cipherSuites only. // For ISTIO_MUTUAL TLS settings, use meshMTLS configuration. TlsDefaults *MeshConfigTLSConfig `json:"tlsDefaults,omitempty"` } diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 4f7ae3699..fa1ca5950 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.a6c6f0b2 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.15986c2f // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index c6efd1e58..6d45d1231 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.a6c6f0b2 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.15986c2f // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 535070080..c13f550e8 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-03T05:25:31Z" + createdAt: "2026-02-04T05:21:42Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a6c6f0b2. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.15986c2f. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a6c6f0b2 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.a6c6f0b2 + - v1.30-alpha.15986c2f [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_a6c6f0b2.cni: gcr.io/istio-testing/install-cni:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f - images.v1_30-alpha_a6c6f0b2.istiod: gcr.io/istio-testing/pilot:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f - images.v1_30-alpha_a6c6f0b2.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f - images.v1_30-alpha_a6c6f0b2.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f + images.v1_30-alpha_15986c2f.cni: gcr.io/istio-testing/install-cni:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f + images.v1_30-alpha_15986c2f.istiod: gcr.io/istio-testing/pilot:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f + images.v1_30-alpha_15986c2f.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f + images.v1_30-alpha_15986c2f.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 5a689f111..a1d78674e 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.a6c6f0b2 + - v1.30-alpha.15986c2f type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index afd6aead6..f173e3c53 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -6049,7 +6049,6 @@ spec: tlsDefaults: description: |- Configuration of TLS for all traffic except for ISTIO_MUTUAL mode. - Currently, this supports configuration of ecdhCurves and cipherSuites only. For ISTIO_MUTUAL TLS settings, use meshMTLS configuration. properties: cipherSuites: @@ -10122,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a6c6f0b2. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.15986c2f. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10164,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.a6c6f0b2 + - v1.30-alpha.15986c2f type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 389750081..6ce2494cc 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -6122,7 +6122,6 @@ spec: tlsDefaults: description: |- Configuration of TLS for all traffic except for ISTIO_MUTUAL mode. - Currently, this supports configuration of ecdhCurves and cipherSuites only. For ISTIO_MUTUAL TLS settings, use meshMTLS configuration. properties: cipherSuites: @@ -10196,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10246,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.a6c6f0b2 + - v1.30-alpha.15986c2f type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 62ed096cd..2c13d6500 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.a6c6f0b2 + - v1.30-alpha.15986c2f type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.a6c6f0b2 + - v1.30-alpha.15986c2f type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index e6d0a9338..d46069967 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.a6c6f0b2 + - v1.30-alpha.15986c2f type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index 140034b91..794ed32e7 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -6049,7 +6049,6 @@ spec: tlsDefaults: description: |- Configuration of TLS for all traffic except for ISTIO_MUTUAL mode. - Currently, this supports configuration of ecdhCurves and cipherSuites only. For ISTIO_MUTUAL TLS settings, use meshMTLS configuration. properties: cipherSuites: @@ -10122,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a6c6f0b2. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.15986c2f. enum: - v1.28.3 - v1.28.2 @@ -10165,7 +10164,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.a6c6f0b2 + - v1.30-alpha.15986c2f type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index de6250307..5864ebf41 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -6122,7 +6122,6 @@ spec: tlsDefaults: description: |- Configuration of TLS for all traffic except for ISTIO_MUTUAL mode. - Currently, this supports configuration of ecdhCurves and cipherSuites only. For ISTIO_MUTUAL TLS settings, use meshMTLS configuration. properties: cipherSuites: @@ -10196,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. enum: - v1.28-latest - v1.28.3 @@ -10247,7 +10246,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.a6c6f0b2 + - v1.30-alpha.15986c2f type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 91e321574..c33c08dd2 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.a6c6f0b2 + - v1.30-alpha.15986c2f type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.a6c6f0b2 + - v1.30-alpha.15986c2f type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index 4840659a7..442191356 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_a6c6f0b2.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f - images.v1_30-alpha_a6c6f0b2.istiod: gcr.io/istio-testing/pilot:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f - images.v1_30-alpha_a6c6f0b2.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f - images.v1_30-alpha_a6c6f0b2.cni: gcr.io/istio-testing/install-cni:1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f + images.v1_30-alpha_15986c2f.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f + images.v1_30-alpha_15986c2f.istiod: gcr.io/istio-testing/pilot:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f + images.v1_30-alpha_15986c2f.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f + images.v1_30-alpha_15986c2f.cni: gcr.io/istio-testing/install-cni:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.a6c6f0b2 + - v1.30-alpha.15986c2f [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 9a9dc2680..111944830 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.a6c6f0b2] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.15986c2f] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a6c6f0b2. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.a6c6f0b2] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.15986c2f. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.15986c2f] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.a6c6f0b2] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.15986c2f] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -1368,7 +1368,7 @@ _Appears in:_ | `pathNormalization` _[MeshConfigProxyPathNormalization](#meshconfigproxypathnormalization)_ | ProxyPathNormalization configures how URL paths in incoming and outgoing HTTP requests are normalized by the sidecars and gateways. The normalized paths will be used in all aspects through the requests' lifetime on the sidecars and gateways, which includes routing decisions in outbound direction (client proxy), authorization policy match and enforcement in inbound direction (server proxy), and the URL path proxied to the upstream service. If not set, the NormalizationType.DEFAULT configuration will be used. | | | | `defaultHttpRetryPolicy` _[HTTPRetry](#httpretry)_ | Configure the default HTTP retry policy. The default number of retry attempts is set at 2 for these errors: "connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes". Setting the number of attempts to 0 disables retry policy globally. This setting can be overridden on a per-host basis using the Virtual Service API. All settings in the retry policy except `perTryTimeout` can currently be configured globally via this field. | | | | `meshMTLS` _[MeshConfigTLSConfig](#meshconfigtlsconfig)_ | The below configuration parameters can be used to specify TLSConfig for mesh traffic. For example, a user could enable min TLS version for ISTIO_MUTUAL traffic and specify a curve for non ISTIO_MUTUAL traffic like below: ```yaml meshConfig: meshMTLS: minProtocolVersion: TLSV1_3 tlsDefaults: Note: applicable only for non ISTIO_MUTUAL scenarios ecdhCurves: - P-256 - P-512 ``` Configuration of mTLS for traffic between workloads with ISTIO_MUTUAL TLS traffic. Note: Mesh mTLS does not respect ECDH curves. | | | -| `tlsDefaults` _[MeshConfigTLSConfig](#meshconfigtlsconfig)_ | Configuration of TLS for all traffic except for ISTIO_MUTUAL mode. Currently, this supports configuration of ecdhCurves and cipherSuites only. For ISTIO_MUTUAL TLS settings, use meshMTLS configuration. | | | +| `tlsDefaults` _[MeshConfigTLSConfig](#meshconfigtlsconfig)_ | Configuration of TLS for all traffic except for ISTIO_MUTUAL mode. For ISTIO_MUTUAL TLS settings, use meshMTLS configuration. | | | #### MeshConfigAccessLogEncoding @@ -3524,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.a6c6f0b2] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.15986c2f] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3690,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a6c6f0b2. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.a6c6f0b2] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.15986c2f] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index d43e2f84e..2f7d7034e 100644 --- a/go.mod +++ b/go.mod @@ -24,8 +24,8 @@ require ( gomodules.xyz/jsonpatch/v2 v2.5.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 - istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6 - istio.io/istio v0.0.0-20260202143537-a6c6f0b2386a + istio.io/client-go v1.29.0-alpha.0.0.20260203144345-f7e8ad2c325c + istio.io/istio v0.0.0-20260203202247-15986c2fb5c9 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 @@ -169,7 +169,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098 // indirect + istio.io/api v1.29.0-alpha.0.0.20260203143348-180296127da8 // indirect k8s.io/apiserver v0.35.0 // indirect k8s.io/component-base v0.35.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect diff --git a/go.sum b/go.sum index 54b6d84c6..cba692832 100644 --- a/go.sum +++ b/go.sum @@ -470,12 +470,12 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= helm.sh/helm/v3 v3.18.6 h1:S/2CqcYnNfLckkHLI0VgQbxgcDaU3N4A/46E3n9wSNY= helm.sh/helm/v3 v3.18.6/go.mod h1:L/dXDR2r539oPlFP1PJqKAC1CUgqHJDLkxKpDGrWnyg= -istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098 h1:4CfBKcddlIEBA6rOMnIFzd+UN+7MaR3m/3/D/xajJw0= -istio.io/api v1.29.0-alpha.0.0.20260128053042-e5f1d7b7a098/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= -istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6 h1:FFx8zZzGLXiKSh+8fZ55DyZ9Dxrgm5yIZQC288zTXJI= -istio.io/client-go v1.29.0-alpha.0.0.20260128053542-37dc946224b6/go.mod h1:xyne+dIQweP+ILjaTFIOQ4Dz01X46xUbVgA0oYTAs5Y= -istio.io/istio v0.0.0-20260202143537-a6c6f0b2386a h1:TvPAtCaZVcITDBhORQOBc2BG2JyssKDIxadwPQV5c/E= -istio.io/istio v0.0.0-20260202143537-a6c6f0b2386a/go.mod h1:s7QytkVMNlO/Lc9cY3zZdhsJ5znUnGxj08IOZTgU0Vk= +istio.io/api v1.29.0-alpha.0.0.20260203143348-180296127da8 h1:Gf+fW40LwXDqOEGmN5xET6i7vtit0ytZAfrfZnSKaWE= +istio.io/api v1.29.0-alpha.0.0.20260203143348-180296127da8/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= +istio.io/client-go v1.29.0-alpha.0.0.20260203144345-f7e8ad2c325c h1:I27GQQfiAX02r5ucAHsxZYaO01eg6kbJ5+NoHT8LlG4= +istio.io/client-go v1.29.0-alpha.0.0.20260203144345-f7e8ad2c325c/go.mod h1:7OTHYXbM2ryELtJgZO0EQwj/Km5SLXXjw1rcUnyT2xo= +istio.io/istio v0.0.0-20260203202247-15986c2fb5c9 h1:kRePhZeAVPyye5+DzGIdzXr6hJFt1c4eEaH5S4VCGeU= +istio.io/istio v0.0.0-20260203202247-15986c2fb5c9/go.mod h1:lHThkl98hX1TGwzXS5deIIodQH+F4ope60WercPCL4w= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index a2d1874ed..865981e00 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.a6c6f0b2 - - name: v1.30-alpha.a6c6f0b2 - version: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f + ref: v1.30-alpha.15986c2f + - name: v1.30-alpha.15986c2f + version: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f repo: https://github.com/istio/istio branch: master - commit: a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f + commit: 15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f/helm/base-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f/helm/cni-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f/helm/gateway-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f/helm/istiod-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f/helm/ztunnel-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f/helm/base-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f/helm/cni-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f/helm/gateway-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f/helm/istiod-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f/helm/ztunnel-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz diff --git a/resources/v1.30-alpha.15986c2f/base-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag b/resources/v1.30-alpha.15986c2f/base-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag new file mode 100644 index 000000000..f544708f0 --- /dev/null +++ b/resources/v1.30-alpha.15986c2f/base-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag @@ -0,0 +1 @@ +c1f061b2a9017e59c57e9e9e5c0fb055 diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/Chart.yaml b/resources/v1.30-alpha.15986c2f/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/Chart.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/Chart.yaml index 91b03873d..17d80514b 100644 --- a/resources/v1.30-alpha.a6c6f0b2/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.15986c2f/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f +appVersion: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f +version: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/README.md b/resources/v1.30-alpha.15986c2f/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/README.md rename to resources/v1.30-alpha.15986c2f/charts/base/README.md diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.15986c2f/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.15986c2f/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.15986c2f/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.15986c2f/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.15986c2f/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.15986c2f/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.15986c2f/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.15986c2f/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.15986c2f/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.15986c2f/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.15986c2f/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/base/values.yaml b/resources/v1.30-alpha.15986c2f/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/base/values.yaml rename to resources/v1.30-alpha.15986c2f/charts/base/values.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/Chart.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/Chart.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/Chart.yaml index a993f92f5..33dab1059 100644 --- a/resources/v1.30-alpha.a6c6f0b2/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.15986c2f/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f +appVersion: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f +version: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/README.md b/resources/v1.30-alpha.15986c2f/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/README.md rename to resources/v1.30-alpha.15986c2f/charts/cni/README.md diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.15986c2f/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.15986c2f/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.15986c2f/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.15986c2f/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/cni/values.yaml b/resources/v1.30-alpha.15986c2f/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.a6c6f0b2/charts/cni/values.yaml rename to resources/v1.30-alpha.15986c2f/charts/cni/values.yaml index d62a8c84b..a22f30a2a 100644 --- a/resources/v1.30-alpha.a6c6f0b2/charts/cni/values.yaml +++ b/resources/v1.30-alpha.15986c2f/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f + tag: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/Chart.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/Chart.yaml index 816e51c55..d372c165f 100644 --- a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.15986c2f/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f +appVersion: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f +version: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/README.md b/resources/v1.30-alpha.15986c2f/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/README.md rename to resources/v1.30-alpha.15986c2f/charts/gateway/README.md diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.15986c2f/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.15986c2f/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.15986c2f/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.15986c2f/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/values.schema.json b/resources/v1.30-alpha.15986c2f/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/values.schema.json rename to resources/v1.30-alpha.15986c2f/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/gateway/values.yaml b/resources/v1.30-alpha.15986c2f/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/gateway/values.yaml rename to resources/v1.30-alpha.15986c2f/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/Chart.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/Chart.yaml index 61925696a..7a1a6bb8e 100644 --- a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.15986c2f/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f +appVersion: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f +version: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/README.md b/resources/v1.30-alpha.15986c2f/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/README.md rename to resources/v1.30-alpha.15986c2f/charts/istiod/README.md diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/values.yaml b/resources/v1.30-alpha.15986c2f/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.a6c6f0b2/charts/istiod/values.yaml rename to resources/v1.30-alpha.15986c2f/charts/istiod/values.yaml index 4e0a91817..9e9a05c71 100644 --- a/resources/v1.30-alpha.a6c6f0b2/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.15986c2f/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f + tag: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/Chart.yaml index b7d8e4f39..8e9f8aafc 100644 --- a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.15986c2f/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f +appVersion: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/values.yaml b/resources/v1.30-alpha.15986c2f/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.15986c2f/charts/revisiontags/values.yaml index 4e0a91817..9e9a05c71 100644 --- a/resources/v1.30-alpha.a6c6f0b2/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.15986c2f/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f + tag: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/Chart.yaml index 39ea01676..6897df559 100644 --- a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.15986c2f/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f +appVersion: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f +version: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/README.md b/resources/v1.30-alpha.15986c2f/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/README.md rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/values.yaml b/resources/v1.30-alpha.15986c2f/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.15986c2f/charts/ztunnel/values.yaml index fefb29eed..072075a31 100644 --- a/resources/v1.30-alpha.a6c6f0b2/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.15986c2f/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f + tag: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.15986c2f/cni-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag b/resources/v1.30-alpha.15986c2f/cni-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag new file mode 100644 index 000000000..58ba53559 --- /dev/null +++ b/resources/v1.30-alpha.15986c2f/cni-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag @@ -0,0 +1 @@ +d6a11f45280ff836fff2c3c3e6164883 diff --git a/resources/v1.30-alpha.15986c2f/commit b/resources/v1.30-alpha.15986c2f/commit new file mode 100644 index 000000000..730662d2c --- /dev/null +++ b/resources/v1.30-alpha.15986c2f/commit @@ -0,0 +1 @@ +15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f diff --git a/resources/v1.30-alpha.15986c2f/gateway-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag b/resources/v1.30-alpha.15986c2f/gateway-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag new file mode 100644 index 000000000..e33364001 --- /dev/null +++ b/resources/v1.30-alpha.15986c2f/gateway-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag @@ -0,0 +1 @@ +322dd48750828621e41e50e31e07e0ca diff --git a/resources/v1.30-alpha.15986c2f/istiod-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag b/resources/v1.30-alpha.15986c2f/istiod-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag new file mode 100644 index 000000000..ed27fe57f --- /dev/null +++ b/resources/v1.30-alpha.15986c2f/istiod-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag @@ -0,0 +1 @@ +e2d8b6970a76ab3c4e24c7c164401ed4 diff --git a/resources/v1.30-alpha.a6c6f0b2/profiles/ambient.yaml b/resources/v1.30-alpha.15986c2f/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/profiles/ambient.yaml rename to resources/v1.30-alpha.15986c2f/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/profiles/default.yaml b/resources/v1.30-alpha.15986c2f/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/profiles/default.yaml rename to resources/v1.30-alpha.15986c2f/profiles/default.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/profiles/demo.yaml b/resources/v1.30-alpha.15986c2f/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/profiles/demo.yaml rename to resources/v1.30-alpha.15986c2f/profiles/demo.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/profiles/empty.yaml b/resources/v1.30-alpha.15986c2f/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/profiles/empty.yaml rename to resources/v1.30-alpha.15986c2f/profiles/empty.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.15986c2f/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.15986c2f/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/profiles/openshift.yaml b/resources/v1.30-alpha.15986c2f/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/profiles/openshift.yaml rename to resources/v1.30-alpha.15986c2f/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/profiles/preview.yaml b/resources/v1.30-alpha.15986c2f/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/profiles/preview.yaml rename to resources/v1.30-alpha.15986c2f/profiles/preview.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/profiles/remote.yaml b/resources/v1.30-alpha.15986c2f/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/profiles/remote.yaml rename to resources/v1.30-alpha.15986c2f/profiles/remote.yaml diff --git a/resources/v1.30-alpha.a6c6f0b2/profiles/stable.yaml b/resources/v1.30-alpha.15986c2f/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.a6c6f0b2/profiles/stable.yaml rename to resources/v1.30-alpha.15986c2f/profiles/stable.yaml diff --git a/resources/v1.30-alpha.15986c2f/ztunnel-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag b/resources/v1.30-alpha.15986c2f/ztunnel-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag new file mode 100644 index 000000000..753977672 --- /dev/null +++ b/resources/v1.30-alpha.15986c2f/ztunnel-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag @@ -0,0 +1 @@ +1fdf43e4bc832708f19a86380970c831 diff --git a/resources/v1.30-alpha.a6c6f0b2/base-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag b/resources/v1.30-alpha.a6c6f0b2/base-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag deleted file mode 100644 index 925a64438..000000000 --- a/resources/v1.30-alpha.a6c6f0b2/base-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -4d86e506dbe10bd7652726c312e7d5c0 diff --git a/resources/v1.30-alpha.a6c6f0b2/cni-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag b/resources/v1.30-alpha.a6c6f0b2/cni-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag deleted file mode 100644 index 5e44e0816..000000000 --- a/resources/v1.30-alpha.a6c6f0b2/cni-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -871c63e6fc2ffbee329396b4750bf562 diff --git a/resources/v1.30-alpha.a6c6f0b2/commit b/resources/v1.30-alpha.a6c6f0b2/commit deleted file mode 100644 index b932e2604..000000000 --- a/resources/v1.30-alpha.a6c6f0b2/commit +++ /dev/null @@ -1 +0,0 @@ -a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f diff --git a/resources/v1.30-alpha.a6c6f0b2/gateway-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag b/resources/v1.30-alpha.a6c6f0b2/gateway-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag deleted file mode 100644 index 145c1ed5d..000000000 --- a/resources/v1.30-alpha.a6c6f0b2/gateway-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -339bbbc2e6fb7d7245a8ccb2990e1035 diff --git a/resources/v1.30-alpha.a6c6f0b2/istiod-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag b/resources/v1.30-alpha.a6c6f0b2/istiod-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag deleted file mode 100644 index 53b7e8de5..000000000 --- a/resources/v1.30-alpha.a6c6f0b2/istiod-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -d1ac716a9a42329a88dca5601564a04b diff --git a/resources/v1.30-alpha.a6c6f0b2/ztunnel-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag b/resources/v1.30-alpha.a6c6f0b2/ztunnel-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag deleted file mode 100644 index fbf9c850a..000000000 --- a/resources/v1.30-alpha.a6c6f0b2/ztunnel-1.30-alpha.a6c6f0b2386aebf9eb7000b9875fa104b1dc2c7f.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -324050adc72bb5cb55bb7df4a620c1d5 From 4116bf3a845d4e5fc17dd3c41ca241cf26ed5694 Mon Sep 17 00:00:00 2001 From: Francisco Herrera Date: Wed, 4 Feb 2026 07:52:46 +0100 Subject: [PATCH 26/40] Fix e2e midstream CI mode (#1564) * Adding some fix for midstream CI execution Signed-off-by: Francisco Herrera * Forcing avoid the use of external registry when CI mode is detected Adding a new variable to handle properly the case Signed-off-by: Francisco Herrera --------- Signed-off-by: Francisco Herrera --- tests/e2e/common-operator-integ-suite.sh | 22 +++++++++++++++++++++- tests/e2e/integ-suite-kind.sh | 4 ++-- tests/e2e/integ-suite-ocp.sh | 2 +- tests/e2e/setup/build-and-push-operator.sh | 3 +++ 4 files changed, 27 insertions(+), 4 deletions(-) diff --git a/tests/e2e/common-operator-integ-suite.sh b/tests/e2e/common-operator-integ-suite.sh index d717c6e76..f2fa8f649 100755 --- a/tests/e2e/common-operator-integ-suite.sh +++ b/tests/e2e/common-operator-integ-suite.sh @@ -125,6 +125,17 @@ initialize_variables() { IP_FAMILY=${IP_FAMILY:-ipv4} ISTIO_MANIFEST="chart/samples/istio-sample.yaml" CI=${CI:-"false"} + USE_INTERNAL_REGISTRY=${USE_INTERNAL_REGISTRY:-"false"} + + # Debug logging and fallback for GINKGO_FLAGS + echo "CI environment: ${CI}" + echo "GINKGO_FLAGS received: '${GINKGO_FLAGS:-}'" + + # Fallback: Generate GINKGO_FLAGS if empty and CI=true + if [ -z "${GINKGO_FLAGS:-}" ] && [ "${CI}" == "true" ]; then + GINKGO_FLAGS="--no-color" + echo "Generated GINKGO_FLAGS fallback: '${GINKGO_FLAGS}'" + fi # export to be sure that the variables are available in the subshell export IMAGE_BASE="${IMAGE_BASE:-sail-operator}" @@ -134,9 +145,13 @@ initialize_variables() { # Handle OCP registry scenarios # Note: Makefile.core.mk sets HUB=quay.io/sail-dev and TAG=1.29-latest by default if [ "${OCP}" == "true" ]; then + # Debug output for troubleshooting + echo "DEBUG: CI='${CI}', HUB='${HUB}'" + if [ "${CI}" == "true" ] && [ "${HUB}" == "quay.io/sail-dev" ]; then # Scenario 2: CI mode with default HUB -> use external registry with proper CI tag echo "CI mode detected for OCP, using external registry ${HUB}" + export USE_INTERNAL_REGISTRY="false" # Use PR_NUMBER if available, otherwise generate timestamp tag if [ -n "${PR_NUMBER:-}" ]; then @@ -147,9 +162,14 @@ initialize_variables() { export TAG echo "Using timestamp-based tag: ${TAG}" fi + elif [ "${CI}" == "true" ]; then + # Additional CI mode check - handle CI mode regardless of HUB value + echo "CI mode detected for OCP with custom HUB (${HUB}), using external registry" + export USE_INTERNAL_REGISTRY="false" elif [ "${HUB}" != "quay.io/sail-dev" ]; then # Scenario 3: Custom registry provided by user echo "Using custom registry: ${HUB}" + export USE_INTERNAL_REGISTRY="false" else # Scenario 1: Local development -> use internal OCP registry echo "Local development mode, will use OCP internal registry" @@ -304,7 +324,7 @@ if [ "${SKIP_BUILD}" == "false" ]; then fi fi -export SKIP_DEPLOY IP_FAMILY ISTIO_MANIFEST NAMESPACE CONTROL_PLANE_NS DEPLOYMENT_NAME MULTICLUSTER ARTIFACTS ISTIO_NAME COMMAND KUBECONFIG ISTIOCTL_PATH SKIP_CLEANUP +export SKIP_DEPLOY IP_FAMILY ISTIO_MANIFEST NAMESPACE CONTROL_PLANE_NS DEPLOYMENT_NAME MULTICLUSTER ARTIFACTS ISTIO_NAME COMMAND KUBECONFIG ISTIOCTL_PATH SKIP_CLEANUP GINKGO_FLAGS if [ "${OLM}" != "true" ] && [ "${SKIP_DEPLOY}" != "true" ]; then # shellcheck disable=SC2153 diff --git a/tests/e2e/integ-suite-kind.sh b/tests/e2e/integ-suite-kind.sh index f796ad3bd..29cd3427c 100755 --- a/tests/e2e/integ-suite-kind.sh +++ b/tests/e2e/integ-suite-kind.sh @@ -35,10 +35,10 @@ function check_prerequisites() { function run_integration_tests() { echo "Running integration tests" if [ "${MULTICLUSTER}" == "true" ]; then - ARTIFACTS="${ARTIFACTS}" ISTIOCTL="${ISTIOCTL}" "${ROOT}/tests/e2e/common-operator-integ-suite.sh" --kind --multicluster + ARTIFACTS="${ARTIFACTS}" ISTIOCTL="${ISTIOCTL}" GINKGO_FLAGS="${GINKGO_FLAGS}" "${ROOT}/tests/e2e/common-operator-integ-suite.sh" --kind --multicluster else KUBECONFIG="${ARTIFACTS}/config" - ARTIFACTS="${ARTIFACTS}" IP_FAMILY="${IP_FAMILY}" "${ROOT}/tests/e2e/common-operator-integ-suite.sh" --kind + ARTIFACTS="${ARTIFACTS}" IP_FAMILY="${IP_FAMILY}" GINKGO_FLAGS="${GINKGO_FLAGS}" "${ROOT}/tests/e2e/common-operator-integ-suite.sh" --kind fi } diff --git a/tests/e2e/integ-suite-ocp.sh b/tests/e2e/integ-suite-ocp.sh index 83566be1a..a075dd269 100755 --- a/tests/e2e/integ-suite-ocp.sh +++ b/tests/e2e/integ-suite-ocp.sh @@ -27,4 +27,4 @@ if [ -z "${KUBECONFIG}" ]; then exit 1 fi -KUBECONFIG="${KUBECONFIG}" ./tests/e2e/common-operator-integ-suite.sh --ocp \ No newline at end of file +KUBECONFIG="${KUBECONFIG}" GINKGO_FLAGS="${GINKGO_FLAGS}" ./tests/e2e/common-operator-integ-suite.sh --ocp \ No newline at end of file diff --git a/tests/e2e/setup/build-and-push-operator.sh b/tests/e2e/setup/build-and-push-operator.sh index fadc990c8..4be9123fa 100755 --- a/tests/e2e/setup/build-and-push-operator.sh +++ b/tests/e2e/setup/build-and-push-operator.sh @@ -86,9 +86,12 @@ build_and_push_operator_image() { # Main logic # Only use internal registry for OCP local development (when USE_INTERNAL_REGISTRY is set) +echo "DEBUG: OCP='${OCP}', USE_INTERNAL_REGISTRY='${USE_INTERNAL_REGISTRY:-false}'" if [ "${OCP}" == "true" ] && [ "${USE_INTERNAL_REGISTRY:-false}" == "true" ]; then echo "Setting up OCP internal registry for local development..." get_internal_registry +else + echo "Skipping internal registry setup - using external registry" fi echo "Registry: ${HUB}" From 007f79f109ee4763d601788206b4219505c4c7cd Mon Sep 17 00:00:00 2001 From: Filip Brychta Date: Wed, 4 Feb 2026 10:58:47 +0100 Subject: [PATCH 27/40] Add automation for updating EOL Istio versions (#1562) * Add automation for updating EOL Istio versions Introduces a nightly GitHub Actions workflow and script to automatically mark Istio versions as EOL based on upstream support status. The workflow uses the istio-ecosystem automator to create PRs when EOL flags need updating. Fixes: https://github.com/istio-ecosystem/sail-operator/issues/1531 Co-Authored-By: Claude Sonnet 4.5 Signed-off-by: Filip Brychta * Lint Signed-off-by: Filip Brychta * Adding status badge Signed-off-by: Filip Brychta --------- Signed-off-by: Filip Brychta Co-authored-by: Claude Sonnet 4.5 --- .github/workflows/update-eol-versions.yaml | 43 ++++++ README.md | 1 + tools/update_eol_versions.sh | 146 +++++++++++++++++++++ 3 files changed, 190 insertions(+) create mode 100644 .github/workflows/update-eol-versions.yaml create mode 100755 tools/update_eol_versions.sh diff --git a/.github/workflows/update-eol-versions.yaml b/.github/workflows/update-eol-versions.yaml new file mode 100644 index 000000000..e5da3d7b1 --- /dev/null +++ b/.github/workflows/update-eol-versions.yaml @@ -0,0 +1,43 @@ +name: Update EOL Versions + +on: + schedule: + - cron: "0 2 * * *" # Nightly + workflow_dispatch: # Allow manual trigger + +run-name: update-eol-versions + +env: + GIT_USER: ${{ secrets.GIT_USER }} + GH_TOKEN: ${{ secrets.GIT_TOKEN }} + AUTOMATOR_ORG: istio-ecosystem + AUTOMATOR_REPO: sail-operator + +jobs: + update-eol-versions: + runs-on: ubuntu-latest + container: + image: gcr.io/istio-testing/build-tools:master-eebcdda8856e2d4f528991d27d4808880cce4c52 + options: --entrypoint '' + + steps: + - uses: actions/checkout@v4 + with: + repository: istio/test-infra + ref: master + + # this is a workaround for a permissions issue when using the istio build container + - run: git config --system --add safe.directory /__w/sail-operator/sail-operator + + - name: Run Automator to update EOL versions + run: | + ./tools/automator/automator.sh \ + --org=$AUTOMATOR_ORG \ + --repo=sail-operator \ + --branch=main \ + '--title=Automator: Update EOL Istio versions in $AUTOMATOR_ORG/$AUTOMATOR_REPO@main' \ + --email=openshiftservicemeshbot@gmail.com \ + --modifier=update_eol_versions \ + --token-env \ + --cmd='BUILD_WITH_CONTAINER=0 ./tools/update_eol_versions.sh' \ + --signoff diff --git a/README.md b/README.md index 6266a52e4..c42dc3c54 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,7 @@ [![integration test badge](https://github.com/istio-ecosystem/sail-operator/actions/workflows/integration-tests.yaml/badge.svg)](https://github.com/istio-ecosystem/sail-operator/actions/workflows/integration-tests.yaml) [![update-deps badge](https://github.com/istio-ecosystem/sail-operator/actions/workflows/update-deps.yaml/badge.svg)](https://github.com/istio-ecosystem/sail-operator/actions/workflows/update-deps.yaml) [![nightly-images badge](https://github.com/istio-ecosystem/sail-operator/actions/workflows/nightly-images.yaml/badge.svg)](https://github.com/istio-ecosystem/sail-operator/actions/workflows/nightly-images.yaml) +[![update-eol-versions badge](https://github.com/istio-ecosystem/sail-operator/actions/workflows/update-eol-versions.yaml/badge.svg)](https://github.com/istio-ecosystem/sail-operator/actions/workflows/update-eol-versions.yaml) # Sail Operator diff --git a/tools/update_eol_versions.sh b/tools/update_eol_versions.sh new file mode 100755 index 000000000..6ef22356b --- /dev/null +++ b/tools/update_eol_versions.sh @@ -0,0 +1,146 @@ +#!/bin/bash + +# Copyright Istio Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################################ +# Script to update EOL flags in versions.yaml based on upstream Istio support +################################################################################ + +set -euo pipefail + +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +REPO_ROOT="${SCRIPT_DIR}/.." + +VERSIONS_FILE="${VERSIONS_YAML_FILE:-${REPO_ROOT}/pkg/istioversion/versions.yaml}" +TEMP_DIR=$(mktemp -d) +SUPPORTED_VERSIONS_FILE="${TEMP_DIR}/supported_versions.txt" +CHANGES_MADE=false + +# Cleanup temp directory on exit +trap 'rm -rf "${TEMP_DIR}"' EXIT + +# Check if required tools are available +if ! command -v yq &> /dev/null; then + echo "ERROR: yq is required but not found" + echo "Install from: https://github.com/mikefarah/yq" + exit 1 +fi + +if ! command -v jq &> /dev/null; then + echo "ERROR: jq is required but not found" + echo "Install from: https://jqlang.github.io/jq/" + exit 1 +fi + +echo "Fetching currently supported Istio versions from endoflife.date API..." + +# Fetch supported versions from endoflife.date API (those with EOL date in the future) +curl -s https://endoflife.date/api/istio.json | \ + jq -r --arg today "$(date +%Y-%m-%d)" \ + '.[] | select(.eol > $today) | .cycle' | \ + sort -V > "${SUPPORTED_VERSIONS_FILE}" + +if [ ! -s "${SUPPORTED_VERSIONS_FILE}" ]; then + echo "ERROR: Failed to fetch supported versions from endoflife.date API" + exit 1 +fi + +echo "Currently supported Istio versions (major.minor):" +cat "${SUPPORTED_VERSIONS_FILE}" +echo "" + +# Function to check if a version is supported +is_version_supported() { + local version=$1 + # Extract major.minor from version (e.g., v1.28.3 -> 1.28) + local major_minor + major_minor=$(echo "$version" | grep -oE '[0-9]+\.[0-9]+' | head -n1) + + if [ -z "$major_minor" ]; then + # If we can't parse it (e.g., master, alpha versions), consider it supported + return 0 + fi + + if grep -q "^${major_minor}$" "${SUPPORTED_VERSIONS_FILE}"; then + return 0 # Supported + else + return 1 # Not supported (EOL) + fi +} + +echo "Analyzing versions.yaml and updating EOL flags..." +echo "" + +# Get the number of versions +version_count=$(yq '.versions | length' "${VERSIONS_FILE}") + +# Iterate through each version +for i in $(seq 0 $((version_count - 1))); do + version_name=$(yq ".versions[$i].name" "${VERSIONS_FILE}") + + # Remove quotes from version name if present + version_name=$(echo "$version_name" | tr -d '"') + + # Skip special versions + if [[ "$version_name" == "master" ]] || [[ "$version_name" == *"alpha"* ]]; then + continue + fi + + # Check if version has EOL flag + has_eol=$(yq ".versions[$i].eol // false" "${VERSIONS_FILE}") + + if is_version_supported "$version_name"; then + # Version is supported upstream + if [ "$has_eol" = "true" ]; then + echo "WARNING: ${version_name} is supported upstream but marked as EOL" + echo " Manual intervention may be required to restore metadata" + fi + else + # Version is NOT supported upstream (EOL) + if [ "$has_eol" != "true" ]; then + echo "Marking ${version_name} as EOL..." + + # Check if version has a ref field + has_ref=$(yq ".versions[$i] | has(\"ref\")" "${VERSIONS_FILE}") + + if [ "$has_ref" = "true" ]; then + ref_value=$(yq ".versions[$i].ref" "${VERSIONS_FILE}") + # Keep name, ref, and eol (in that order to match existing format) + yq -i ".versions[$i] = {\"name\": \"${version_name}\", \"ref\": \"${ref_value}\", \"eol\": true}" "${VERSIONS_FILE}" + else + # Keep only name and eol + yq -i ".versions[$i] = {\"name\": \"${version_name}\", \"eol\": true}" "${VERSIONS_FILE}" + fi + + CHANGES_MADE=true + fi + fi +done + +echo "" +if [ "$CHANGES_MADE" = true ]; then + echo "Running 'make gen' to regenerate code..." + cd "${REPO_ROOT}" + make gen + echo "" + echo "✓ EOL version updates completed successfully!" + echo "" + echo "Summary of changes:" + git diff --stat "${VERSIONS_FILE}" || true + exit 0 +else + echo "✓ No changes needed. All versions are already up-to-date." + exit 0 +fi From fe9442776d360eb0b6c24bcef5ff5bc81be3a4f7 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Thu, 5 Feb 2026 00:47:46 -0500 Subject: [PATCH 28/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1571) Signed-off-by: openshift-service-mesh-bot --- .devcontainer/devcontainer.json | 2 +- .github/workflows/update-deps.yaml | 2 +- Makefile.core.mk | 2 +- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- common/.commonfiles.sha | 2 +- common/scripts/setup_env.sh | 2 +- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 6 ++-- go.sum | 12 ++++---- pkg/istioversion/versions.yaml | 18 ++++++------ ...1c97279124d66a8798af0011f52c2be58.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...1c97279124d66a8798af0011f52c2be58.tgz.etag | 1 + resources/v1.30-alpha.1389e271/commit | 1 + ...1c97279124d66a8798af0011f52c2be58.tgz.etag | 1 + ...1c97279124d66a8798af0011f52c2be58.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...1c97279124d66a8798af0011f52c2be58.tgz.etag | 1 + ...fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag | 1 - ...fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag | 1 - resources/v1.30-alpha.15986c2f/commit | 1 - ...fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag | 1 - ...fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag | 1 - ...fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag | 1 - 226 files changed, 103 insertions(+), 103 deletions(-) create mode 100644 resources/v1.30-alpha.1389e271/base-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/README.md (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.1389e271/cni-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag create mode 100644 resources/v1.30-alpha.1389e271/commit create mode 100644 resources/v1.30-alpha.1389e271/gateway-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag create mode 100644 resources/v1.30-alpha.1389e271/istiod-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.15986c2f => v1.30-alpha.1389e271}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.1389e271/ztunnel-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag delete mode 100644 resources/v1.30-alpha.15986c2f/base-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag delete mode 100644 resources/v1.30-alpha.15986c2f/cni-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag delete mode 100644 resources/v1.30-alpha.15986c2f/commit delete mode 100644 resources/v1.30-alpha.15986c2f/gateway-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag delete mode 100644 resources/v1.30-alpha.15986c2f/istiod-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag delete mode 100644 resources/v1.30-alpha.15986c2f/ztunnel-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index dd653dd89..8bed9cf0f 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,6 +1,6 @@ { "name": "istio build-tools", - "image": "gcr.io/istio-testing/build-tools:master-eebcdda8856e2d4f528991d27d4808880cce4c52", + "image": "gcr.io/istio-testing/build-tools:master-011fa76a5d2c95261e3b6d31b44e3dc1e74d43bf", "privileged": true, "remoteEnv": { "USE_GKE_GCLOUD_AUTH_PLUGIN": "True", diff --git a/.github/workflows/update-deps.yaml b/.github/workflows/update-deps.yaml index 418beec6e..135332e1b 100644 --- a/.github/workflows/update-deps.yaml +++ b/.github/workflows/update-deps.yaml @@ -16,7 +16,7 @@ jobs: update-deps: runs-on: ubuntu-latest container: - image: gcr.io/istio-testing/build-tools:master-eebcdda8856e2d4f528991d27d4808880cce4c52 + image: gcr.io/istio-testing/build-tools:master-011fa76a5d2c95261e3b6d31b44e3dc1e74d43bf options: --entrypoint '' steps: diff --git a/Makefile.core.mk b/Makefile.core.mk index 123bb6ea5..a3f963cce 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -571,7 +571,7 @@ OPERATOR_SDK_VERSION ?= v1.42.0 HELM_VERSION ?= v3.20.0 CONTROLLER_TOOLS_VERSION ?= v0.20.0 CONTROLLER_RUNTIME_BRANCH ?= release-0.23 -OPM_VERSION ?= v1.62.0 +OPM_VERSION ?= v1.63.0 OLM_VERSION ?= v0.39.0 GITLEAKS_VERSION ?= v8.30.0 ISTIOCTL_VERSION ?= 1.26.2 diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 68c5bb3e2..67dbc8d8f 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.15986c2f + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.1389e271 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 17ae45694..025e38525 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.15986c2f + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.1389e271 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index b91f0331d..e034347e5 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.15986c2f. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.15986c2f + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.1389e271. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.1389e271 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index fa1ca5950..6bb013ecb 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.15986c2f + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.1389e271 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 6d45d1231..4c03ba7e9 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.15986c2f + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.1389e271 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index c13f550e8..18b3f996a 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-04T05:21:42Z" + createdAt: "2026-02-05T05:26:54Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.15986c2f. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.1389e271. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.15986c2f + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.15986c2f + - v1.30-alpha.1389e271 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_15986c2f.cni: gcr.io/istio-testing/install-cni:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f - images.v1_30-alpha_15986c2f.istiod: gcr.io/istio-testing/pilot:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f - images.v1_30-alpha_15986c2f.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f - images.v1_30-alpha_15986c2f.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f + images.v1_30-alpha_1389e271.cni: gcr.io/istio-testing/install-cni:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 + images.v1_30-alpha_1389e271.istiod: gcr.io/istio-testing/pilot:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 + images.v1_30-alpha_1389e271.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 + images.v1_30-alpha_1389e271.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index a1d78674e..74c5c6079 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.15986c2f + - v1.30-alpha.1389e271 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index f173e3c53..0a2080aed 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.15986c2f. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.1389e271. enum: - v1.28.3 - v1.28.2 @@ -10164,7 +10164,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.15986c2f + - v1.30-alpha.1389e271 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 6ce2494cc..7282ebfea 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. enum: - v1.28-latest - v1.28.3 @@ -10246,7 +10246,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.15986c2f + - v1.30-alpha.1389e271 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 2c13d6500..b400101e7 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.15986c2f + - v1.30-alpha.1389e271 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.15986c2f + - v1.30-alpha.1389e271 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index d46069967..05f4c3b06 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.15986c2f + - v1.30-alpha.1389e271 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index 794ed32e7..cd8a67704 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.15986c2f. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.1389e271. enum: - v1.28.3 - v1.28.2 @@ -10164,7 +10164,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.15986c2f + - v1.30-alpha.1389e271 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 5864ebf41..c97e12b2f 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. enum: - v1.28-latest - v1.28.3 @@ -10246,7 +10246,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.15986c2f + - v1.30-alpha.1389e271 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index c33c08dd2..636aec17d 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.15986c2f + - v1.30-alpha.1389e271 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.15986c2f + - v1.30-alpha.1389e271 type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index 442191356..59a062642 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_15986c2f.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f - images.v1_30-alpha_15986c2f.istiod: gcr.io/istio-testing/pilot:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f - images.v1_30-alpha_15986c2f.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f - images.v1_30-alpha_15986c2f.cni: gcr.io/istio-testing/install-cni:1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f + images.v1_30-alpha_1389e271.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 + images.v1_30-alpha_1389e271.istiod: gcr.io/istio-testing/pilot:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 + images.v1_30-alpha_1389e271.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 + images.v1_30-alpha_1389e271.cni: gcr.io/istio-testing/install-cni:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.15986c2f + - v1.30-alpha.1389e271 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/common/.commonfiles.sha b/common/.commonfiles.sha index 2116519f3..2509c0416 100644 --- a/common/.commonfiles.sha +++ b/common/.commonfiles.sha @@ -1 +1 @@ -4b0a2a0dfb7b3473a6a7457bb05029afcb8d4e50 +50d58c14d4984b40a1186e0e5f1c24729211d4e4 diff --git a/common/scripts/setup_env.sh b/common/scripts/setup_env.sh index fd289b1da..860962496 100755 --- a/common/scripts/setup_env.sh +++ b/common/scripts/setup_env.sh @@ -77,7 +77,7 @@ fi TOOLS_REGISTRY_PROVIDER=${TOOLS_REGISTRY_PROVIDER:-gcr.io} PROJECT_ID=${PROJECT_ID:-istio-testing} if [[ "${IMAGE_VERSION:-}" == "" ]]; then - IMAGE_VERSION=master-eebcdda8856e2d4f528991d27d4808880cce4c52 + IMAGE_VERSION=master-011fa76a5d2c95261e3b6d31b44e3dc1e74d43bf fi if [[ "${IMAGE_NAME:-}" == "" ]]; then IMAGE_NAME=build-tools diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 111944830..94e82bd20 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.15986c2f] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.1389e271] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.15986c2f. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.15986c2f] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.1389e271. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.1389e271] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.15986c2f] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.1389e271] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3524,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.15986c2f] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.1389e271] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3690,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.15986c2f. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.15986c2f] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.1389e271] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index 2f7d7034e..2f91ea8c3 100644 --- a/go.mod +++ b/go.mod @@ -24,8 +24,8 @@ require ( gomodules.xyz/jsonpatch/v2 v2.5.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 - istio.io/client-go v1.29.0-alpha.0.0.20260203144345-f7e8ad2c325c - istio.io/istio v0.0.0-20260203202247-15986c2fb5c9 + istio.io/client-go v1.29.0-alpha.0.0.20260205011149-b3a6b2e28b06 + istio.io/istio v0.0.0-20260205013346-1389e271c972 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 @@ -169,7 +169,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - istio.io/api v1.29.0-alpha.0.0.20260203143348-180296127da8 // indirect + istio.io/api v1.29.0-alpha.0.0.20260205010447-d2bc7d18a337 // indirect k8s.io/apiserver v0.35.0 // indirect k8s.io/component-base v0.35.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect diff --git a/go.sum b/go.sum index cba692832..7f087b1e3 100644 --- a/go.sum +++ b/go.sum @@ -470,12 +470,12 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= helm.sh/helm/v3 v3.18.6 h1:S/2CqcYnNfLckkHLI0VgQbxgcDaU3N4A/46E3n9wSNY= helm.sh/helm/v3 v3.18.6/go.mod h1:L/dXDR2r539oPlFP1PJqKAC1CUgqHJDLkxKpDGrWnyg= -istio.io/api v1.29.0-alpha.0.0.20260203143348-180296127da8 h1:Gf+fW40LwXDqOEGmN5xET6i7vtit0ytZAfrfZnSKaWE= -istio.io/api v1.29.0-alpha.0.0.20260203143348-180296127da8/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= -istio.io/client-go v1.29.0-alpha.0.0.20260203144345-f7e8ad2c325c h1:I27GQQfiAX02r5ucAHsxZYaO01eg6kbJ5+NoHT8LlG4= -istio.io/client-go v1.29.0-alpha.0.0.20260203144345-f7e8ad2c325c/go.mod h1:7OTHYXbM2ryELtJgZO0EQwj/Km5SLXXjw1rcUnyT2xo= -istio.io/istio v0.0.0-20260203202247-15986c2fb5c9 h1:kRePhZeAVPyye5+DzGIdzXr6hJFt1c4eEaH5S4VCGeU= -istio.io/istio v0.0.0-20260203202247-15986c2fb5c9/go.mod h1:lHThkl98hX1TGwzXS5deIIodQH+F4ope60WercPCL4w= +istio.io/api v1.29.0-alpha.0.0.20260205010447-d2bc7d18a337 h1:fTa0j3yQhp5RohEaAaGB+DiXWX6EEq4CGcrcvU+9Sao= +istio.io/api v1.29.0-alpha.0.0.20260205010447-d2bc7d18a337/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= +istio.io/client-go v1.29.0-alpha.0.0.20260205011149-b3a6b2e28b06 h1:S3ger4fZHVuV61d9HKwUksc2y1vQhtyu4zgVr0lD03M= +istio.io/client-go v1.29.0-alpha.0.0.20260205011149-b3a6b2e28b06/go.mod h1:NHEtxuW56GL/RuXXE6NLdzrBURs++EyIp2WSsL9Fpe8= +istio.io/istio v0.0.0-20260205013346-1389e271c972 h1:6i7sySiQ0SGm5IT1f2kpC8lDqcT6fEZILUDFGTZp53k= +istio.io/istio v0.0.0-20260205013346-1389e271c972/go.mod h1:lHThkl98hX1TGwzXS5deIIodQH+F4ope60WercPCL4w= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 865981e00..296d7397e 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.15986c2f - - name: v1.30-alpha.15986c2f - version: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f + ref: v1.30-alpha.1389e271 + - name: v1.30-alpha.1389e271 + version: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 repo: https://github.com/istio/istio branch: master - commit: 15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f + commit: 1389e271c97279124d66a8798af0011f52c2be58 charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f/helm/base-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f/helm/cni-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f/helm/gateway-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f/helm/istiod-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f/helm/ztunnel-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58/helm/base-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58/helm/cni-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58/helm/gateway-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58/helm/istiod-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58/helm/ztunnel-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz diff --git a/resources/v1.30-alpha.1389e271/base-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag b/resources/v1.30-alpha.1389e271/base-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag new file mode 100644 index 000000000..6de656ad4 --- /dev/null +++ b/resources/v1.30-alpha.1389e271/base-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag @@ -0,0 +1 @@ +d6963b85dbd3c7218faa54addb5ed323 diff --git a/resources/v1.30-alpha.15986c2f/charts/base/Chart.yaml b/resources/v1.30-alpha.1389e271/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.15986c2f/charts/base/Chart.yaml rename to resources/v1.30-alpha.1389e271/charts/base/Chart.yaml index 17d80514b..0dc9298b1 100644 --- a/resources/v1.30-alpha.15986c2f/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.1389e271/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f +appVersion: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f +version: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 diff --git a/resources/v1.30-alpha.15986c2f/charts/base/README.md b/resources/v1.30-alpha.1389e271/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/README.md rename to resources/v1.30-alpha.1389e271/charts/base/README.md diff --git a/resources/v1.30-alpha.15986c2f/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.1389e271/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.1389e271/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.1389e271/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.1389e271/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.1389e271/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.1389e271/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.1389e271/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.1389e271/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.1389e271/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.1389e271/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.1389e271/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.1389e271/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.15986c2f/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.1389e271/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.1389e271/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.1389e271/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.1389e271/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.1389e271/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.1389e271/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.1389e271/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.1389e271/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/base/values.yaml b/resources/v1.30-alpha.1389e271/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/base/values.yaml rename to resources/v1.30-alpha.1389e271/charts/base/values.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/Chart.yaml b/resources/v1.30-alpha.1389e271/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.15986c2f/charts/cni/Chart.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/Chart.yaml index 33dab1059..c7d0c1859 100644 --- a/resources/v1.30-alpha.15986c2f/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.1389e271/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f +appVersion: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f +version: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/README.md b/resources/v1.30-alpha.1389e271/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/README.md rename to resources/v1.30-alpha.1389e271/charts/cni/README.md diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.1389e271/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.1389e271/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.1389e271/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.1389e271/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.1389e271/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.1389e271/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.1389e271/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.1389e271/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.1389e271/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.1389e271/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.1389e271/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.1389e271/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.1389e271/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.1389e271/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.1389e271/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.1389e271/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.1389e271/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.1389e271/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.1389e271/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/cni/values.yaml b/resources/v1.30-alpha.1389e271/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.15986c2f/charts/cni/values.yaml rename to resources/v1.30-alpha.1389e271/charts/cni/values.yaml index a22f30a2a..f3d074e74 100644 --- a/resources/v1.30-alpha.15986c2f/charts/cni/values.yaml +++ b/resources/v1.30-alpha.1389e271/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f + tag: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/Chart.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.15986c2f/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/Chart.yaml index d372c165f..8c9647c5b 100644 --- a/resources/v1.30-alpha.15986c2f/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.1389e271/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f +appVersion: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f +version: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/README.md b/resources/v1.30-alpha.1389e271/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/README.md rename to resources/v1.30-alpha.1389e271/charts/gateway/README.md diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.1389e271/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.1389e271/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.1389e271/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.1389e271/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/values.schema.json b/resources/v1.30-alpha.1389e271/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/values.schema.json rename to resources/v1.30-alpha.1389e271/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.15986c2f/charts/gateway/values.yaml b/resources/v1.30-alpha.1389e271/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/gateway/values.yaml rename to resources/v1.30-alpha.1389e271/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/Chart.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.15986c2f/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/Chart.yaml index 7a1a6bb8e..a8b6fcbd1 100644 --- a/resources/v1.30-alpha.15986c2f/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.1389e271/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f +appVersion: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f +version: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/README.md b/resources/v1.30-alpha.1389e271/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/README.md rename to resources/v1.30-alpha.1389e271/charts/istiod/README.md diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.1389e271/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.1389e271/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/istiod/values.yaml b/resources/v1.30-alpha.1389e271/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.15986c2f/charts/istiod/values.yaml rename to resources/v1.30-alpha.1389e271/charts/istiod/values.yaml index 9e9a05c71..a6cd711c6 100644 --- a/resources/v1.30-alpha.15986c2f/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.1389e271/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f + tag: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/Chart.yaml index 8e9f8aafc..7b3c660fa 100644 --- a/resources/v1.30-alpha.15986c2f/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.1389e271/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f +appVersion: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/revisiontags/values.yaml b/resources/v1.30-alpha.1389e271/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.15986c2f/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.1389e271/charts/revisiontags/values.yaml index 9e9a05c71..a6cd711c6 100644 --- a/resources/v1.30-alpha.15986c2f/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.1389e271/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f + tag: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/Chart.yaml index 6897df559..2f4e56e5a 100644 --- a/resources/v1.30-alpha.15986c2f/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.1389e271/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f +appVersion: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f +version: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/README.md b/resources/v1.30-alpha.1389e271/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/README.md rename to resources/v1.30-alpha.1389e271/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.1389e271/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.1389e271/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.15986c2f/charts/ztunnel/values.yaml b/resources/v1.30-alpha.1389e271/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.15986c2f/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.1389e271/charts/ztunnel/values.yaml index 072075a31..f1d39d9de 100644 --- a/resources/v1.30-alpha.15986c2f/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.1389e271/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f + tag: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.1389e271/cni-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag b/resources/v1.30-alpha.1389e271/cni-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag new file mode 100644 index 000000000..c13d8cfc2 --- /dev/null +++ b/resources/v1.30-alpha.1389e271/cni-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag @@ -0,0 +1 @@ +d21337832f39aead68fe4fd7f6c6f3fe diff --git a/resources/v1.30-alpha.1389e271/commit b/resources/v1.30-alpha.1389e271/commit new file mode 100644 index 000000000..fd8547905 --- /dev/null +++ b/resources/v1.30-alpha.1389e271/commit @@ -0,0 +1 @@ +1389e271c97279124d66a8798af0011f52c2be58 diff --git a/resources/v1.30-alpha.1389e271/gateway-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag b/resources/v1.30-alpha.1389e271/gateway-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag new file mode 100644 index 000000000..f59bf1b51 --- /dev/null +++ b/resources/v1.30-alpha.1389e271/gateway-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag @@ -0,0 +1 @@ +f529094740a64b5e0bb372b79273819f diff --git a/resources/v1.30-alpha.1389e271/istiod-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag b/resources/v1.30-alpha.1389e271/istiod-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag new file mode 100644 index 000000000..66c95488c --- /dev/null +++ b/resources/v1.30-alpha.1389e271/istiod-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag @@ -0,0 +1 @@ +56aa702a35a5a5272d118d1d590a170b diff --git a/resources/v1.30-alpha.15986c2f/profiles/ambient.yaml b/resources/v1.30-alpha.1389e271/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/profiles/ambient.yaml rename to resources/v1.30-alpha.1389e271/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.15986c2f/profiles/default.yaml b/resources/v1.30-alpha.1389e271/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/profiles/default.yaml rename to resources/v1.30-alpha.1389e271/profiles/default.yaml diff --git a/resources/v1.30-alpha.15986c2f/profiles/demo.yaml b/resources/v1.30-alpha.1389e271/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/profiles/demo.yaml rename to resources/v1.30-alpha.1389e271/profiles/demo.yaml diff --git a/resources/v1.30-alpha.15986c2f/profiles/empty.yaml b/resources/v1.30-alpha.1389e271/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/profiles/empty.yaml rename to resources/v1.30-alpha.1389e271/profiles/empty.yaml diff --git a/resources/v1.30-alpha.15986c2f/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.1389e271/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.1389e271/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.15986c2f/profiles/openshift.yaml b/resources/v1.30-alpha.1389e271/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/profiles/openshift.yaml rename to resources/v1.30-alpha.1389e271/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.15986c2f/profiles/preview.yaml b/resources/v1.30-alpha.1389e271/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/profiles/preview.yaml rename to resources/v1.30-alpha.1389e271/profiles/preview.yaml diff --git a/resources/v1.30-alpha.15986c2f/profiles/remote.yaml b/resources/v1.30-alpha.1389e271/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/profiles/remote.yaml rename to resources/v1.30-alpha.1389e271/profiles/remote.yaml diff --git a/resources/v1.30-alpha.15986c2f/profiles/stable.yaml b/resources/v1.30-alpha.1389e271/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.15986c2f/profiles/stable.yaml rename to resources/v1.30-alpha.1389e271/profiles/stable.yaml diff --git a/resources/v1.30-alpha.1389e271/ztunnel-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag b/resources/v1.30-alpha.1389e271/ztunnel-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag new file mode 100644 index 000000000..6b4e6f080 --- /dev/null +++ b/resources/v1.30-alpha.1389e271/ztunnel-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag @@ -0,0 +1 @@ +adf4a96e3a6a088dd18817ee2ff6ab6e diff --git a/resources/v1.30-alpha.15986c2f/base-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag b/resources/v1.30-alpha.15986c2f/base-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag deleted file mode 100644 index f544708f0..000000000 --- a/resources/v1.30-alpha.15986c2f/base-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -c1f061b2a9017e59c57e9e9e5c0fb055 diff --git a/resources/v1.30-alpha.15986c2f/cni-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag b/resources/v1.30-alpha.15986c2f/cni-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag deleted file mode 100644 index 58ba53559..000000000 --- a/resources/v1.30-alpha.15986c2f/cni-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -d6a11f45280ff836fff2c3c3e6164883 diff --git a/resources/v1.30-alpha.15986c2f/commit b/resources/v1.30-alpha.15986c2f/commit deleted file mode 100644 index 730662d2c..000000000 --- a/resources/v1.30-alpha.15986c2f/commit +++ /dev/null @@ -1 +0,0 @@ -15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f diff --git a/resources/v1.30-alpha.15986c2f/gateway-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag b/resources/v1.30-alpha.15986c2f/gateway-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag deleted file mode 100644 index e33364001..000000000 --- a/resources/v1.30-alpha.15986c2f/gateway-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -322dd48750828621e41e50e31e07e0ca diff --git a/resources/v1.30-alpha.15986c2f/istiod-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag b/resources/v1.30-alpha.15986c2f/istiod-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag deleted file mode 100644 index ed27fe57f..000000000 --- a/resources/v1.30-alpha.15986c2f/istiod-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -e2d8b6970a76ab3c4e24c7c164401ed4 diff --git a/resources/v1.30-alpha.15986c2f/ztunnel-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag b/resources/v1.30-alpha.15986c2f/ztunnel-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag deleted file mode 100644 index 753977672..000000000 --- a/resources/v1.30-alpha.15986c2f/ztunnel-1.30-alpha.15986c2fb5c9a42a8c5890c13e1ff7bf13020c2f.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -1fdf43e4bc832708f19a86380970c831 From 1a52091b3c244f28c75752e5c873366b49b979cd Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Fri, 6 Feb 2026 00:44:48 -0500 Subject: [PATCH 29/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1573) Signed-off-by: openshift-service-mesh-bot --- Makefile.core.mk | 2 +- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 2 +- go.sum | 4 +-- pkg/istioversion/versions.yaml | 18 ++++++------ ...1c97279124d66a8798af0011f52c2be58.tgz.etag | 1 - ...1c97279124d66a8798af0011f52c2be58.tgz.etag | 1 - resources/v1.30-alpha.1389e271/commit | 1 - ...1c97279124d66a8798af0011f52c2be58.tgz.etag | 1 - ...1c97279124d66a8798af0011f52c2be58.tgz.etag | 1 - ...1c97279124d66a8798af0011f52c2be58.tgz.etag | 1 - ...d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag | 1 + resources/v1.30-alpha.d9e77b1d/commit | 1 + ...d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag | 1 + ...d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag | 1 + 222 files changed, 93 insertions(+), 93 deletions(-) delete mode 100644 resources/v1.30-alpha.1389e271/base-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag delete mode 100644 resources/v1.30-alpha.1389e271/cni-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag delete mode 100644 resources/v1.30-alpha.1389e271/commit delete mode 100644 resources/v1.30-alpha.1389e271/gateway-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag delete mode 100644 resources/v1.30-alpha.1389e271/istiod-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag delete mode 100644 resources/v1.30-alpha.1389e271/ztunnel-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag create mode 100644 resources/v1.30-alpha.d9e77b1d/base-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/README.md (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.d9e77b1d/cni-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag create mode 100644 resources/v1.30-alpha.d9e77b1d/commit create mode 100644 resources/v1.30-alpha.d9e77b1d/gateway-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag create mode 100644 resources/v1.30-alpha.d9e77b1d/istiod-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.1389e271 => v1.30-alpha.d9e77b1d}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.d9e77b1d/ztunnel-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag diff --git a/Makefile.core.mk b/Makefile.core.mk index a3f963cce..3550f7fea 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -572,7 +572,7 @@ HELM_VERSION ?= v3.20.0 CONTROLLER_TOOLS_VERSION ?= v0.20.0 CONTROLLER_RUNTIME_BRANCH ?= release-0.23 OPM_VERSION ?= v1.63.0 -OLM_VERSION ?= v0.39.0 +OLM_VERSION ?= v0.40.0 GITLEAKS_VERSION ?= v8.30.0 ISTIOCTL_VERSION ?= 1.26.2 RUNME_VERSION ?= 3.16.5 diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index 67dbc8d8f..eceb9e803 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.1389e271 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.d9e77b1d // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 025e38525..cbd6ca3ae 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.1389e271 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.d9e77b1d // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index e034347e5..698d2871f 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.1389e271. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.1389e271 + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.d9e77b1d. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.d9e77b1d Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 6bb013ecb..98e41c3fe 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.1389e271 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.d9e77b1d // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 4c03ba7e9..569a4a643 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.1389e271 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.d9e77b1d // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 18b3f996a..848340342 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-05T05:26:54Z" + createdAt: "2026-02-06T05:26:06Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.1389e271. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.d9e77b1d. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.1389e271 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.1389e271 + - v1.30-alpha.d9e77b1d [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_1389e271.cni: gcr.io/istio-testing/install-cni:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 - images.v1_30-alpha_1389e271.istiod: gcr.io/istio-testing/pilot:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 - images.v1_30-alpha_1389e271.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 - images.v1_30-alpha_1389e271.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 + images.v1_30-alpha_d9e77b1d.cni: gcr.io/istio-testing/install-cni:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 + images.v1_30-alpha_d9e77b1d.istiod: gcr.io/istio-testing/pilot:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 + images.v1_30-alpha_d9e77b1d.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 + images.v1_30-alpha_d9e77b1d.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 74c5c6079..49a51167f 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.1389e271 + - v1.30-alpha.d9e77b1d type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 0a2080aed..81b8c7af0 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.1389e271. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.d9e77b1d. enum: - v1.28.3 - v1.28.2 @@ -10164,7 +10164,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.1389e271 + - v1.30-alpha.d9e77b1d type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 7282ebfea..a9431057c 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. enum: - v1.28-latest - v1.28.3 @@ -10246,7 +10246,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.1389e271 + - v1.30-alpha.d9e77b1d type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index b400101e7..6ef1375de 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.1389e271 + - v1.30-alpha.d9e77b1d type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.1389e271 + - v1.30-alpha.d9e77b1d type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 05f4c3b06..d162b6c63 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.1389e271 + - v1.30-alpha.d9e77b1d type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index cd8a67704..2ae2e0455 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.1389e271. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.d9e77b1d. enum: - v1.28.3 - v1.28.2 @@ -10164,7 +10164,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.1389e271 + - v1.30-alpha.d9e77b1d type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index c97e12b2f..df418d55d 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. enum: - v1.28-latest - v1.28.3 @@ -10246,7 +10246,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.1389e271 + - v1.30-alpha.d9e77b1d type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 636aec17d..acb31185f 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.1389e271 + - v1.30-alpha.d9e77b1d type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.1389e271 + - v1.30-alpha.d9e77b1d type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index 59a062642..e858095a3 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_1389e271.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 - images.v1_30-alpha_1389e271.istiod: gcr.io/istio-testing/pilot:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 - images.v1_30-alpha_1389e271.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 - images.v1_30-alpha_1389e271.cni: gcr.io/istio-testing/install-cni:1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 + images.v1_30-alpha_d9e77b1d.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 + images.v1_30-alpha_d9e77b1d.istiod: gcr.io/istio-testing/pilot:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 + images.v1_30-alpha_d9e77b1d.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 + images.v1_30-alpha_d9e77b1d.cni: gcr.io/istio-testing/install-cni:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.1389e271 + - v1.30-alpha.d9e77b1d [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 94e82bd20..b82fd7f6d 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.1389e271] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.d9e77b1d] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.1389e271. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.1389e271] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.d9e77b1d. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.d9e77b1d] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.1389e271] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.d9e77b1d] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3524,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.1389e271] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.d9e77b1d] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3690,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.1389e271. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.1389e271] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.d9e77b1d] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index 2f91ea8c3..ac7b27505 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260205011149-b3a6b2e28b06 - istio.io/istio v0.0.0-20260205013346-1389e271c972 + istio.io/istio v0.0.0-20260206004748-d9e77b1d2c2b k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 diff --git a/go.sum b/go.sum index 7f087b1e3..d8e0ae6c9 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260205010447-d2bc7d18a337 h1:fTa0j3yQhp5RohEaAa istio.io/api v1.29.0-alpha.0.0.20260205010447-d2bc7d18a337/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260205011149-b3a6b2e28b06 h1:S3ger4fZHVuV61d9HKwUksc2y1vQhtyu4zgVr0lD03M= istio.io/client-go v1.29.0-alpha.0.0.20260205011149-b3a6b2e28b06/go.mod h1:NHEtxuW56GL/RuXXE6NLdzrBURs++EyIp2WSsL9Fpe8= -istio.io/istio v0.0.0-20260205013346-1389e271c972 h1:6i7sySiQ0SGm5IT1f2kpC8lDqcT6fEZILUDFGTZp53k= -istio.io/istio v0.0.0-20260205013346-1389e271c972/go.mod h1:lHThkl98hX1TGwzXS5deIIodQH+F4ope60WercPCL4w= +istio.io/istio v0.0.0-20260206004748-d9e77b1d2c2b h1:+FsCm5e0teyY16nWteUorcx6ytP71fFqFjk9zFwS/ag= +istio.io/istio v0.0.0-20260206004748-d9e77b1d2c2b/go.mod h1:chB5nG8Schg/i9DjAyc3QmiquXbfWDWql7P3bgCETHM= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 296d7397e..8f4eea8f7 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.1389e271 - - name: v1.30-alpha.1389e271 - version: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 + ref: v1.30-alpha.d9e77b1d + - name: v1.30-alpha.d9e77b1d + version: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 repo: https://github.com/istio/istio branch: master - commit: 1389e271c97279124d66a8798af0011f52c2be58 + commit: d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58/helm/base-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58/helm/cni-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58/helm/gateway-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58/helm/istiod-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58/helm/ztunnel-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165/helm/base-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165/helm/cni-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165/helm/gateway-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165/helm/istiod-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165/helm/ztunnel-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz diff --git a/resources/v1.30-alpha.1389e271/base-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag b/resources/v1.30-alpha.1389e271/base-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag deleted file mode 100644 index 6de656ad4..000000000 --- a/resources/v1.30-alpha.1389e271/base-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -d6963b85dbd3c7218faa54addb5ed323 diff --git a/resources/v1.30-alpha.1389e271/cni-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag b/resources/v1.30-alpha.1389e271/cni-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag deleted file mode 100644 index c13d8cfc2..000000000 --- a/resources/v1.30-alpha.1389e271/cni-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -d21337832f39aead68fe4fd7f6c6f3fe diff --git a/resources/v1.30-alpha.1389e271/commit b/resources/v1.30-alpha.1389e271/commit deleted file mode 100644 index fd8547905..000000000 --- a/resources/v1.30-alpha.1389e271/commit +++ /dev/null @@ -1 +0,0 @@ -1389e271c97279124d66a8798af0011f52c2be58 diff --git a/resources/v1.30-alpha.1389e271/gateway-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag b/resources/v1.30-alpha.1389e271/gateway-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag deleted file mode 100644 index f59bf1b51..000000000 --- a/resources/v1.30-alpha.1389e271/gateway-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -f529094740a64b5e0bb372b79273819f diff --git a/resources/v1.30-alpha.1389e271/istiod-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag b/resources/v1.30-alpha.1389e271/istiod-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag deleted file mode 100644 index 66c95488c..000000000 --- a/resources/v1.30-alpha.1389e271/istiod-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -56aa702a35a5a5272d118d1d590a170b diff --git a/resources/v1.30-alpha.1389e271/ztunnel-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag b/resources/v1.30-alpha.1389e271/ztunnel-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag deleted file mode 100644 index 6b4e6f080..000000000 --- a/resources/v1.30-alpha.1389e271/ztunnel-1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -adf4a96e3a6a088dd18817ee2ff6ab6e diff --git a/resources/v1.30-alpha.d9e77b1d/base-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag b/resources/v1.30-alpha.d9e77b1d/base-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag new file mode 100644 index 000000000..0c4954a21 --- /dev/null +++ b/resources/v1.30-alpha.d9e77b1d/base-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag @@ -0,0 +1 @@ +3ef1cc8e7107f6da18290d0aef6baa10 diff --git a/resources/v1.30-alpha.1389e271/charts/base/Chart.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.1389e271/charts/base/Chart.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/Chart.yaml index 0dc9298b1..e53c5a15e 100644 --- a/resources/v1.30-alpha.1389e271/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.d9e77b1d/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 +appVersion: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 +version: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 diff --git a/resources/v1.30-alpha.1389e271/charts/base/README.md b/resources/v1.30-alpha.d9e77b1d/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/README.md rename to resources/v1.30-alpha.d9e77b1d/charts/base/README.md diff --git a/resources/v1.30-alpha.1389e271/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.d9e77b1d/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.d9e77b1d/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.1389e271/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/base/values.yaml b/resources/v1.30-alpha.d9e77b1d/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/base/values.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/base/values.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/Chart.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.1389e271/charts/cni/Chart.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/Chart.yaml index c7d0c1859..e8fa41228 100644 --- a/resources/v1.30-alpha.1389e271/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.d9e77b1d/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 +appVersion: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 +version: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 diff --git a/resources/v1.30-alpha.1389e271/charts/cni/README.md b/resources/v1.30-alpha.d9e77b1d/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/README.md rename to resources/v1.30-alpha.d9e77b1d/charts/cni/README.md diff --git a/resources/v1.30-alpha.1389e271/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.d9e77b1d/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.1389e271/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.d9e77b1d/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.1389e271/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/cni/values.yaml b/resources/v1.30-alpha.d9e77b1d/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.1389e271/charts/cni/values.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/cni/values.yaml index f3d074e74..f496a308a 100644 --- a/resources/v1.30-alpha.1389e271/charts/cni/values.yaml +++ b/resources/v1.30-alpha.d9e77b1d/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 + tag: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/Chart.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.1389e271/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/Chart.yaml index 8c9647c5b..31c55a634 100644 --- a/resources/v1.30-alpha.1389e271/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.d9e77b1d/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 +appVersion: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 +version: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/README.md b/resources/v1.30-alpha.d9e77b1d/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/README.md rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/README.md diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/values.schema.json b/resources/v1.30-alpha.d9e77b1d/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/values.schema.json rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.1389e271/charts/gateway/values.yaml b/resources/v1.30-alpha.d9e77b1d/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/gateway/values.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/Chart.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.1389e271/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/Chart.yaml index a8b6fcbd1..ba11785e0 100644 --- a/resources/v1.30-alpha.1389e271/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.d9e77b1d/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 +appVersion: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 +version: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/README.md b/resources/v1.30-alpha.d9e77b1d/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/README.md rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/README.md diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/istiod/values.yaml b/resources/v1.30-alpha.d9e77b1d/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.1389e271/charts/istiod/values.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/istiod/values.yaml index a6cd711c6..f4ba17640 100644 --- a/resources/v1.30-alpha.1389e271/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.d9e77b1d/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 + tag: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/Chart.yaml index 7b3c660fa..0917d45e1 100644 --- a/resources/v1.30-alpha.1389e271/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 +appVersion: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/revisiontags/values.yaml b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.1389e271/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/revisiontags/values.yaml index a6cd711c6..f4ba17640 100644 --- a/resources/v1.30-alpha.1389e271/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 + tag: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/Chart.yaml index 2f4e56e5a..0d0c62b5e 100644 --- a/resources/v1.30-alpha.1389e271/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 +appVersion: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 +version: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/README.md b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/README.md rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.1389e271/charts/ztunnel/values.yaml b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.1389e271/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.d9e77b1d/charts/ztunnel/values.yaml index f1d39d9de..b13d1dc40 100644 --- a/resources/v1.30-alpha.1389e271/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.1389e271c97279124d66a8798af0011f52c2be58 + tag: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.d9e77b1d/cni-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag b/resources/v1.30-alpha.d9e77b1d/cni-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag new file mode 100644 index 000000000..c95759665 --- /dev/null +++ b/resources/v1.30-alpha.d9e77b1d/cni-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag @@ -0,0 +1 @@ +fb2757a6d7b437fb39f14e8bd48ad769 diff --git a/resources/v1.30-alpha.d9e77b1d/commit b/resources/v1.30-alpha.d9e77b1d/commit new file mode 100644 index 000000000..7e7f92758 --- /dev/null +++ b/resources/v1.30-alpha.d9e77b1d/commit @@ -0,0 +1 @@ +d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 diff --git a/resources/v1.30-alpha.d9e77b1d/gateway-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag b/resources/v1.30-alpha.d9e77b1d/gateway-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag new file mode 100644 index 000000000..2d665192d --- /dev/null +++ b/resources/v1.30-alpha.d9e77b1d/gateway-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag @@ -0,0 +1 @@ +bfc1b5a7f4494e660ac0936b4b18768b diff --git a/resources/v1.30-alpha.d9e77b1d/istiod-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag b/resources/v1.30-alpha.d9e77b1d/istiod-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag new file mode 100644 index 000000000..42743d793 --- /dev/null +++ b/resources/v1.30-alpha.d9e77b1d/istiod-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag @@ -0,0 +1 @@ +fbca13b9574b0b615766efcfce1c2411 diff --git a/resources/v1.30-alpha.1389e271/profiles/ambient.yaml b/resources/v1.30-alpha.d9e77b1d/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/profiles/ambient.yaml rename to resources/v1.30-alpha.d9e77b1d/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.1389e271/profiles/default.yaml b/resources/v1.30-alpha.d9e77b1d/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/profiles/default.yaml rename to resources/v1.30-alpha.d9e77b1d/profiles/default.yaml diff --git a/resources/v1.30-alpha.1389e271/profiles/demo.yaml b/resources/v1.30-alpha.d9e77b1d/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/profiles/demo.yaml rename to resources/v1.30-alpha.d9e77b1d/profiles/demo.yaml diff --git a/resources/v1.30-alpha.1389e271/profiles/empty.yaml b/resources/v1.30-alpha.d9e77b1d/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/profiles/empty.yaml rename to resources/v1.30-alpha.d9e77b1d/profiles/empty.yaml diff --git a/resources/v1.30-alpha.1389e271/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.d9e77b1d/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.d9e77b1d/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.1389e271/profiles/openshift.yaml b/resources/v1.30-alpha.d9e77b1d/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/profiles/openshift.yaml rename to resources/v1.30-alpha.d9e77b1d/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.1389e271/profiles/preview.yaml b/resources/v1.30-alpha.d9e77b1d/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/profiles/preview.yaml rename to resources/v1.30-alpha.d9e77b1d/profiles/preview.yaml diff --git a/resources/v1.30-alpha.1389e271/profiles/remote.yaml b/resources/v1.30-alpha.d9e77b1d/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/profiles/remote.yaml rename to resources/v1.30-alpha.d9e77b1d/profiles/remote.yaml diff --git a/resources/v1.30-alpha.1389e271/profiles/stable.yaml b/resources/v1.30-alpha.d9e77b1d/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.1389e271/profiles/stable.yaml rename to resources/v1.30-alpha.d9e77b1d/profiles/stable.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/ztunnel-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag b/resources/v1.30-alpha.d9e77b1d/ztunnel-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag new file mode 100644 index 000000000..dbb91075c --- /dev/null +++ b/resources/v1.30-alpha.d9e77b1d/ztunnel-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag @@ -0,0 +1 @@ +677f1934959ad0eba93d0eb106c89ed9 From 300100105eeaf900290a630a279b477929b8d151 Mon Sep 17 00:00:00 2001 From: Aslak Knutsen Date: Fri, 6 Feb 2026 13:08:49 +0100 Subject: [PATCH 30/40] refactor: extract shared reconciliation logic into pkg/reconcile (#1572) * refactor: extract shared reconciliation logic into pkg/reconcile Move validation, Helm installation, and image digest logic from individual controllers into a shared pkg/reconcile package. This enables code reuse between operator controllers and (future) the install library, ensuring the same code path is used regardless of deployment mode. Changes: - Add pkg/reconcile with IstiodReconciler, CNIReconciler, ZTunnelReconciler - Each reconciler provides ValidateSpec(), Validate(), Install(), Uninstall() - Export ApplyCNIImageDigests() and ApplyZTunnelImageDigests() for reuse - Refactor IstioRevision, IstioCNI, ZTunnel controllers to delegate to shared reconcilers - Update controller tests to use shared reconcilers Design decisions: - Two-tier validation: ValidateSpec() for basic checks, Validate() for K8s API checks (supports library usage without K8s client) - Controller-agnostic error messages (e.g., "version not set" instead of "spec.version not set") Co-authored-by: Cursor noreply@cursor.com Signed-off-by: Aslak Knutsen * refactor(validation): consolidate validation and move CRD-specific checks to controller The validation was awkwardly split between ValidateSpec (no client) and Validate (with client), but both paths actually need a client. This refactoring creates a cleaner separation: - General validations (version/namespace/values checks, target namespace exists) remain in pkg/reconcile - CRD-specific validations (revision name consistency, IstioRevisionTag conflict) move to the controller level Changes: - Remove ValidateSpec from IstiodReconciler, CNIReconciler, ZTunnelReconciler - Collapse validation into single Validate function that always requires client - Add validateRevisionConsistency and validateNoTagConflict to controller - Update tests to reflect new validation structure This enables library consumers to use pkg/reconcile without needing to implement operator-specific validation logic. Signed-off-by: Aslak Knutsen * refactor(reconcile): use GetChartPath helper and tidy up exports Replace inline path.Join(version, "charts", ...) calls with the existing GetChartPath helper across all three reconcilers. Unexport getReleaseName since it's only used within istiod.go. Move GetChartPath and its test to common.go/common_test.go (renamed from types.go) since it's shared across packages. Signed-off-by: Aslak Knutsen --------- Signed-off-by: Aslak Knutsen --- controllers/istiocni/istiocni_controller.go | 110 ++--------- .../istiocni/istiocni_controller_test.go | 18 +- .../istiorevision/istiorevision_controller.go | 121 +++++------- .../istiorevision_controller_test.go | 41 +++- controllers/ztunnel/ztunnel_controller.go | 115 ++--------- .../ztunnel/ztunnel_controller_test.go | 16 +- pkg/reconcile/cni.go | 158 +++++++++++++++ pkg/reconcile/cni_test.go | 183 ++++++++++++++++++ pkg/reconcile/common.go | 51 +++++ pkg/reconcile/common_test.go | 47 +++++ pkg/reconcile/istiod.go | 138 +++++++++++++ pkg/reconcile/istiod_test.go | 155 +++++++++++++++ pkg/reconcile/ztunnel.go | 166 ++++++++++++++++ pkg/reconcile/ztunnel_test.go | 183 ++++++++++++++++++ 14 files changed, 1218 insertions(+), 284 deletions(-) create mode 100644 pkg/reconcile/cni.go create mode 100644 pkg/reconcile/cni_test.go create mode 100644 pkg/reconcile/common.go create mode 100644 pkg/reconcile/common_test.go create mode 100644 pkg/reconcile/istiod.go create mode 100644 pkg/reconcile/istiod_test.go create mode 100644 pkg/reconcile/ztunnel.go create mode 100644 pkg/reconcile/ztunnel_test.go diff --git a/controllers/istiocni/istiocni_controller.go b/controllers/istiocni/istiocni_controller.go index db9aaef78..f679ce1a0 100644 --- a/controllers/istiocni/istiocni_controller.go +++ b/controllers/istiocni/istiocni_controller.go @@ -18,7 +18,6 @@ import ( "context" "errors" "fmt" - "path" "reflect" "github.com/go-logr/logr" @@ -28,12 +27,10 @@ import ( "github.com/istio-ecosystem/sail-operator/pkg/enqueuelogger" "github.com/istio-ecosystem/sail-operator/pkg/errlist" "github.com/istio-ecosystem/sail-operator/pkg/helm" - "github.com/istio-ecosystem/sail-operator/pkg/istiovalues" - "github.com/istio-ecosystem/sail-operator/pkg/istioversion" "github.com/istio-ecosystem/sail-operator/pkg/kube" "github.com/istio-ecosystem/sail-operator/pkg/predicate" + sharedreconcile "github.com/istio-ecosystem/sail-operator/pkg/reconcile" "github.com/istio-ecosystem/sail-operator/pkg/reconciler" - "github.com/istio-ecosystem/sail-operator/pkg/validation" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" @@ -53,11 +50,6 @@ import ( "istio.io/istio/pkg/ptr" ) -const ( - cniReleaseName = "istio-cni" - cniChartName = "cni" -) - // Reconciler reconciles an IstioCNI object type Reconciler struct { client.Client @@ -107,33 +99,19 @@ func (r *Reconciler) Reconcile(ctx context.Context, cni *v1.IstioCNI) (ctrl.Resu } func (r *Reconciler) Finalize(ctx context.Context, cni *v1.IstioCNI) error { - return r.uninstallHelmChart(ctx, cni) + cniReconciler := r.newCNIReconciler() + return cniReconciler.Uninstall(ctx, cni.Spec.Namespace) } func (r *Reconciler) doReconcile(ctx context.Context, cni *v1.IstioCNI) error { log := logf.FromContext(ctx) - if err := r.validate(ctx, cni); err != nil { - return err - } - - log.Info("Installing Helm chart") - return r.installHelmChart(ctx, cni) -} + cniReconciler := r.newCNIReconciler() -func (r *Reconciler) validate(ctx context.Context, cni *v1.IstioCNI) error { - if cni.Spec.Version == "" { - return reconciler.NewValidationError("spec.version not set") - } - if cni.Spec.Namespace == "" { - return reconciler.NewValidationError("spec.namespace not set") - } - if err := validation.ValidateTargetNamespace(ctx, r.Client, cni.Spec.Namespace); err != nil { + if err := cniReconciler.Validate(ctx, cni.Spec.Version, cni.Spec.Namespace); err != nil { return err } - return nil -} -func (r *Reconciler) installHelmChart(ctx context.Context, cni *v1.IstioCNI) error { + log.Info("Installing Helm chart") ownerReference := metav1.OwnerReference{ APIVersion: v1.GroupVersion.String(), Kind: v1.IstioCNIKind, @@ -142,75 +120,17 @@ func (r *Reconciler) installHelmChart(ctx context.Context, cni *v1.IstioCNI) err Controller: ptr.Of(true), BlockOwnerDeletion: ptr.Of(true), } - - version, err := istioversion.Resolve(cni.Spec.Version) - if err != nil { - return fmt.Errorf("failed to resolve IstioCNI version for %q: %w", cni.Name, err) - } - - // get userValues from Istio.spec.values - userValues := cni.Spec.Values - - // apply image digests from configuration, if not already set by user - userValues = applyImageDigests(version, userValues, config.Config) - - // apply vendor-specific default values - userValues, err = istiovalues.ApplyIstioCNIVendorDefaults(version, userValues) - if err != nil { - return fmt.Errorf("failed to apply vendor defaults: %w", err) - } - - // apply userValues on top of defaultValues from profiles - mergedHelmValues, err := istiovalues.ApplyProfilesAndPlatform( - r.Config.ResourceFS, version, r.Config.Platform, r.Config.DefaultProfile, cni.Spec.Profile, helm.FromValues(userValues)) - if err != nil { - return fmt.Errorf("failed to apply profile: %w", err) - } - - _, err = r.ChartManager.UpgradeOrInstallChart( - ctx, r.Config.ResourceFS, r.getChartPath(version), mergedHelmValues, cni.Spec.Namespace, cniReleaseName, &ownerReference) - if err != nil { - return fmt.Errorf("failed to install/update Helm chart %q: %w", cniChartName, err) - } - return nil + return cniReconciler.Install(ctx, cni.Spec.Version, cni.Spec.Namespace, cni.Spec.Values, cni.Spec.Profile, &ownerReference) } -func (r *Reconciler) getChartPath(version string) string { - return path.Join(version, "charts", cniChartName) -} - -func applyImageDigests(version string, values *v1.CNIValues, config config.OperatorConfig) *v1.CNIValues { - imageDigests, digestsDefined := config.ImageDigests[version] - // if we don't have default image digests defined for this version, it's a no-op - if !digestsDefined { - return values - } - - // if a global hub or tag value is configured by the user, don't set image digests - if values != nil && values.Global != nil && (values.Global.Hub != nil || values.Global.Tag != nil) { - return values - } - - if values == nil { - values = &v1.CNIValues{} - } - - // set image digest unless any part of the image has been configured by the user - if values.Cni == nil { - values.Cni = &v1.CNIConfig{} - } - if values.Cni.Image == nil && values.Cni.Hub == nil && values.Cni.Tag == nil { - values.Cni.Image = &imageDigests.CNIImage - } - return values -} - -func (r *Reconciler) uninstallHelmChart(ctx context.Context, cni *v1.IstioCNI) error { - _, err := r.ChartManager.UninstallChart(ctx, cniReleaseName, cni.Spec.Namespace) - if err != nil { - return fmt.Errorf("failed to uninstall Helm chart %q: %w", cniChartName, err) - } - return nil +func (r *Reconciler) newCNIReconciler() *sharedreconcile.CNIReconciler { + return sharedreconcile.NewCNIReconciler(sharedreconcile.Config{ + ResourceFS: r.Config.ResourceFS, + Platform: r.Config.Platform, + DefaultProfile: r.Config.DefaultProfile, + OperatorNamespace: r.Config.OperatorNamespace, + ChartManager: r.ChartManager, + }, r.Client) } // SetupWithManager sets up the controller with the Manager. diff --git a/controllers/istiocni/istiocni_controller_test.go b/controllers/istiocni/istiocni_controller_test.go index ee851d424..041354b3b 100644 --- a/controllers/istiocni/istiocni_controller_test.go +++ b/controllers/istiocni/istiocni_controller_test.go @@ -25,6 +25,7 @@ import ( "github.com/istio-ecosystem/sail-operator/pkg/config" "github.com/istio-ecosystem/sail-operator/pkg/istiovalues" "github.com/istio-ecosystem/sail-operator/pkg/istioversion" + sharedreconcile "github.com/istio-ecosystem/sail-operator/pkg/reconcile" "github.com/istio-ecosystem/sail-operator/pkg/scheme" . "github.com/onsi/gomega" appsv1 "k8s.io/api/apps/v1" @@ -77,7 +78,7 @@ func TestValidate(t *testing.T) { }, }, objects: []client.Object{ns}, - expectErr: "spec.version not set", + expectErr: "version not set", }, { name: "no namespace", @@ -90,7 +91,7 @@ func TestValidate(t *testing.T) { }, }, objects: []client.Object{ns}, - expectErr: "spec.namespace not set", + expectErr: "namespace not set", }, { name: "namespace not found", @@ -111,9 +112,14 @@ func TestValidate(t *testing.T) { t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) cl := fake.NewClientBuilder().WithScheme(scheme.Scheme).WithObjects(tc.objects...).Build() - r := NewReconciler(cfg, cl, scheme.Scheme, nil) - - err := r.validate(context.TODO(), tc.cni) + cniReconciler := sharedreconcile.NewCNIReconciler(sharedreconcile.Config{ + ResourceFS: cfg.ResourceFS, + Platform: cfg.Platform, + DefaultProfile: cfg.DefaultProfile, + OperatorNamespace: cfg.OperatorNamespace, + }, cl) + + err := cniReconciler.Validate(context.TODO(), tc.cni.Spec.Version, tc.cni.Spec.Namespace) if tc.expectErr == "" { g.Expect(err).ToNot(HaveOccurred()) } else { @@ -496,7 +502,7 @@ func TestApplyImageDigests(t *testing.T) { if err != nil { t.Errorf("failed to resolve IstioCNI version for %q: %v", tc.input.Name, err) } - result := applyImageDigests(version, tc.input.Spec.Values, tc.config) + result := sharedreconcile.ApplyCNIImageDigests(version, tc.input.Spec.Values, tc.config) if diff := cmp.Diff(tc.expectValues, result); diff != "" { t.Errorf("unexpected merge result; diff (-expected, +actual):\n%v", diff) } diff --git a/controllers/istiorevision/istiorevision_controller.go b/controllers/istiorevision/istiorevision_controller.go index c1f786e54..b54b55eb5 100644 --- a/controllers/istiorevision/istiorevision_controller.go +++ b/controllers/istiorevision/istiorevision_controller.go @@ -18,7 +18,6 @@ import ( "context" "errors" "fmt" - "path" "reflect" "regexp" @@ -31,6 +30,7 @@ import ( "github.com/istio-ecosystem/sail-operator/pkg/helm" "github.com/istio-ecosystem/sail-operator/pkg/kube" predicate2 "github.com/istio-ecosystem/sail-operator/pkg/predicate" + sharedreconcile "github.com/istio-ecosystem/sail-operator/pkg/reconcile" "github.com/istio-ecosystem/sail-operator/pkg/reconciler" "github.com/istio-ecosystem/sail-operator/pkg/revision" "github.com/istio-ecosystem/sail-operator/pkg/validation" @@ -115,57 +115,22 @@ func (r *Reconciler) Reconcile(ctx context.Context, rev *v1.IstioRevision) (ctrl func (r *Reconciler) doReconcile(ctx context.Context, rev *v1.IstioRevision) error { log := logf.FromContext(ctx) - if err := r.validate(ctx, rev); err != nil { - return err - } - - log.Info("Installing Helm chart") - return r.installHelmCharts(ctx, rev) -} - -func (r *Reconciler) Finalize(ctx context.Context, rev *v1.IstioRevision) error { - return r.uninstallHelmCharts(ctx, rev) -} + istiodReconciler := r.newIstiodReconciler() -func (r *Reconciler) validate(ctx context.Context, rev *v1.IstioRevision) error { - if rev.Spec.Version == "" { - return reconciler.NewValidationError("spec.version not set") - } - if rev.Spec.Namespace == "" { - return reconciler.NewValidationError("spec.namespace not set") - } - if err := validation.ValidateTargetNamespace(ctx, r.Client, rev.Spec.Namespace); err != nil { + // CRD-specific validations + if err := r.validateRevisionConsistency(rev); err != nil { return err } - - if rev.Spec.Values == nil { - return reconciler.NewValidationError("spec.values not set") - } - - revName := rev.Spec.Values.Revision - if rev.Name == v1.DefaultRevision && (revName != nil && *revName != "") { - return reconciler.NewValidationError(fmt.Sprintf("spec.values.revision must be \"\" when IstioRevision name is %s", v1.DefaultRevision)) - } else if rev.Name != v1.DefaultRevision && (revName == nil || *revName != rev.Name) { - return reconciler.NewValidationError("spec.values.revision does not match IstioRevision name") - } - - if rev.Spec.Values.Global == nil || rev.Spec.Values.Global.IstioNamespace == nil || *rev.Spec.Values.Global.IstioNamespace != rev.Spec.Namespace { - return reconciler.NewValidationError("spec.values.global.istioNamespace does not match spec.namespace") + if err := r.validateNoTagConflict(ctx, rev); err != nil { + return err } - tag := v1.IstioRevisionTag{} - if err := r.Client.Get(ctx, types.NamespacedName{Name: rev.Name}, &tag); err == nil { - if validation.ResourceTakesPrecedence(&tag.ObjectMeta, &rev.ObjectMeta) { - return reconciler.NewNameAlreadyExistsError("an IstioRevisionTag exists with this name", nil) - } - } else if !apierrors.IsNotFound(err) { + // General validations + if err := istiodReconciler.Validate(ctx, rev.Spec.Version, rev.Spec.Namespace, rev.Spec.Values); err != nil { return err } - return nil -} - -func (r *Reconciler) installHelmCharts(ctx context.Context, rev *v1.IstioRevision) error { + log.Info("Installing Helm chart") ownerReference := metav1.OwnerReference{ APIVersion: v1.GroupVersion.String(), Kind: v1.IstioRevisionKind, @@ -174,39 +139,55 @@ func (r *Reconciler) installHelmCharts(ctx context.Context, rev *v1.IstioRevisio Controller: ptr.Of(true), BlockOwnerDeletion: ptr.Of(true), } - - values := helm.FromValues(rev.Spec.Values) - _, err := r.ChartManager.UpgradeOrInstallChart(ctx, r.Config.ResourceFS, r.getChartPath(rev, constants.IstiodChartName), - values, rev.Spec.Namespace, getReleaseName(rev, constants.IstiodChartName), &ownerReference) - if err != nil { - return fmt.Errorf("failed to install/update Helm chart %q: %w", constants.IstiodChartName, err) - } - if rev.Name == v1.DefaultRevision { - _, err := r.ChartManager.UpgradeOrInstallChart(ctx, r.Config.ResourceFS, r.getChartPath(rev, constants.BaseChartName), - values, r.Config.OperatorNamespace, getReleaseName(rev, constants.BaseChartName), &ownerReference) - if err != nil { - return fmt.Errorf("failed to install/update Helm chart %q: %w", constants.BaseChartName, err) - } - } - return nil + return istiodReconciler.Install(ctx, rev.Spec.Version, rev.Spec.Namespace, rev.Spec.Values, rev.Name, &ownerReference) } -func getReleaseName(rev *v1.IstioRevision, chartName string) string { - return fmt.Sprintf("%s-%s", rev.Name, chartName) +func (r *Reconciler) Finalize(ctx context.Context, rev *v1.IstioRevision) error { + istiodReconciler := r.newIstiodReconciler() + return istiodReconciler.Uninstall(ctx, rev.Spec.Namespace, rev.Name) } -func (r *Reconciler) getChartPath(rev *v1.IstioRevision, chartName string) string { - return path.Join(rev.Spec.Version, "charts", chartName) +func (r *Reconciler) newIstiodReconciler() *sharedreconcile.IstiodReconciler { + return sharedreconcile.NewIstiodReconciler(sharedreconcile.Config{ + ResourceFS: r.Config.ResourceFS, + Platform: r.Config.Platform, + DefaultProfile: r.Config.DefaultProfile, + OperatorNamespace: r.Config.OperatorNamespace, + ChartManager: r.ChartManager, + }, r.Client) } -func (r *Reconciler) uninstallHelmCharts(ctx context.Context, rev *v1.IstioRevision) error { - if _, err := r.ChartManager.UninstallChart(ctx, getReleaseName(rev, constants.IstiodChartName), rev.Spec.Namespace); err != nil { - return fmt.Errorf("failed to uninstall Helm chart %q: %w", constants.IstiodChartName, err) +// validateRevisionConsistency validates that the IstioRevision CR fields are consistent +// with the Helm values. This is CRD-specific validation. +func (r *Reconciler) validateRevisionConsistency(rev *v1.IstioRevision) error { + values := rev.Spec.Values + if values == nil { + return nil // values nil check is done in general validation + } + + // Validate revision name consistency + revName := values.Revision + if rev.Name == v1.DefaultRevision && (revName != nil && *revName != "") { + return reconciler.NewValidationError(fmt.Sprintf("values.revision must be \"\" when revision name is %s", v1.DefaultRevision)) + } else if rev.Name != v1.DefaultRevision && (revName == nil || *revName != rev.Name) { + return reconciler.NewValidationError("values.revision does not match revision name") + } + + // Validate namespace consistency + if values.Global == nil || values.Global.IstioNamespace == nil || *values.Global.IstioNamespace != rev.Spec.Namespace { + return reconciler.NewValidationError("values.global.istioNamespace does not match namespace") } - if rev.Name == v1.DefaultRevision { - _, err := r.ChartManager.UninstallChart(ctx, getReleaseName(rev, constants.BaseChartName), r.Config.OperatorNamespace) - if err != nil { - return fmt.Errorf("failed to uninstall Helm chart %q: %w", constants.BaseChartName, err) + + return nil +} + +// validateNoTagConflict checks that no IstioRevisionTag exists with the same name +// as this IstioRevision. This is CRD-specific validation. +func (r *Reconciler) validateNoTagConflict(ctx context.Context, rev *v1.IstioRevision) error { + tag := v1.IstioRevisionTag{} + if err := r.Client.Get(ctx, types.NamespacedName{Name: rev.Name}, &tag); err == nil { + if validation.ResourceTakesPrecedence(&tag.ObjectMeta, &rev.ObjectMeta) { + return reconciler.NewNameAlreadyExistsError("an IstioRevisionTag exists with this name", nil) } } return nil diff --git a/controllers/istiorevision/istiorevision_controller_test.go b/controllers/istiorevision/istiorevision_controller_test.go index 598f6c4e0..3dad5ee09 100644 --- a/controllers/istiorevision/istiorevision_controller_test.go +++ b/controllers/istiorevision/istiorevision_controller_test.go @@ -25,6 +25,7 @@ import ( "github.com/istio-ecosystem/sail-operator/pkg/config" "github.com/istio-ecosystem/sail-operator/pkg/constants" "github.com/istio-ecosystem/sail-operator/pkg/istioversion" + sharedreconcile "github.com/istio-ecosystem/sail-operator/pkg/reconcile" "github.com/istio-ecosystem/sail-operator/pkg/scheme" . "github.com/onsi/gomega" admissionv1 "k8s.io/api/admissionregistration/v1" @@ -87,7 +88,7 @@ func TestValidate(t *testing.T) { }, }, objects: []client.Object{ns}, - expectErr: "spec.version not set", + expectErr: "version not set", }, { name: "no namespace", @@ -100,7 +101,7 @@ func TestValidate(t *testing.T) { }, }, objects: []client.Object{ns}, - expectErr: "spec.namespace not set", + expectErr: "namespace not set", }, { name: "namespace not found", @@ -111,6 +112,11 @@ func TestValidate(t *testing.T) { Spec: v1.IstioRevisionSpec{ Version: istioversion.Default, Namespace: "istio-system", + Values: &v1.Values{ + Global: &v1.GlobalConfig{ + IstioNamespace: ptr.Of("istio-system"), + }, + }, }, }, objects: []client.Object{}, @@ -128,7 +134,7 @@ func TestValidate(t *testing.T) { }, }, objects: []client.Object{ns}, - expectErr: "spec.values not set", + expectErr: "values not set", }, { name: "invalid istioNamespace", @@ -147,7 +153,7 @@ func TestValidate(t *testing.T) { }, }, objects: []client.Object{ns}, - expectErr: "spec.values.global.istioNamespace does not match spec.namespace", + expectErr: "values.global.istioNamespace does not match namespace", }, { name: "invalid revision default", @@ -167,7 +173,7 @@ func TestValidate(t *testing.T) { }, }, objects: []client.Object{ns}, - expectErr: `spec.values.revision must be "" when IstioRevision name is default`, + expectErr: `values.revision must be "" when revision name is default`, }, { name: "invalid revision non-default", @@ -187,16 +193,35 @@ func TestValidate(t *testing.T) { }, }, objects: []client.Object{ns}, - expectErr: `spec.values.revision does not match IstioRevision name`, + expectErr: `values.revision does not match revision name`, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) cl := fake.NewClientBuilder().WithScheme(scheme.Scheme).WithObjects(tc.objects...).Build() - r := NewReconciler(cfg, cl, scheme.Scheme, nil) - err := r.validate(context.TODO(), tc.rev) + // Create controller reconciler for CRD-specific validations + reconciler := &Reconciler{ + Client: cl, + Config: cfg, + } + + // Run CRD-specific validations (same order as doReconcile) + var err error + if err = reconciler.validateRevisionConsistency(tc.rev); err == nil { + if err = reconciler.validateNoTagConflict(context.TODO(), tc.rev); err == nil { + // Run general validations + istiodReconciler := sharedreconcile.NewIstiodReconciler(sharedreconcile.Config{ + ResourceFS: cfg.ResourceFS, + Platform: cfg.Platform, + DefaultProfile: cfg.DefaultProfile, + OperatorNamespace: cfg.OperatorNamespace, + }, cl) + err = istiodReconciler.Validate(context.TODO(), tc.rev.Spec.Version, tc.rev.Spec.Namespace, tc.rev.Spec.Values) + } + } + if tc.expectErr == "" { g.Expect(err).ToNot(HaveOccurred()) } else { diff --git a/controllers/ztunnel/ztunnel_controller.go b/controllers/ztunnel/ztunnel_controller.go index 710802982..c8b07d0a9 100644 --- a/controllers/ztunnel/ztunnel_controller.go +++ b/controllers/ztunnel/ztunnel_controller.go @@ -18,7 +18,6 @@ import ( "context" "errors" "fmt" - "path" "reflect" "github.com/go-logr/logr" @@ -29,12 +28,10 @@ import ( "github.com/istio-ecosystem/sail-operator/pkg/enqueuelogger" "github.com/istio-ecosystem/sail-operator/pkg/errlist" "github.com/istio-ecosystem/sail-operator/pkg/helm" - "github.com/istio-ecosystem/sail-operator/pkg/istiovalues" - "github.com/istio-ecosystem/sail-operator/pkg/istioversion" "github.com/istio-ecosystem/sail-operator/pkg/kube" "github.com/istio-ecosystem/sail-operator/pkg/predicate" + sharedreconcile "github.com/istio-ecosystem/sail-operator/pkg/reconcile" "github.com/istio-ecosystem/sail-operator/pkg/reconciler" - "github.com/istio-ecosystem/sail-operator/pkg/validation" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" @@ -61,11 +58,6 @@ type Reconciler struct { ChartManager *helm.ChartManager } -const ( - ztunnelChart = "ztunnel" - defaultProfile = "ambient" -) - func NewReconciler(cfg config.ReconcilerConfig, client client.Client, scheme *runtime.Scheme, chartManager *helm.ChartManager) *Reconciler { return &Reconciler{ Config: cfg, @@ -101,33 +93,19 @@ func (r *Reconciler) Reconcile(ctx context.Context, ztunnel *v1.ZTunnel) (ctrl.R } func (r *Reconciler) Finalize(ctx context.Context, ztunnel *v1.ZTunnel) error { - return r.uninstallHelmChart(ctx, ztunnel) + ztunnelReconciler := r.newZTunnelReconciler() + return ztunnelReconciler.Uninstall(ctx, ztunnel.Spec.Namespace) } func (r *Reconciler) doReconcile(ctx context.Context, ztunnel *v1.ZTunnel) error { log := logf.FromContext(ctx) - if err := r.validate(ctx, ztunnel); err != nil { - return err - } - - log.Info("Installing ztunnel Helm chart") - return r.installHelmChart(ctx, ztunnel) -} + ztunnelReconciler := r.newZTunnelReconciler() -func (r *Reconciler) validate(ctx context.Context, ztunnel *v1.ZTunnel) error { - if ztunnel.Spec.Version == "" { - return reconciler.NewValidationError("spec.version not set") - } - if ztunnel.Spec.Namespace == "" { - return reconciler.NewValidationError("spec.namespace not set") - } - if err := validation.ValidateTargetNamespace(ctx, r.Client, ztunnel.Spec.Namespace); err != nil { + if err := ztunnelReconciler.Validate(ctx, ztunnel.Spec.Version, ztunnel.Spec.Namespace); err != nil { return err } - return nil -} -func (r *Reconciler) installHelmChart(ctx context.Context, ztunnel *v1.ZTunnel) error { + log.Info("Installing ztunnel Helm chart") ownerReference := metav1.OwnerReference{ APIVersion: v1.GroupVersion.String(), Kind: v1.ZTunnelKind, @@ -136,80 +114,17 @@ func (r *Reconciler) installHelmChart(ctx context.Context, ztunnel *v1.ZTunnel) Controller: ptr.Of(true), BlockOwnerDeletion: ptr.Of(true), } - - version, err := istioversion.Resolve(ztunnel.Spec.Version) - if err != nil { - return fmt.Errorf("failed to resolve Ztunnel version for %q: %w", ztunnel.Name, err) - } - // get userValues from ztunnel.spec.values - userValues := ztunnel.Spec.Values - if userValues == nil { - userValues = &v1.ZTunnelValues{} - } - - // apply image digests from configuration, if not already set by user - userValues = applyImageDigests(version, userValues, config.Config) - - // apply userValues on top of defaultValues from profiles - mergedHelmValues, err := istiovalues.ApplyProfilesAndPlatform( - r.Config.ResourceFS, version, r.Config.Platform, r.Config.DefaultProfile, defaultProfile, helm.FromValues(userValues)) - if err != nil { - return fmt.Errorf("failed to apply profile: %w", err) - } - - // Apply any user Overrides configured as part of values.ztunnel - // This step was not required for the IstioCNI resource because the Helm templates[*] automatically override values.cni - // [*]https://github.com/istio/istio/blob/0200fd0d4c3963a72f36987c2e8c2887df172abf/manifests/charts/istio-cni/templates/zzy_descope_legacy.yaml#L3 - // However, ztunnel charts do not have such a file, hence we are manually applying the mergeOperation here. - finalHelmValues, err := istiovalues.ApplyUserValues(helm.FromValues(mergedHelmValues), helm.FromValues(userValues.ZTunnel)) - if err != nil { - return fmt.Errorf("failed to apply user overrides: %w", err) - } - - _, err = r.ChartManager.UpgradeOrInstallChart( - ctx, r.Config.ResourceFS, r.getChartPath(version), finalHelmValues, ztunnel.Spec.Namespace, ztunnelChart, &ownerReference) - if err != nil { - return fmt.Errorf("failed to install/update Helm chart %q: %w", ztunnelChart, err) - } - return nil + return ztunnelReconciler.Install(ctx, ztunnel.Spec.Version, ztunnel.Spec.Namespace, ztunnel.Spec.Values, &ownerReference) } -func (r *Reconciler) getChartPath(version string) string { - return path.Join(version, "charts", ztunnelChart) -} - -func applyImageDigests(version string, values *v1.ZTunnelValues, config config.OperatorConfig) *v1.ZTunnelValues { - imageDigests, digestsDefined := config.ImageDigests[version] - // if we don't have default image digests defined for this version, it's a no-op - if !digestsDefined { - return values - } - - // if a global hub or tag value is configured by the user, don't set image digests - if values != nil && values.Global != nil && (values.Global.Hub != nil || values.Global.Tag != nil) { - return values - } - - if values == nil { - values = &v1.ZTunnelValues{} - } - - // set image digest unless any part of the image has been configured by the user - if values.ZTunnel == nil { - values.ZTunnel = &v1.ZTunnelConfig{} - } - if values.ZTunnel.Image == nil && values.ZTunnel.Hub == nil && values.ZTunnel.Tag == nil { - values.ZTunnel.Image = &imageDigests.ZTunnelImage - } - return values -} - -func (r *Reconciler) uninstallHelmChart(ctx context.Context, ztunnel *v1.ZTunnel) error { - _, err := r.ChartManager.UninstallChart(ctx, ztunnelChart, ztunnel.Spec.Namespace) - if err != nil { - return fmt.Errorf("failed to uninstall Helm chart %q: %w", ztunnelChart, err) - } - return nil +func (r *Reconciler) newZTunnelReconciler() *sharedreconcile.ZTunnelReconciler { + return sharedreconcile.NewZTunnelReconciler(sharedreconcile.Config{ + ResourceFS: r.Config.ResourceFS, + Platform: r.Config.Platform, + DefaultProfile: r.Config.DefaultProfile, + OperatorNamespace: r.Config.OperatorNamespace, + ChartManager: r.ChartManager, + }, r.Client) } // SetupWithManager sets up the controller with the Manager. diff --git a/controllers/ztunnel/ztunnel_controller_test.go b/controllers/ztunnel/ztunnel_controller_test.go index df879ac68..6e41b4eb1 100644 --- a/controllers/ztunnel/ztunnel_controller_test.go +++ b/controllers/ztunnel/ztunnel_controller_test.go @@ -25,6 +25,7 @@ import ( v1 "github.com/istio-ecosystem/sail-operator/api/v1" "github.com/istio-ecosystem/sail-operator/pkg/config" "github.com/istio-ecosystem/sail-operator/pkg/istioversion" + sharedreconcile "github.com/istio-ecosystem/sail-operator/pkg/reconcile" "github.com/istio-ecosystem/sail-operator/pkg/scheme" . "github.com/onsi/gomega" appsv1 "k8s.io/api/apps/v1" @@ -81,7 +82,7 @@ func TestValidate(t *testing.T) { }, }, objects: []client.Object{ns}, - expectErr: "spec.version not set", + expectErr: "version not set", }, { name: "no namespace", @@ -94,7 +95,7 @@ func TestValidate(t *testing.T) { }, }, objects: []client.Object{ns}, - expectErr: "spec.namespace not set", + expectErr: "namespace not set", }, { name: "namespace not found", @@ -139,9 +140,14 @@ func TestValidate(t *testing.T) { t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) cl := fake.NewClientBuilder().WithScheme(scheme.Scheme).WithObjects(tc.objects...).Build() - r := NewReconciler(cfg, cl, scheme.Scheme, nil) + ztunnelReconciler := sharedreconcile.NewZTunnelReconciler(sharedreconcile.Config{ + ResourceFS: cfg.ResourceFS, + Platform: cfg.Platform, + DefaultProfile: cfg.DefaultProfile, + OperatorNamespace: cfg.OperatorNamespace, + }, cl) - err := r.validate(context.TODO(), tc.ztunnel) + err := ztunnelReconciler.Validate(context.TODO(), tc.ztunnel.Spec.Version, tc.ztunnel.Spec.Namespace) if tc.expectErr == "" { g.Expect(err).ToNot(HaveOccurred()) } else { @@ -519,7 +525,7 @@ func TestApplyImageDigests(t *testing.T) { } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { - result := applyImageDigests(tc.input.Spec.Version, tc.input.Spec.Values, tc.config) + result := sharedreconcile.ApplyZTunnelImageDigests(tc.input.Spec.Version, tc.input.Spec.Values, tc.config) if diff := cmp.Diff(tc.expectValues, result); diff != "" { t.Errorf("unexpected merge result; diff (-expected, +actual):\n%v", diff) } diff --git a/pkg/reconcile/cni.go b/pkg/reconcile/cni.go new file mode 100644 index 000000000..e86f51922 --- /dev/null +++ b/pkg/reconcile/cni.go @@ -0,0 +1,158 @@ +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reconcile + +import ( + "context" + "fmt" + + v1 "github.com/istio-ecosystem/sail-operator/api/v1" + "github.com/istio-ecosystem/sail-operator/pkg/config" + "github.com/istio-ecosystem/sail-operator/pkg/helm" + "github.com/istio-ecosystem/sail-operator/pkg/istiovalues" + "github.com/istio-ecosystem/sail-operator/pkg/istioversion" + "github.com/istio-ecosystem/sail-operator/pkg/reconciler" + "github.com/istio-ecosystem/sail-operator/pkg/validation" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +const ( + cniReleaseName = "istio-cni" + cniChartName = "cni" +) + +// CNIReconciler handles reconciliation of the istio-cni component. +type CNIReconciler struct { + cfg Config + client client.Client +} + +// NewCNIReconciler creates a new CNIReconciler. +func NewCNIReconciler(cfg Config, client client.Client) *CNIReconciler { + return &CNIReconciler{ + cfg: cfg, + client: client, + } +} + +// Validate performs general validation of the CNI specification. +// This includes basic field validation and Kubernetes API checks (namespace exists). +func (r *CNIReconciler) Validate(ctx context.Context, version, namespace string) error { + if version == "" { + return reconciler.NewValidationError("version not set") + } + if namespace == "" { + return reconciler.NewValidationError("namespace not set") + } + + // Validate target namespace exists + if err := validation.ValidateTargetNamespace(ctx, r.client, namespace); err != nil { + return err + } + + return nil +} + +// ComputeValues computes the final Helm values by applying digests, vendor defaults, and profiles. +func (r *CNIReconciler) ComputeValues(version string, userValues *v1.CNIValues, profile string) (helm.Values, error) { + resolvedVersion, err := istioversion.Resolve(version) + if err != nil { + return nil, fmt.Errorf("failed to resolve CNI version: %w", err) + } + + // Apply image digests from configuration, if not already set by user + userValues = ApplyCNIImageDigests(resolvedVersion, userValues, config.Config) + + // Apply vendor-specific default values + userValues, err = istiovalues.ApplyIstioCNIVendorDefaults(resolvedVersion, userValues) + if err != nil { + return nil, fmt.Errorf("failed to apply vendor defaults: %w", err) + } + + // Apply userValues on top of defaultValues from profiles + mergedHelmValues, err := istiovalues.ApplyProfilesAndPlatform( + r.cfg.ResourceFS, resolvedVersion, r.cfg.Platform, r.cfg.DefaultProfile, profile, helm.FromValues(userValues)) + if err != nil { + return nil, fmt.Errorf("failed to apply profile: %w", err) + } + + return mergedHelmValues, nil +} + +// Install installs or upgrades the istio-cni Helm chart. +func (r *CNIReconciler) Install(ctx context.Context, version, namespace string, values *v1.CNIValues, profile string, ownerRef *metav1.OwnerReference) error { + mergedHelmValues, err := r.ComputeValues(version, values, profile) + if err != nil { + return err + } + + resolvedVersion, err := istioversion.Resolve(version) + if err != nil { + return fmt.Errorf("failed to resolve CNI version: %w", err) + } + + chartPath := GetChartPath(resolvedVersion, cniChartName) + _, err = r.cfg.ChartManager.UpgradeOrInstallChart( + ctx, + r.cfg.ResourceFS, + chartPath, + mergedHelmValues, + namespace, + cniReleaseName, + ownerRef, + ) + if err != nil { + return fmt.Errorf("failed to install/update Helm chart %q: %w", cniChartName, err) + } + return nil +} + +// Uninstall removes the istio-cni Helm chart. +func (r *CNIReconciler) Uninstall(ctx context.Context, namespace string) error { + _, err := r.cfg.ChartManager.UninstallChart(ctx, cniReleaseName, namespace) + if err != nil { + return fmt.Errorf("failed to uninstall Helm chart %q: %w", cniChartName, err) + } + return nil +} + +// ApplyCNIImageDigests applies image digests to CNI values if not already set by user. +// This function is exported for use by the controller and library. +func ApplyCNIImageDigests(version string, values *v1.CNIValues, cfg config.OperatorConfig) *v1.CNIValues { + imageDigests, digestsDefined := cfg.ImageDigests[version] + // if we don't have default image digests defined for this version, it's a no-op + if !digestsDefined { + return values + } + + // if a global hub or tag value is configured by the user, don't set image digests + if values != nil && values.Global != nil && (values.Global.Hub != nil || values.Global.Tag != nil) { + return values + } + + if values == nil { + values = &v1.CNIValues{} + } + + // set image digest unless any part of the image has been configured by the user + if values.Cni == nil { + values.Cni = &v1.CNIConfig{} + } + if values.Cni.Image == nil && values.Cni.Hub == nil && values.Cni.Tag == nil { + values.Cni.Image = &imageDigests.CNIImage + } + return values +} diff --git a/pkg/reconcile/cni_test.go b/pkg/reconcile/cni_test.go new file mode 100644 index 000000000..5a62022d3 --- /dev/null +++ b/pkg/reconcile/cni_test.go @@ -0,0 +1,183 @@ +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reconcile + +import ( + "context" + "testing" + + v1 "github.com/istio-ecosystem/sail-operator/api/v1" + "github.com/istio-ecosystem/sail-operator/pkg/config" + "github.com/istio-ecosystem/sail-operator/pkg/reconciler" + "github.com/istio-ecosystem/sail-operator/pkg/scheme" + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + "istio.io/istio/pkg/ptr" +) + +func TestCNIReconciler_Validate(t *testing.T) { + ns := &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: "istio-system", + }, + } + + tests := []struct { + name string + version string + namespace string + nsExists bool + wantErr bool + errContains string + }{ + { + name: "missing version", + version: "", + namespace: "istio-system", + nsExists: true, + wantErr: true, + errContains: "version not set", + }, + { + name: "missing namespace", + version: "v1.24.0", + namespace: "", + nsExists: true, + wantErr: true, + errContains: "namespace not set", + }, + { + name: "namespace not found", + version: "v1.24.0", + namespace: "istio-system", + nsExists: false, + wantErr: true, + errContains: `namespace "istio-system" doesn't exist`, + }, + { + name: "valid", + version: "v1.24.0", + namespace: "istio-system", + nsExists: true, + wantErr: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + clientBuilder := fake.NewClientBuilder().WithScheme(scheme.Scheme) + if tt.nsExists { + clientBuilder = clientBuilder.WithObjects(ns) + } + cl := clientBuilder.Build() + + r := NewCNIReconciler(Config{}, cl) + err := r.Validate(context.Background(), tt.version, tt.namespace) + + if tt.wantErr { + assert.Error(t, err) + assert.True(t, reconciler.IsValidationError(err), "expected validation error") + if tt.errContains != "" { + assert.Contains(t, err.Error(), tt.errContains) + } + } else { + assert.NoError(t, err) + } + }) + } +} + +func TestApplyCNIImageDigests(t *testing.T) { + tests := []struct { + name string + version string + values *v1.CNIValues + config config.OperatorConfig + expected *v1.CNIValues + }{ + { + name: "no digests defined", + version: "v1.24.0", + values: nil, + config: config.OperatorConfig{ + ImageDigests: map[string]config.IstioImageConfig{}, + }, + expected: nil, + }, + { + name: "applies digest when values is nil", + version: "v1.24.0", + values: nil, + config: config.OperatorConfig{ + ImageDigests: map[string]config.IstioImageConfig{ + "v1.24.0": {CNIImage: "istio/cni@sha256:abc123"}, + }, + }, + expected: &v1.CNIValues{ + Cni: &v1.CNIConfig{ + Image: ptr.Of("istio/cni@sha256:abc123"), + }, + }, + }, + { + name: "does not override user-set global hub", + version: "v1.24.0", + values: &v1.CNIValues{ + Global: &v1.CNIGlobalConfig{ + Hub: ptr.Of("my-registry.io"), + }, + }, + config: config.OperatorConfig{ + ImageDigests: map[string]config.IstioImageConfig{ + "v1.24.0": {CNIImage: "istio/cni@sha256:abc123"}, + }, + }, + expected: &v1.CNIValues{ + Global: &v1.CNIGlobalConfig{ + Hub: ptr.Of("my-registry.io"), + }, + }, + }, + { + name: "does not override user-set image", + version: "v1.24.0", + values: &v1.CNIValues{ + Cni: &v1.CNIConfig{ + Image: ptr.Of("my-custom-image"), + }, + }, + config: config.OperatorConfig{ + ImageDigests: map[string]config.IstioImageConfig{ + "v1.24.0": {CNIImage: "istio/cni@sha256:abc123"}, + }, + }, + expected: &v1.CNIValues{ + Cni: &v1.CNIConfig{ + Image: ptr.Of("my-custom-image"), + }, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := ApplyCNIImageDigests(tt.version, tt.values, tt.config) + assert.Equal(t, tt.expected, result) + }) + } +} diff --git a/pkg/reconcile/common.go b/pkg/reconcile/common.go new file mode 100644 index 000000000..047cc835a --- /dev/null +++ b/pkg/reconcile/common.go @@ -0,0 +1,51 @@ +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package reconcile provides shared reconciliation logic for Istio components. +// It is used by both the operator controllers and the install library to ensure +// consistent behavior across different deployment modes. +package reconcile + +import ( + "io/fs" + "path" + + "github.com/istio-ecosystem/sail-operator/pkg/config" + "github.com/istio-ecosystem/sail-operator/pkg/helm" +) + +// Config holds configuration needed for component reconciliation. +// It contains all the dependencies required by reconcilers to validate, +// compute values, and install Helm charts. +type Config struct { + // ResourceFS is the filesystem containing Istio charts and profiles + ResourceFS fs.FS + + // Platform is the target Kubernetes platform (e.g., OpenShift, vanilla Kubernetes) + Platform config.Platform + + // DefaultProfile is the base profile applied before user-selected profiles + DefaultProfile string + + // OperatorNamespace is the namespace where the operator is running + OperatorNamespace string + + // ChartManager handles Helm chart installation and upgrades + ChartManager *helm.ChartManager +} + +// GetChartPath returns the path to a chart for a given version. +func GetChartPath(version, chartName string) string { + return path.Join(version, "charts", chartName) +} diff --git a/pkg/reconcile/common_test.go b/pkg/reconcile/common_test.go new file mode 100644 index 000000000..f2f7f3dc2 --- /dev/null +++ b/pkg/reconcile/common_test.go @@ -0,0 +1,47 @@ +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reconcile + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestGetChartPath(t *testing.T) { + tests := []struct { + version string + chartName string + expected string + }{ + { + version: "v1.24.0", + chartName: "istiod", + expected: "v1.24.0/charts/istiod", + }, + { + version: "v1.23.0", + chartName: "base", + expected: "v1.23.0/charts/base", + }, + } + + for _, tt := range tests { + t.Run(tt.version+"-"+tt.chartName, func(t *testing.T) { + result := GetChartPath(tt.version, tt.chartName) + assert.Equal(t, tt.expected, result) + }) + } +} diff --git a/pkg/reconcile/istiod.go b/pkg/reconcile/istiod.go new file mode 100644 index 000000000..752b91f6a --- /dev/null +++ b/pkg/reconcile/istiod.go @@ -0,0 +1,138 @@ +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reconcile + +import ( + "context" + "fmt" + + v1 "github.com/istio-ecosystem/sail-operator/api/v1" + "github.com/istio-ecosystem/sail-operator/pkg/constants" + "github.com/istio-ecosystem/sail-operator/pkg/helm" + "github.com/istio-ecosystem/sail-operator/pkg/reconciler" + "github.com/istio-ecosystem/sail-operator/pkg/validation" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +// IstiodReconciler handles reconciliation of the istiod component. +type IstiodReconciler struct { + cfg Config + client client.Client +} + +// NewIstiodReconciler creates a new IstiodReconciler. +func NewIstiodReconciler(cfg Config, client client.Client) *IstiodReconciler { + return &IstiodReconciler{ + cfg: cfg, + client: client, + } +} + +// Validate performs general validation of the istiod specification. +// This includes basic field validation and Kubernetes API checks (namespace exists). +// CRD-specific validations (revision name consistency, IstioRevisionTag conflicts) +// should be performed by the controller before calling this method. +func (r *IstiodReconciler) Validate(ctx context.Context, version, namespace string, values *v1.Values) error { + if version == "" { + return reconciler.NewValidationError("version not set") + } + if namespace == "" { + return reconciler.NewValidationError("namespace not set") + } + if values == nil { + return reconciler.NewValidationError("values not set") + } + + // Validate target namespace exists + if err := validation.ValidateTargetNamespace(ctx, r.client, namespace); err != nil { + return err + } + + return nil +} + +// Install installs or upgrades the istiod Helm charts. +func (r *IstiodReconciler) Install( + ctx context.Context, + version, namespace string, + values *v1.Values, + revisionName string, + ownerRef *metav1.OwnerReference, +) error { + helmValues := helm.FromValues(values) + + // Install istiod chart + istiodChartPath := GetChartPath(version, constants.IstiodChartName) + istiodReleaseName := getReleaseName(revisionName, constants.IstiodChartName) + + _, err := r.cfg.ChartManager.UpgradeOrInstallChart( + ctx, + r.cfg.ResourceFS, + istiodChartPath, + helmValues, + namespace, + istiodReleaseName, + ownerRef, + ) + if err != nil { + return fmt.Errorf("failed to install/update Helm chart %q: %w", constants.IstiodChartName, err) + } + + // Install base chart for default revision + if revisionName == v1.DefaultRevision { + baseChartPath := GetChartPath(version, constants.BaseChartName) + baseReleaseName := getReleaseName(revisionName, constants.BaseChartName) + + _, err := r.cfg.ChartManager.UpgradeOrInstallChart( + ctx, + r.cfg.ResourceFS, + baseChartPath, + helmValues, + r.cfg.OperatorNamespace, + baseReleaseName, + ownerRef, + ) + if err != nil { + return fmt.Errorf("failed to install/update Helm chart %q: %w", constants.BaseChartName, err) + } + } + + return nil +} + +// Uninstall removes the istiod Helm charts. +func (r *IstiodReconciler) Uninstall(ctx context.Context, namespace, revisionName string) error { + // Uninstall istiod chart + istiodReleaseName := getReleaseName(revisionName, constants.IstiodChartName) + if _, err := r.cfg.ChartManager.UninstallChart(ctx, istiodReleaseName, namespace); err != nil { + return fmt.Errorf("failed to uninstall Helm chart %q: %w", constants.IstiodChartName, err) + } + + // Uninstall base chart for default revision + if revisionName == v1.DefaultRevision { + baseReleaseName := getReleaseName(revisionName, constants.BaseChartName) + if _, err := r.cfg.ChartManager.UninstallChart(ctx, baseReleaseName, r.cfg.OperatorNamespace); err != nil { + return fmt.Errorf("failed to uninstall Helm chart %q: %w", constants.BaseChartName, err) + } + } + + return nil +} + +// getReleaseName returns the Helm release name for a given revision and chart. +func getReleaseName(revisionName, chartName string) string { + return fmt.Sprintf("%s-%s", revisionName, chartName) +} diff --git a/pkg/reconcile/istiod_test.go b/pkg/reconcile/istiod_test.go new file mode 100644 index 000000000..4f7185856 --- /dev/null +++ b/pkg/reconcile/istiod_test.go @@ -0,0 +1,155 @@ +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reconcile + +import ( + "context" + "testing" + + v1 "github.com/istio-ecosystem/sail-operator/api/v1" + "github.com/istio-ecosystem/sail-operator/pkg/reconciler" + "github.com/istio-ecosystem/sail-operator/pkg/scheme" + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + "istio.io/istio/pkg/ptr" +) + +func TestIstiodReconciler_Validate(t *testing.T) { + ns := &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: "istio-system", + }, + } + + tests := []struct { + name string + version string + namespace string + values *v1.Values + nsExists bool + wantErr bool + errContains string + }{ + { + name: "missing version", + version: "", + namespace: "istio-system", + values: &v1.Values{}, + nsExists: true, + wantErr: true, + errContains: "version not set", + }, + { + name: "missing namespace", + version: "v1.24.0", + namespace: "", + values: &v1.Values{}, + nsExists: true, + wantErr: true, + errContains: "namespace not set", + }, + { + name: "missing values", + version: "v1.24.0", + namespace: "istio-system", + values: nil, + nsExists: true, + wantErr: true, + errContains: "values not set", + }, + { + name: "namespace not found", + version: "v1.24.0", + namespace: "istio-system", + values: &v1.Values{ + Global: &v1.GlobalConfig{ + IstioNamespace: ptr.Of("istio-system"), + }, + }, + nsExists: false, + wantErr: true, + errContains: `namespace "istio-system" doesn't exist`, + }, + { + name: "valid", + version: "v1.24.0", + namespace: "istio-system", + values: &v1.Values{ + Global: &v1.GlobalConfig{ + IstioNamespace: ptr.Of("istio-system"), + }, + }, + nsExists: true, + wantErr: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + clientBuilder := fake.NewClientBuilder().WithScheme(scheme.Scheme) + if tt.nsExists { + clientBuilder = clientBuilder.WithObjects(ns) + } + cl := clientBuilder.Build() + + r := NewIstiodReconciler(Config{}, cl) + err := r.Validate(context.Background(), tt.version, tt.namespace, tt.values) + + if tt.wantErr { + assert.Error(t, err) + assert.True(t, reconciler.IsValidationError(err), "expected validation error") + if tt.errContains != "" { + assert.Contains(t, err.Error(), tt.errContains) + } + } else { + assert.NoError(t, err) + } + }) + } +} + +func Test_getReleaseName(t *testing.T) { + tests := []struct { + revisionName string + chartName string + expected string + }{ + { + revisionName: "default", + chartName: "istiod", + expected: "default-istiod", + }, + { + revisionName: "canary", + chartName: "istiod", + expected: "canary-istiod", + }, + { + revisionName: "default", + chartName: "base", + expected: "default-base", + }, + } + + for _, tt := range tests { + t.Run(tt.revisionName+"-"+tt.chartName, func(t *testing.T) { + result := getReleaseName(tt.revisionName, tt.chartName) + assert.Equal(t, tt.expected, result) + }) + } +} diff --git a/pkg/reconcile/ztunnel.go b/pkg/reconcile/ztunnel.go new file mode 100644 index 000000000..11712279e --- /dev/null +++ b/pkg/reconcile/ztunnel.go @@ -0,0 +1,166 @@ +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reconcile + +import ( + "context" + "fmt" + + v1 "github.com/istio-ecosystem/sail-operator/api/v1" + "github.com/istio-ecosystem/sail-operator/pkg/config" + "github.com/istio-ecosystem/sail-operator/pkg/helm" + "github.com/istio-ecosystem/sail-operator/pkg/istiovalues" + "github.com/istio-ecosystem/sail-operator/pkg/istioversion" + "github.com/istio-ecosystem/sail-operator/pkg/reconciler" + "github.com/istio-ecosystem/sail-operator/pkg/validation" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +const ( + ztunnelReleaseName = "ztunnel" + ztunnelChartName = "ztunnel" + ztunnelProfile = "ambient" +) + +// ZTunnelReconciler handles reconciliation of the ztunnel component. +type ZTunnelReconciler struct { + cfg Config + client client.Client +} + +// NewZTunnelReconciler creates a new ZTunnelReconciler. +func NewZTunnelReconciler(cfg Config, client client.Client) *ZTunnelReconciler { + return &ZTunnelReconciler{ + cfg: cfg, + client: client, + } +} + +// Validate performs general validation of the ZTunnel specification. +// This includes basic field validation and Kubernetes API checks (namespace exists). +func (r *ZTunnelReconciler) Validate(ctx context.Context, version, namespace string) error { + if version == "" { + return reconciler.NewValidationError("version not set") + } + if namespace == "" { + return reconciler.NewValidationError("namespace not set") + } + + // Validate target namespace exists + if err := validation.ValidateTargetNamespace(ctx, r.client, namespace); err != nil { + return err + } + + return nil +} + +// ComputeValues computes the final Helm values by applying digests, profiles, and user overrides. +func (r *ZTunnelReconciler) ComputeValues(version string, userValues *v1.ZTunnelValues) (helm.Values, error) { + resolvedVersion, err := istioversion.Resolve(version) + if err != nil { + return nil, fmt.Errorf("failed to resolve ZTunnel version: %w", err) + } + + if userValues == nil { + userValues = &v1.ZTunnelValues{} + } + + // Apply image digests from configuration, if not already set by user + userValues = ApplyZTunnelImageDigests(resolvedVersion, userValues, config.Config) + + // Apply userValues on top of defaultValues from profiles + mergedHelmValues, err := istiovalues.ApplyProfilesAndPlatform( + r.cfg.ResourceFS, resolvedVersion, r.cfg.Platform, r.cfg.DefaultProfile, ztunnelProfile, helm.FromValues(userValues)) + if err != nil { + return nil, fmt.Errorf("failed to apply profile: %w", err) + } + + // Apply any user Overrides configured as part of values.ztunnel + // This step was not required for the IstioCNI resource because the Helm templates[*] automatically override values.cni + // [*]https://github.com/istio/istio/blob/0200fd0d4c3963a72f36987c2e8c2887df172abf/manifests/charts/istio-cni/templates/zzy_descope_legacy.yaml#L3 + // However, ztunnel charts do not have such a file, hence we are manually applying the mergeOperation here. + finalHelmValues, err := istiovalues.ApplyUserValues(helm.FromValues(mergedHelmValues), helm.FromValues(userValues.ZTunnel)) + if err != nil { + return nil, fmt.Errorf("failed to apply user overrides: %w", err) + } + + return finalHelmValues, nil +} + +// Install installs or upgrades the ztunnel Helm chart. +func (r *ZTunnelReconciler) Install(ctx context.Context, version, namespace string, values *v1.ZTunnelValues, ownerRef *metav1.OwnerReference) error { + finalHelmValues, err := r.ComputeValues(version, values) + if err != nil { + return err + } + + resolvedVersion, err := istioversion.Resolve(version) + if err != nil { + return fmt.Errorf("failed to resolve ZTunnel version: %w", err) + } + + chartPath := GetChartPath(resolvedVersion, ztunnelChartName) + _, err = r.cfg.ChartManager.UpgradeOrInstallChart( + ctx, + r.cfg.ResourceFS, + chartPath, + finalHelmValues, + namespace, + ztunnelReleaseName, + ownerRef, + ) + if err != nil { + return fmt.Errorf("failed to install/update Helm chart %q: %w", ztunnelChartName, err) + } + return nil +} + +// Uninstall removes the ztunnel Helm chart. +func (r *ZTunnelReconciler) Uninstall(ctx context.Context, namespace string) error { + _, err := r.cfg.ChartManager.UninstallChart(ctx, ztunnelReleaseName, namespace) + if err != nil { + return fmt.Errorf("failed to uninstall Helm chart %q: %w", ztunnelChartName, err) + } + return nil +} + +// ApplyZTunnelImageDigests applies image digests to ZTunnel values if not already set by user. +// This function is exported for use by the controller and library. +func ApplyZTunnelImageDigests(version string, values *v1.ZTunnelValues, cfg config.OperatorConfig) *v1.ZTunnelValues { + imageDigests, digestsDefined := cfg.ImageDigests[version] + // if we don't have default image digests defined for this version, it's a no-op + if !digestsDefined { + return values + } + + // if a global hub or tag value is configured by the user, don't set image digests + if values != nil && values.Global != nil && (values.Global.Hub != nil || values.Global.Tag != nil) { + return values + } + + if values == nil { + values = &v1.ZTunnelValues{} + } + + // set image digest unless any part of the image has been configured by the user + if values.ZTunnel == nil { + values.ZTunnel = &v1.ZTunnelConfig{} + } + if values.ZTunnel.Image == nil && values.ZTunnel.Hub == nil && values.ZTunnel.Tag == nil { + values.ZTunnel.Image = &imageDigests.ZTunnelImage + } + return values +} diff --git a/pkg/reconcile/ztunnel_test.go b/pkg/reconcile/ztunnel_test.go new file mode 100644 index 000000000..d0164c71a --- /dev/null +++ b/pkg/reconcile/ztunnel_test.go @@ -0,0 +1,183 @@ +// Copyright Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reconcile + +import ( + "context" + "testing" + + v1 "github.com/istio-ecosystem/sail-operator/api/v1" + "github.com/istio-ecosystem/sail-operator/pkg/config" + "github.com/istio-ecosystem/sail-operator/pkg/reconciler" + "github.com/istio-ecosystem/sail-operator/pkg/scheme" + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + "istio.io/istio/pkg/ptr" +) + +func TestZTunnelReconciler_Validate(t *testing.T) { + ns := &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: "istio-system", + }, + } + + tests := []struct { + name string + version string + namespace string + nsExists bool + wantErr bool + errContains string + }{ + { + name: "missing version", + version: "", + namespace: "istio-system", + nsExists: true, + wantErr: true, + errContains: "version not set", + }, + { + name: "missing namespace", + version: "v1.24.0", + namespace: "", + nsExists: true, + wantErr: true, + errContains: "namespace not set", + }, + { + name: "namespace not found", + version: "v1.24.0", + namespace: "istio-system", + nsExists: false, + wantErr: true, + errContains: `namespace "istio-system" doesn't exist`, + }, + { + name: "valid", + version: "v1.24.0", + namespace: "istio-system", + nsExists: true, + wantErr: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + clientBuilder := fake.NewClientBuilder().WithScheme(scheme.Scheme) + if tt.nsExists { + clientBuilder = clientBuilder.WithObjects(ns) + } + cl := clientBuilder.Build() + + r := NewZTunnelReconciler(Config{}, cl) + err := r.Validate(context.Background(), tt.version, tt.namespace) + + if tt.wantErr { + assert.Error(t, err) + assert.True(t, reconciler.IsValidationError(err), "expected validation error") + if tt.errContains != "" { + assert.Contains(t, err.Error(), tt.errContains) + } + } else { + assert.NoError(t, err) + } + }) + } +} + +func TestApplyZTunnelImageDigests(t *testing.T) { + tests := []struct { + name string + version string + values *v1.ZTunnelValues + config config.OperatorConfig + expected *v1.ZTunnelValues + }{ + { + name: "no digests defined", + version: "v1.24.0", + values: nil, + config: config.OperatorConfig{ + ImageDigests: map[string]config.IstioImageConfig{}, + }, + expected: nil, + }, + { + name: "applies digest when values is nil", + version: "v1.24.0", + values: nil, + config: config.OperatorConfig{ + ImageDigests: map[string]config.IstioImageConfig{ + "v1.24.0": {ZTunnelImage: "istio/ztunnel@sha256:abc123"}, + }, + }, + expected: &v1.ZTunnelValues{ + ZTunnel: &v1.ZTunnelConfig{ + Image: ptr.Of("istio/ztunnel@sha256:abc123"), + }, + }, + }, + { + name: "does not override user-set global hub", + version: "v1.24.0", + values: &v1.ZTunnelValues{ + Global: &v1.ZTunnelGlobalConfig{ + Hub: ptr.Of("my-registry.io"), + }, + }, + config: config.OperatorConfig{ + ImageDigests: map[string]config.IstioImageConfig{ + "v1.24.0": {ZTunnelImage: "istio/ztunnel@sha256:abc123"}, + }, + }, + expected: &v1.ZTunnelValues{ + Global: &v1.ZTunnelGlobalConfig{ + Hub: ptr.Of("my-registry.io"), + }, + }, + }, + { + name: "does not override user-set image", + version: "v1.24.0", + values: &v1.ZTunnelValues{ + ZTunnel: &v1.ZTunnelConfig{ + Image: ptr.Of("my-custom-image"), + }, + }, + config: config.OperatorConfig{ + ImageDigests: map[string]config.IstioImageConfig{ + "v1.24.0": {ZTunnelImage: "istio/ztunnel@sha256:abc123"}, + }, + }, + expected: &v1.ZTunnelValues{ + ZTunnel: &v1.ZTunnelConfig{ + Image: ptr.Of("my-custom-image"), + }, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := ApplyZTunnelImageDigests(tt.version, tt.values, tt.config) + assert.Equal(t, tt.expected, result) + }) + } +} From 360205ef037fd0c38aa40be1d0c1435fe6a0f891 Mon Sep 17 00:00:00 2001 From: Aslak Knutsen Date: Fri, 6 Feb 2026 18:01:50 +0100 Subject: [PATCH 31/40] feat(helm): add RenderChart functions for template rendering (#1575) Adds RenderChart() and RenderLoadedChart() to render Helm chart templates without cluster access. This enables extracting resource types from charts for watch setup in the install library. Co-authored-by: Cursor noreply@cursor.com Signed-off-by: Aslak Knutsen --- pkg/helm/fsloader.go | 39 +++++++++++++++++++++++++++++++++++++++ pkg/helm/fsloader_test.go | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) diff --git a/pkg/helm/fsloader.go b/pkg/helm/fsloader.go index af95c94bb..b382e2cef 100644 --- a/pkg/helm/fsloader.go +++ b/pkg/helm/fsloader.go @@ -21,6 +21,8 @@ import ( "helm.sh/helm/v3/pkg/chart" chartLoader "helm.sh/helm/v3/pkg/chart/loader" + "helm.sh/helm/v3/pkg/chartutil" + "helm.sh/helm/v3/pkg/engine" ) // LoadChart loads a Helm chart from an fs.FS at the specified path. @@ -72,3 +74,40 @@ func LoadChart(resourceFS fs.FS, chartPath string) (*chart.Chart, error) { return loadedChart, nil } + +// RenderChart renders a Helm chart's templates with the provided values. +// This does not require cluster access - it's a pure template rendering operation. +// Returns a map of template name to rendered content. +func RenderChart(resourceFS fs.FS, chartPath string, values Values, namespace, releaseName string) (map[string]string, error) { + loadedChart, err := LoadChart(resourceFS, chartPath) + if err != nil { + return nil, fmt.Errorf("failed to load chart: %w", err) + } + + return RenderLoadedChart(loadedChart, values, namespace, releaseName) +} + +// RenderLoadedChart renders an already-loaded chart's templates with the provided values. +// Returns a map of template name to rendered content. +func RenderLoadedChart(loadedChart *chart.Chart, values Values, namespace, releaseName string) (map[string]string, error) { + // Create release options for rendering + options := chartutil.ReleaseOptions{ + Name: releaseName, + Namespace: namespace, + IsInstall: true, + } + + // Merge values with chart defaults + chartValues, err := chartutil.ToRenderValues(loadedChart, values, options, nil) + if err != nil { + return nil, fmt.Errorf("failed to create render values: %w", err) + } + + // Render templates + rendered, err := engine.Render(loadedChart, chartValues) + if err != nil { + return nil, fmt.Errorf("failed to render chart templates: %w", err) + } + + return rendered, nil +} diff --git a/pkg/helm/fsloader_test.go b/pkg/helm/fsloader_test.go index 35d55785e..04947ab85 100644 --- a/pkg/helm/fsloader_test.go +++ b/pkg/helm/fsloader_test.go @@ -15,11 +15,43 @@ package helm import ( + "maps" "os" + "strings" "testing" "testing/fstest" ) +func TestRenderChart(t *testing.T) { + testFS := os.DirFS("testdata") + + t.Run("renders template with values", func(t *testing.T) { + rendered, err := RenderChart(testFS, "chart", Values{"value": "hello"}, "test-ns", "my-release") + if err != nil { + t.Fatalf("expected no error, got: %v", err) + } + + cm, ok := rendered["test-chart/templates/configmap.yaml"] + if !ok { + t.Fatalf("expected configmap template in output, got keys: %v", maps.Keys(rendered)) + } + + if !strings.Contains(cm, "namespace: test-ns") { + t.Errorf("expected namespace 'test-ns' in rendered output, got:\n%s", cm) + } + if !strings.Contains(cm, `value: "hello"`) { + t.Errorf("expected value 'hello' in rendered output, got:\n%s", cm) + } + }) + + t.Run("returns error for missing chart", func(t *testing.T) { + _, err := RenderChart(testFS, "nonexistent", nil, "ns", "rel") + if err == nil { + t.Fatal("expected error for non-existent chart path") + } + }) +} + func TestLoadChart(t *testing.T) { testFS := os.DirFS("testdata") From e07e2a0fee76ed2ee0891124436b7b04b5698c41 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Sat, 7 Feb 2026 00:38:49 -0500 Subject: [PATCH 32/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1576) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 2 +- go.sum | 4 +-- pkg/istioversion/versions.yaml | 18 ++++++------ ...afcdee1515729cd8b16b30ea6ec62078c.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...afcdee1515729cd8b16b30ea6ec62078c.tgz.etag | 1 + resources/v1.30-alpha.2c4ef39a/commit | 1 + ...afcdee1515729cd8b16b30ea6ec62078c.tgz.etag | 1 + ...afcdee1515729cd8b16b30ea6ec62078c.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...afcdee1515729cd8b16b30ea6ec62078c.tgz.etag | 1 + ...d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag | 1 - ...d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag | 1 - resources/v1.30-alpha.d9e77b1d/commit | 1 - ...d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag | 1 - ...d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag | 1 - ...d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag | 1 - 221 files changed, 92 insertions(+), 92 deletions(-) create mode 100644 resources/v1.30-alpha.2c4ef39a/base-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/README.md (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.2c4ef39a/cni-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag create mode 100644 resources/v1.30-alpha.2c4ef39a/commit create mode 100644 resources/v1.30-alpha.2c4ef39a/gateway-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag create mode 100644 resources/v1.30-alpha.2c4ef39a/istiod-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.d9e77b1d => v1.30-alpha.2c4ef39a}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.2c4ef39a/ztunnel-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag delete mode 100644 resources/v1.30-alpha.d9e77b1d/base-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag delete mode 100644 resources/v1.30-alpha.d9e77b1d/cni-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag delete mode 100644 resources/v1.30-alpha.d9e77b1d/commit delete mode 100644 resources/v1.30-alpha.d9e77b1d/gateway-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag delete mode 100644 resources/v1.30-alpha.d9e77b1d/istiod-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag delete mode 100644 resources/v1.30-alpha.d9e77b1d/ztunnel-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index eceb9e803..b16ff918d 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.d9e77b1d + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.2c4ef39a // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index cbd6ca3ae..70b825f3c 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.d9e77b1d + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.2c4ef39a // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 698d2871f..1354e08ff 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.d9e77b1d. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.d9e77b1d + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.2c4ef39a. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.2c4ef39a Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 98e41c3fe..237e0c863 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.d9e77b1d + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.2c4ef39a // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 569a4a643..0ba32ffb7 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.d9e77b1d + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.2c4ef39a // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 848340342..35b58996b 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-06T05:26:06Z" + createdAt: "2026-02-07T05:19:48Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.d9e77b1d. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.2c4ef39a. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.d9e77b1d + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.d9e77b1d + - v1.30-alpha.2c4ef39a [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_d9e77b1d.cni: gcr.io/istio-testing/install-cni:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 - images.v1_30-alpha_d9e77b1d.istiod: gcr.io/istio-testing/pilot:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 - images.v1_30-alpha_d9e77b1d.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 - images.v1_30-alpha_d9e77b1d.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 + images.v1_30-alpha_2c4ef39a.cni: gcr.io/istio-testing/install-cni:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c + images.v1_30-alpha_2c4ef39a.istiod: gcr.io/istio-testing/pilot:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c + images.v1_30-alpha_2c4ef39a.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c + images.v1_30-alpha_2c4ef39a.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 49a51167f..fd4823535 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.d9e77b1d + - v1.30-alpha.2c4ef39a type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 81b8c7af0..7638663e1 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.d9e77b1d. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.2c4ef39a. enum: - v1.28.3 - v1.28.2 @@ -10164,7 +10164,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.d9e77b1d + - v1.30-alpha.2c4ef39a type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index a9431057c..333073f5f 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. enum: - v1.28-latest - v1.28.3 @@ -10246,7 +10246,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.d9e77b1d + - v1.30-alpha.2c4ef39a type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 6ef1375de..26fbb9965 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.d9e77b1d + - v1.30-alpha.2c4ef39a type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.d9e77b1d + - v1.30-alpha.2c4ef39a type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index d162b6c63..0159820ad 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.d9e77b1d + - v1.30-alpha.2c4ef39a type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index 2ae2e0455..71500fba8 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.d9e77b1d. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.2c4ef39a. enum: - v1.28.3 - v1.28.2 @@ -10164,7 +10164,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.d9e77b1d + - v1.30-alpha.2c4ef39a type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index df418d55d..103ef0b38 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. enum: - v1.28-latest - v1.28.3 @@ -10246,7 +10246,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.d9e77b1d + - v1.30-alpha.2c4ef39a type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index acb31185f..2a7e4ced4 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.d9e77b1d + - v1.30-alpha.2c4ef39a type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.d9e77b1d + - v1.30-alpha.2c4ef39a type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index e858095a3..1a891f0af 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_d9e77b1d.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 - images.v1_30-alpha_d9e77b1d.istiod: gcr.io/istio-testing/pilot:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 - images.v1_30-alpha_d9e77b1d.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 - images.v1_30-alpha_d9e77b1d.cni: gcr.io/istio-testing/install-cni:1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 + images.v1_30-alpha_2c4ef39a.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c + images.v1_30-alpha_2c4ef39a.istiod: gcr.io/istio-testing/pilot:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c + images.v1_30-alpha_2c4ef39a.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c + images.v1_30-alpha_2c4ef39a.cni: gcr.io/istio-testing/install-cni:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.d9e77b1d + - v1.30-alpha.2c4ef39a [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index b82fd7f6d..96cc180c7 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.d9e77b1d] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.2c4ef39a] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.d9e77b1d. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.d9e77b1d] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.2c4ef39a. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.2c4ef39a] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.d9e77b1d] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.2c4ef39a] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3524,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.d9e77b1d] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.2c4ef39a] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3690,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.d9e77b1d. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.d9e77b1d] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.2c4ef39a] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index ac7b27505..61730772f 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260205011149-b3a6b2e28b06 - istio.io/istio v0.0.0-20260206004748-d9e77b1d2c2b + istio.io/istio v0.0.0-20260206200950-2c4ef39afcde k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 diff --git a/go.sum b/go.sum index d8e0ae6c9..cfe9cfa5c 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260205010447-d2bc7d18a337 h1:fTa0j3yQhp5RohEaAa istio.io/api v1.29.0-alpha.0.0.20260205010447-d2bc7d18a337/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260205011149-b3a6b2e28b06 h1:S3ger4fZHVuV61d9HKwUksc2y1vQhtyu4zgVr0lD03M= istio.io/client-go v1.29.0-alpha.0.0.20260205011149-b3a6b2e28b06/go.mod h1:NHEtxuW56GL/RuXXE6NLdzrBURs++EyIp2WSsL9Fpe8= -istio.io/istio v0.0.0-20260206004748-d9e77b1d2c2b h1:+FsCm5e0teyY16nWteUorcx6ytP71fFqFjk9zFwS/ag= -istio.io/istio v0.0.0-20260206004748-d9e77b1d2c2b/go.mod h1:chB5nG8Schg/i9DjAyc3QmiquXbfWDWql7P3bgCETHM= +istio.io/istio v0.0.0-20260206200950-2c4ef39afcde h1:zQlM6RJurrwj1sYI9vrZ0YXZhKyBU10Z7+SZj3fPJ4E= +istio.io/istio v0.0.0-20260206200950-2c4ef39afcde/go.mod h1:chB5nG8Schg/i9DjAyc3QmiquXbfWDWql7P3bgCETHM= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 8f4eea8f7..67427aa66 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.d9e77b1d - - name: v1.30-alpha.d9e77b1d - version: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 + ref: v1.30-alpha.2c4ef39a + - name: v1.30-alpha.2c4ef39a + version: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c repo: https://github.com/istio/istio branch: master - commit: d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 + commit: 2c4ef39afcdee1515729cd8b16b30ea6ec62078c charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165/helm/base-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165/helm/cni-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165/helm/gateway-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165/helm/istiod-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165/helm/ztunnel-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c/helm/base-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c/helm/cni-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c/helm/gateway-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c/helm/istiod-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c/helm/ztunnel-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz diff --git a/resources/v1.30-alpha.2c4ef39a/base-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag b/resources/v1.30-alpha.2c4ef39a/base-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag new file mode 100644 index 000000000..86e91380f --- /dev/null +++ b/resources/v1.30-alpha.2c4ef39a/base-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag @@ -0,0 +1 @@ +0f63fd54a737a955475b2f0bdbf3006f diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/Chart.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.d9e77b1d/charts/base/Chart.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/Chart.yaml index e53c5a15e..75199a55b 100644 --- a/resources/v1.30-alpha.d9e77b1d/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.2c4ef39a/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 +appVersion: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 +version: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/README.md b/resources/v1.30-alpha.2c4ef39a/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/README.md rename to resources/v1.30-alpha.2c4ef39a/charts/base/README.md diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.2c4ef39a/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.2c4ef39a/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/base/values.yaml b/resources/v1.30-alpha.2c4ef39a/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/base/values.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/base/values.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/Chart.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/Chart.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/Chart.yaml index e8fa41228..d02a24972 100644 --- a/resources/v1.30-alpha.d9e77b1d/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.2c4ef39a/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 +appVersion: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 +version: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/README.md b/resources/v1.30-alpha.2c4ef39a/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/README.md rename to resources/v1.30-alpha.2c4ef39a/charts/cni/README.md diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.2c4ef39a/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.2c4ef39a/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/cni/values.yaml b/resources/v1.30-alpha.2c4ef39a/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.d9e77b1d/charts/cni/values.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/cni/values.yaml index f496a308a..556ade9f5 100644 --- a/resources/v1.30-alpha.d9e77b1d/charts/cni/values.yaml +++ b/resources/v1.30-alpha.2c4ef39a/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 + tag: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/Chart.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/Chart.yaml index 31c55a634..191ab9f26 100644 --- a/resources/v1.30-alpha.d9e77b1d/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.2c4ef39a/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 +appVersion: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 +version: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/README.md b/resources/v1.30-alpha.2c4ef39a/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/README.md rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/README.md diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/values.schema.json b/resources/v1.30-alpha.2c4ef39a/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/values.schema.json rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.d9e77b1d/charts/gateway/values.yaml b/resources/v1.30-alpha.2c4ef39a/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/gateway/values.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/Chart.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/Chart.yaml index ba11785e0..4923a242d 100644 --- a/resources/v1.30-alpha.d9e77b1d/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.2c4ef39a/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 +appVersion: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 +version: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/README.md b/resources/v1.30-alpha.2c4ef39a/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/README.md rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/README.md diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/istiod/values.yaml b/resources/v1.30-alpha.2c4ef39a/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.d9e77b1d/charts/istiod/values.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/istiod/values.yaml index f4ba17640..3ffcbae73 100644 --- a/resources/v1.30-alpha.d9e77b1d/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.2c4ef39a/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 + tag: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/Chart.yaml index 0917d45e1..c85466a92 100644 --- a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 +appVersion: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/values.yaml b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.d9e77b1d/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/revisiontags/values.yaml index f4ba17640..3ffcbae73 100644 --- a/resources/v1.30-alpha.d9e77b1d/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 + tag: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/Chart.yaml index 0d0c62b5e..9c9d5d7de 100644 --- a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 +appVersion: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 +version: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/README.md b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/README.md rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/values.yaml b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.d9e77b1d/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.2c4ef39a/charts/ztunnel/values.yaml index b13d1dc40..d7f0f80bd 100644 --- a/resources/v1.30-alpha.d9e77b1d/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 + tag: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.2c4ef39a/cni-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag b/resources/v1.30-alpha.2c4ef39a/cni-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag new file mode 100644 index 000000000..e54fb2c98 --- /dev/null +++ b/resources/v1.30-alpha.2c4ef39a/cni-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag @@ -0,0 +1 @@ +18da1108b063d8565766630010ca7c6a diff --git a/resources/v1.30-alpha.2c4ef39a/commit b/resources/v1.30-alpha.2c4ef39a/commit new file mode 100644 index 000000000..840221355 --- /dev/null +++ b/resources/v1.30-alpha.2c4ef39a/commit @@ -0,0 +1 @@ +2c4ef39afcdee1515729cd8b16b30ea6ec62078c diff --git a/resources/v1.30-alpha.2c4ef39a/gateway-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag b/resources/v1.30-alpha.2c4ef39a/gateway-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag new file mode 100644 index 000000000..e4402e0f1 --- /dev/null +++ b/resources/v1.30-alpha.2c4ef39a/gateway-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag @@ -0,0 +1 @@ +854670fb7f9f769bb67a6c74d67bb070 diff --git a/resources/v1.30-alpha.2c4ef39a/istiod-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag b/resources/v1.30-alpha.2c4ef39a/istiod-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag new file mode 100644 index 000000000..bd94a923f --- /dev/null +++ b/resources/v1.30-alpha.2c4ef39a/istiod-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag @@ -0,0 +1 @@ +edb5f5f48bc1409dd225e3c8a996d9af diff --git a/resources/v1.30-alpha.d9e77b1d/profiles/ambient.yaml b/resources/v1.30-alpha.2c4ef39a/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/profiles/ambient.yaml rename to resources/v1.30-alpha.2c4ef39a/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/profiles/default.yaml b/resources/v1.30-alpha.2c4ef39a/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/profiles/default.yaml rename to resources/v1.30-alpha.2c4ef39a/profiles/default.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/profiles/demo.yaml b/resources/v1.30-alpha.2c4ef39a/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/profiles/demo.yaml rename to resources/v1.30-alpha.2c4ef39a/profiles/demo.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/profiles/empty.yaml b/resources/v1.30-alpha.2c4ef39a/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/profiles/empty.yaml rename to resources/v1.30-alpha.2c4ef39a/profiles/empty.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.2c4ef39a/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.2c4ef39a/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/profiles/openshift.yaml b/resources/v1.30-alpha.2c4ef39a/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/profiles/openshift.yaml rename to resources/v1.30-alpha.2c4ef39a/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/profiles/preview.yaml b/resources/v1.30-alpha.2c4ef39a/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/profiles/preview.yaml rename to resources/v1.30-alpha.2c4ef39a/profiles/preview.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/profiles/remote.yaml b/resources/v1.30-alpha.2c4ef39a/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/profiles/remote.yaml rename to resources/v1.30-alpha.2c4ef39a/profiles/remote.yaml diff --git a/resources/v1.30-alpha.d9e77b1d/profiles/stable.yaml b/resources/v1.30-alpha.2c4ef39a/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.d9e77b1d/profiles/stable.yaml rename to resources/v1.30-alpha.2c4ef39a/profiles/stable.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/ztunnel-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag b/resources/v1.30-alpha.2c4ef39a/ztunnel-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag new file mode 100644 index 000000000..86506f9ff --- /dev/null +++ b/resources/v1.30-alpha.2c4ef39a/ztunnel-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag @@ -0,0 +1 @@ +2fa7f222f8cc76ca8316cff8422ac90d diff --git a/resources/v1.30-alpha.d9e77b1d/base-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag b/resources/v1.30-alpha.d9e77b1d/base-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag deleted file mode 100644 index 0c4954a21..000000000 --- a/resources/v1.30-alpha.d9e77b1d/base-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -3ef1cc8e7107f6da18290d0aef6baa10 diff --git a/resources/v1.30-alpha.d9e77b1d/cni-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag b/resources/v1.30-alpha.d9e77b1d/cni-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag deleted file mode 100644 index c95759665..000000000 --- a/resources/v1.30-alpha.d9e77b1d/cni-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -fb2757a6d7b437fb39f14e8bd48ad769 diff --git a/resources/v1.30-alpha.d9e77b1d/commit b/resources/v1.30-alpha.d9e77b1d/commit deleted file mode 100644 index 7e7f92758..000000000 --- a/resources/v1.30-alpha.d9e77b1d/commit +++ /dev/null @@ -1 +0,0 @@ -d9e77b1d2c2b7f5dc7a05bf41e471399689cc165 diff --git a/resources/v1.30-alpha.d9e77b1d/gateway-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag b/resources/v1.30-alpha.d9e77b1d/gateway-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag deleted file mode 100644 index 2d665192d..000000000 --- a/resources/v1.30-alpha.d9e77b1d/gateway-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -bfc1b5a7f4494e660ac0936b4b18768b diff --git a/resources/v1.30-alpha.d9e77b1d/istiod-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag b/resources/v1.30-alpha.d9e77b1d/istiod-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag deleted file mode 100644 index 42743d793..000000000 --- a/resources/v1.30-alpha.d9e77b1d/istiod-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -fbca13b9574b0b615766efcfce1c2411 diff --git a/resources/v1.30-alpha.d9e77b1d/ztunnel-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag b/resources/v1.30-alpha.d9e77b1d/ztunnel-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag deleted file mode 100644 index dbb91075c..000000000 --- a/resources/v1.30-alpha.d9e77b1d/ztunnel-1.30-alpha.d9e77b1d2c2b7f5dc7a05bf41e471399689cc165.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -677f1934959ad0eba93d0eb106c89ed9 From 005d930d6c15020cd8dd2d235c113ca1a6b97a29 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Sun, 8 Feb 2026 00:50:50 -0500 Subject: [PATCH 33/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1577) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 2 +- go.sum | 4 +-- pkg/istioversion/versions.yaml | 18 ++++++------ ...afcdee1515729cd8b16b30ea6ec62078c.tgz.etag | 1 - ...afcdee1515729cd8b16b30ea6ec62078c.tgz.etag | 1 - resources/v1.30-alpha.2c4ef39a/commit | 1 - ...afcdee1515729cd8b16b30ea6ec62078c.tgz.etag | 1 - ...afcdee1515729cd8b16b30ea6ec62078c.tgz.etag | 1 - ...afcdee1515729cd8b16b30ea6ec62078c.tgz.etag | 1 - ...344d771ce45cba8a1d17b6bb2c209119d.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...344d771ce45cba8a1d17b6bb2c209119d.tgz.etag | 1 + resources/v1.30-alpha.a30ad733/commit | 1 + ...344d771ce45cba8a1d17b6bb2c209119d.tgz.etag | 1 + ...344d771ce45cba8a1d17b6bb2c209119d.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...344d771ce45cba8a1d17b6bb2c209119d.tgz.etag | 1 + 221 files changed, 92 insertions(+), 92 deletions(-) delete mode 100644 resources/v1.30-alpha.2c4ef39a/base-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag delete mode 100644 resources/v1.30-alpha.2c4ef39a/cni-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag delete mode 100644 resources/v1.30-alpha.2c4ef39a/commit delete mode 100644 resources/v1.30-alpha.2c4ef39a/gateway-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag delete mode 100644 resources/v1.30-alpha.2c4ef39a/istiod-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag delete mode 100644 resources/v1.30-alpha.2c4ef39a/ztunnel-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag create mode 100644 resources/v1.30-alpha.a30ad733/base-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/README.md (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.a30ad733/cni-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag create mode 100644 resources/v1.30-alpha.a30ad733/commit create mode 100644 resources/v1.30-alpha.a30ad733/gateway-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag create mode 100644 resources/v1.30-alpha.a30ad733/istiod-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.2c4ef39a => v1.30-alpha.a30ad733}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.a30ad733/ztunnel-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index b16ff918d..ac3973179 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.2c4ef39a + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.a30ad733 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 70b825f3c..5abb6eda9 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.2c4ef39a + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.a30ad733 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 1354e08ff..03185e649 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.2c4ef39a. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.2c4ef39a + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a30ad733. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.a30ad733 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 237e0c863..802a6dbd9 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.2c4ef39a + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.a30ad733 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 0ba32ffb7..54f01b50c 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.2c4ef39a + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.a30ad733 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 35b58996b..121b0f74a 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-07T05:19:48Z" + createdAt: "2026-02-08T05:32:01Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.2c4ef39a. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a30ad733. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.2c4ef39a + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.2c4ef39a + - v1.30-alpha.a30ad733 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_2c4ef39a.cni: gcr.io/istio-testing/install-cni:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c - images.v1_30-alpha_2c4ef39a.istiod: gcr.io/istio-testing/pilot:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c - images.v1_30-alpha_2c4ef39a.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c - images.v1_30-alpha_2c4ef39a.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c + images.v1_30-alpha_a30ad733.cni: gcr.io/istio-testing/install-cni:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d + images.v1_30-alpha_a30ad733.istiod: gcr.io/istio-testing/pilot:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d + images.v1_30-alpha_a30ad733.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d + images.v1_30-alpha_a30ad733.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index fd4823535..1e63926cd 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.2c4ef39a + - v1.30-alpha.a30ad733 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 7638663e1..3faa66e6f 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.2c4ef39a. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a30ad733. enum: - v1.28.3 - v1.28.2 @@ -10164,7 +10164,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.2c4ef39a + - v1.30-alpha.a30ad733 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index 333073f5f..ef12935a4 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. enum: - v1.28-latest - v1.28.3 @@ -10246,7 +10246,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.2c4ef39a + - v1.30-alpha.a30ad733 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 26fbb9965..09f346bb6 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.2c4ef39a + - v1.30-alpha.a30ad733 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.2c4ef39a + - v1.30-alpha.a30ad733 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 0159820ad..61871b3bb 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.2c4ef39a + - v1.30-alpha.a30ad733 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index 71500fba8..44ba32d2a 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.2c4ef39a. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a30ad733. enum: - v1.28.3 - v1.28.2 @@ -10164,7 +10164,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.2c4ef39a + - v1.30-alpha.a30ad733 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 103ef0b38..c5660a7c7 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. enum: - v1.28-latest - v1.28.3 @@ -10246,7 +10246,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.2c4ef39a + - v1.30-alpha.a30ad733 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 2a7e4ced4..8d5e2095f 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.2c4ef39a + - v1.30-alpha.a30ad733 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.2c4ef39a + - v1.30-alpha.a30ad733 type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index 1a891f0af..d103941fe 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_2c4ef39a.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c - images.v1_30-alpha_2c4ef39a.istiod: gcr.io/istio-testing/pilot:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c - images.v1_30-alpha_2c4ef39a.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c - images.v1_30-alpha_2c4ef39a.cni: gcr.io/istio-testing/install-cni:1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c + images.v1_30-alpha_a30ad733.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d + images.v1_30-alpha_a30ad733.istiod: gcr.io/istio-testing/pilot:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d + images.v1_30-alpha_a30ad733.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d + images.v1_30-alpha_a30ad733.cni: gcr.io/istio-testing/install-cni:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.2c4ef39a + - v1.30-alpha.a30ad733 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 96cc180c7..2e451a1de 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.2c4ef39a] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.a30ad733] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.2c4ef39a. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.2c4ef39a] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a30ad733. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.a30ad733] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.2c4ef39a] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.a30ad733] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3524,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.2c4ef39a] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.a30ad733] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3690,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.2c4ef39a. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.2c4ef39a] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.a30ad733] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index 61730772f..b297d743b 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 istio.io/client-go v1.29.0-alpha.0.0.20260205011149-b3a6b2e28b06 - istio.io/istio v0.0.0-20260206200950-2c4ef39afcde + istio.io/istio v0.0.0-20260208024451-a30ad73344d7 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 diff --git a/go.sum b/go.sum index cfe9cfa5c..2dd88d72a 100644 --- a/go.sum +++ b/go.sum @@ -474,8 +474,8 @@ istio.io/api v1.29.0-alpha.0.0.20260205010447-d2bc7d18a337 h1:fTa0j3yQhp5RohEaAa istio.io/api v1.29.0-alpha.0.0.20260205010447-d2bc7d18a337/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= istio.io/client-go v1.29.0-alpha.0.0.20260205011149-b3a6b2e28b06 h1:S3ger4fZHVuV61d9HKwUksc2y1vQhtyu4zgVr0lD03M= istio.io/client-go v1.29.0-alpha.0.0.20260205011149-b3a6b2e28b06/go.mod h1:NHEtxuW56GL/RuXXE6NLdzrBURs++EyIp2WSsL9Fpe8= -istio.io/istio v0.0.0-20260206200950-2c4ef39afcde h1:zQlM6RJurrwj1sYI9vrZ0YXZhKyBU10Z7+SZj3fPJ4E= -istio.io/istio v0.0.0-20260206200950-2c4ef39afcde/go.mod h1:chB5nG8Schg/i9DjAyc3QmiquXbfWDWql7P3bgCETHM= +istio.io/istio v0.0.0-20260208024451-a30ad73344d7 h1:QjIjbK46AhUscVomrrEFiiFq1roN+/3I2hqCauHGO7M= +istio.io/istio v0.0.0-20260208024451-a30ad73344d7/go.mod h1:cVTeU6zOpccSZOT3xFeSPn7G0ySPG/vaP9T0kqgk0Wg= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 67427aa66..c8a2d4dab 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.2c4ef39a - - name: v1.30-alpha.2c4ef39a - version: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c + ref: v1.30-alpha.a30ad733 + - name: v1.30-alpha.a30ad733 + version: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d repo: https://github.com/istio/istio branch: master - commit: 2c4ef39afcdee1515729cd8b16b30ea6ec62078c + commit: a30ad73344d771ce45cba8a1d17b6bb2c209119d charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c/helm/base-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c/helm/cni-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c/helm/gateway-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c/helm/istiod-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c/helm/ztunnel-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d/helm/base-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d/helm/cni-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d/helm/gateway-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d/helm/istiod-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d/helm/ztunnel-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz diff --git a/resources/v1.30-alpha.2c4ef39a/base-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag b/resources/v1.30-alpha.2c4ef39a/base-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag deleted file mode 100644 index 86e91380f..000000000 --- a/resources/v1.30-alpha.2c4ef39a/base-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -0f63fd54a737a955475b2f0bdbf3006f diff --git a/resources/v1.30-alpha.2c4ef39a/cni-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag b/resources/v1.30-alpha.2c4ef39a/cni-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag deleted file mode 100644 index e54fb2c98..000000000 --- a/resources/v1.30-alpha.2c4ef39a/cni-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -18da1108b063d8565766630010ca7c6a diff --git a/resources/v1.30-alpha.2c4ef39a/commit b/resources/v1.30-alpha.2c4ef39a/commit deleted file mode 100644 index 840221355..000000000 --- a/resources/v1.30-alpha.2c4ef39a/commit +++ /dev/null @@ -1 +0,0 @@ -2c4ef39afcdee1515729cd8b16b30ea6ec62078c diff --git a/resources/v1.30-alpha.2c4ef39a/gateway-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag b/resources/v1.30-alpha.2c4ef39a/gateway-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag deleted file mode 100644 index e4402e0f1..000000000 --- a/resources/v1.30-alpha.2c4ef39a/gateway-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -854670fb7f9f769bb67a6c74d67bb070 diff --git a/resources/v1.30-alpha.2c4ef39a/istiod-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag b/resources/v1.30-alpha.2c4ef39a/istiod-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag deleted file mode 100644 index bd94a923f..000000000 --- a/resources/v1.30-alpha.2c4ef39a/istiod-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -edb5f5f48bc1409dd225e3c8a996d9af diff --git a/resources/v1.30-alpha.2c4ef39a/ztunnel-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag b/resources/v1.30-alpha.2c4ef39a/ztunnel-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag deleted file mode 100644 index 86506f9ff..000000000 --- a/resources/v1.30-alpha.2c4ef39a/ztunnel-1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -2fa7f222f8cc76ca8316cff8422ac90d diff --git a/resources/v1.30-alpha.a30ad733/base-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag b/resources/v1.30-alpha.a30ad733/base-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag new file mode 100644 index 000000000..be95f2797 --- /dev/null +++ b/resources/v1.30-alpha.a30ad733/base-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag @@ -0,0 +1 @@ +6a20fbde6cc3450b90a670098b456adb diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/Chart.yaml b/resources/v1.30-alpha.a30ad733/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.2c4ef39a/charts/base/Chart.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/Chart.yaml index 75199a55b..a7b462136 100644 --- a/resources/v1.30-alpha.2c4ef39a/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.a30ad733/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c +appVersion: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c +version: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/README.md b/resources/v1.30-alpha.a30ad733/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/README.md rename to resources/v1.30-alpha.a30ad733/charts/base/README.md diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.a30ad733/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.a30ad733/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.a30ad733/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.a30ad733/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.a30ad733/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.a30ad733/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.a30ad733/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.a30ad733/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.a30ad733/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.a30ad733/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.a30ad733/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/base/values.yaml b/resources/v1.30-alpha.a30ad733/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/base/values.yaml rename to resources/v1.30-alpha.a30ad733/charts/base/values.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/Chart.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/Chart.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/Chart.yaml index d02a24972..e40fc0d22 100644 --- a/resources/v1.30-alpha.2c4ef39a/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.a30ad733/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c +appVersion: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c +version: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/README.md b/resources/v1.30-alpha.a30ad733/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/README.md rename to resources/v1.30-alpha.a30ad733/charts/cni/README.md diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.a30ad733/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.a30ad733/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.a30ad733/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.a30ad733/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/cni/values.yaml b/resources/v1.30-alpha.a30ad733/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.2c4ef39a/charts/cni/values.yaml rename to resources/v1.30-alpha.a30ad733/charts/cni/values.yaml index 556ade9f5..c0a7197d3 100644 --- a/resources/v1.30-alpha.2c4ef39a/charts/cni/values.yaml +++ b/resources/v1.30-alpha.a30ad733/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c + tag: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/Chart.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/Chart.yaml index 191ab9f26..0d47c629a 100644 --- a/resources/v1.30-alpha.2c4ef39a/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.a30ad733/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c +appVersion: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c +version: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/README.md b/resources/v1.30-alpha.a30ad733/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/README.md rename to resources/v1.30-alpha.a30ad733/charts/gateway/README.md diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.a30ad733/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.a30ad733/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.a30ad733/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.a30ad733/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/values.schema.json b/resources/v1.30-alpha.a30ad733/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/values.schema.json rename to resources/v1.30-alpha.a30ad733/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.2c4ef39a/charts/gateway/values.yaml b/resources/v1.30-alpha.a30ad733/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/gateway/values.yaml rename to resources/v1.30-alpha.a30ad733/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/Chart.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/Chart.yaml index 4923a242d..15f25b72b 100644 --- a/resources/v1.30-alpha.2c4ef39a/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.a30ad733/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c +appVersion: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c +version: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/README.md b/resources/v1.30-alpha.a30ad733/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/README.md rename to resources/v1.30-alpha.a30ad733/charts/istiod/README.md diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/istiod/values.yaml b/resources/v1.30-alpha.a30ad733/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.2c4ef39a/charts/istiod/values.yaml rename to resources/v1.30-alpha.a30ad733/charts/istiod/values.yaml index 3ffcbae73..f578cd904 100644 --- a/resources/v1.30-alpha.2c4ef39a/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.a30ad733/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c + tag: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/Chart.yaml index c85466a92..f212e3bbc 100644 --- a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.a30ad733/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c +appVersion: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/values.yaml b/resources/v1.30-alpha.a30ad733/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.2c4ef39a/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.a30ad733/charts/revisiontags/values.yaml index 3ffcbae73..f578cd904 100644 --- a/resources/v1.30-alpha.2c4ef39a/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.a30ad733/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c + tag: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/Chart.yaml index 9c9d5d7de..0b786478e 100644 --- a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.a30ad733/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c +appVersion: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c +version: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/README.md b/resources/v1.30-alpha.a30ad733/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/README.md rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/values.yaml b/resources/v1.30-alpha.a30ad733/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.2c4ef39a/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.a30ad733/charts/ztunnel/values.yaml index d7f0f80bd..d0276a72c 100644 --- a/resources/v1.30-alpha.2c4ef39a/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.a30ad733/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.2c4ef39afcdee1515729cd8b16b30ea6ec62078c + tag: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.a30ad733/cni-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag b/resources/v1.30-alpha.a30ad733/cni-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag new file mode 100644 index 000000000..ef735eef6 --- /dev/null +++ b/resources/v1.30-alpha.a30ad733/cni-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag @@ -0,0 +1 @@ +fa80969295cb1a10437a7e95e84c2502 diff --git a/resources/v1.30-alpha.a30ad733/commit b/resources/v1.30-alpha.a30ad733/commit new file mode 100644 index 000000000..3dc22795d --- /dev/null +++ b/resources/v1.30-alpha.a30ad733/commit @@ -0,0 +1 @@ +a30ad73344d771ce45cba8a1d17b6bb2c209119d diff --git a/resources/v1.30-alpha.a30ad733/gateway-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag b/resources/v1.30-alpha.a30ad733/gateway-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag new file mode 100644 index 000000000..91f9f8b2f --- /dev/null +++ b/resources/v1.30-alpha.a30ad733/gateway-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag @@ -0,0 +1 @@ +f0bef15cfa2aeb23cbc1b388c39fa225 diff --git a/resources/v1.30-alpha.a30ad733/istiod-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag b/resources/v1.30-alpha.a30ad733/istiod-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag new file mode 100644 index 000000000..1ea84ce7e --- /dev/null +++ b/resources/v1.30-alpha.a30ad733/istiod-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag @@ -0,0 +1 @@ +ce979b022d392a5a04ddf431ebe85ceb diff --git a/resources/v1.30-alpha.2c4ef39a/profiles/ambient.yaml b/resources/v1.30-alpha.a30ad733/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/profiles/ambient.yaml rename to resources/v1.30-alpha.a30ad733/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/profiles/default.yaml b/resources/v1.30-alpha.a30ad733/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/profiles/default.yaml rename to resources/v1.30-alpha.a30ad733/profiles/default.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/profiles/demo.yaml b/resources/v1.30-alpha.a30ad733/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/profiles/demo.yaml rename to resources/v1.30-alpha.a30ad733/profiles/demo.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/profiles/empty.yaml b/resources/v1.30-alpha.a30ad733/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/profiles/empty.yaml rename to resources/v1.30-alpha.a30ad733/profiles/empty.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.a30ad733/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.a30ad733/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/profiles/openshift.yaml b/resources/v1.30-alpha.a30ad733/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/profiles/openshift.yaml rename to resources/v1.30-alpha.a30ad733/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/profiles/preview.yaml b/resources/v1.30-alpha.a30ad733/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/profiles/preview.yaml rename to resources/v1.30-alpha.a30ad733/profiles/preview.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/profiles/remote.yaml b/resources/v1.30-alpha.a30ad733/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/profiles/remote.yaml rename to resources/v1.30-alpha.a30ad733/profiles/remote.yaml diff --git a/resources/v1.30-alpha.2c4ef39a/profiles/stable.yaml b/resources/v1.30-alpha.a30ad733/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.2c4ef39a/profiles/stable.yaml rename to resources/v1.30-alpha.a30ad733/profiles/stable.yaml diff --git a/resources/v1.30-alpha.a30ad733/ztunnel-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag b/resources/v1.30-alpha.a30ad733/ztunnel-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag new file mode 100644 index 000000000..2306532e9 --- /dev/null +++ b/resources/v1.30-alpha.a30ad733/ztunnel-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag @@ -0,0 +1 @@ +8b4680d0cd74b577b9d57cf815811b25 From 61bf14893e576e2f671980e6e55ca1fffbe849d7 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Tue, 10 Feb 2026 00:53:11 -0500 Subject: [PATCH 34/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1579) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 6 ++-- api/v1/istiocni_types.go | 6 ++-- api/v1/istiorevision_types.go | 6 ++-- api/v1/ztunnel_types.go | 6 ++-- api/v1alpha1/ztunnel_types.go | 6 ++-- .../sailoperator.clusterserviceversion.yaml | 28 +++++++++---------- .../manifests/sailoperator.io_istiocnis.yaml | 4 +-- .../sailoperator.io_istiorevisions.yaml | 4 +-- bundle/manifests/sailoperator.io_istios.yaml | 4 +-- .../manifests/sailoperator.io_ztunnels.yaml | 8 +++--- chart/crds/sailoperator.io_istiocnis.yaml | 4 +-- .../crds/sailoperator.io_istiorevisions.yaml | 4 +-- chart/crds/sailoperator.io_istios.yaml | 4 +-- chart/crds/sailoperator.io_ztunnels.yaml | 8 +++--- chart/values.yaml | 10 +++---- docs/api-reference/sailoperator.io.md | 10 +++---- go.mod | 6 ++-- go.sum | 12 ++++---- pkg/istioversion/versions.yaml | 18 ++++++------ ...91a333998e160a8aa3400a3aa65d4cb7a.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +-- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 0 .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 4 +-- .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 4 +-- .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 4 +-- .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 0 .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 0 .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 4 +-- .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 0 .../charts/ztunnel/values.yaml | 2 +- ...91a333998e160a8aa3400a3aa65d4cb7a.tgz.etag | 1 + resources/v1.30-alpha.0a346609/commit | 1 + ...91a333998e160a8aa3400a3aa65d4cb7a.tgz.etag | 1 + ...91a333998e160a8aa3400a3aa65d4cb7a.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 ...91a333998e160a8aa3400a3aa65d4cb7a.tgz.etag | 1 + ...344d771ce45cba8a1d17b6bb2c209119d.tgz.etag | 1 - ...344d771ce45cba8a1d17b6bb2c209119d.tgz.etag | 1 - resources/v1.30-alpha.a30ad733/commit | 1 - ...344d771ce45cba8a1d17b6bb2c209119d.tgz.etag | 1 - ...344d771ce45cba8a1d17b6bb2c209119d.tgz.etag | 1 - ...344d771ce45cba8a1d17b6bb2c209119d.tgz.etag | 1 - 221 files changed, 98 insertions(+), 98 deletions(-) create mode 100644 resources/v1.30-alpha.0a346609/base-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/README.md (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/templates/reader-serviceaccount.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/base/values.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/Chart.yaml (62%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/README.md (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/cni/values.yaml (99%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/Chart.yaml (64%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/README.md (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/templates/hpa.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/templates/role.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/templates/service.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/gateway/values.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/Chart.yaml (63%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/gateway-injection-template.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/grpc-simple.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/kube-gateway.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/files/waypoint.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/istiod/values.yaml (99%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/revisiontags/values.yaml (99%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/Chart.yaml (63%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/README.md (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/files/profile-ambient.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/templates/zzz_profile.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.0a346609/cni-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag create mode 100644 resources/v1.30-alpha.0a346609/commit create mode 100644 resources/v1.30-alpha.0a346609/gateway-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag create mode 100644 resources/v1.30-alpha.0a346609/istiod-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.a30ad733 => v1.30-alpha.0a346609}/profiles/stable.yaml (100%) create mode 100644 resources/v1.30-alpha.0a346609/ztunnel-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag delete mode 100644 resources/v1.30-alpha.a30ad733/base-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag delete mode 100644 resources/v1.30-alpha.a30ad733/cni-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag delete mode 100644 resources/v1.30-alpha.a30ad733/commit delete mode 100644 resources/v1.30-alpha.a30ad733/gateway-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag delete mode 100644 resources/v1.30-alpha.a30ad733/istiod-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag delete mode 100644 resources/v1.30-alpha.a30ad733/ztunnel-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index ac3973179..fe9ece380 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.a30ad733 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.0a346609 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 5abb6eda9..1de1098d8 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.a30ad733 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.0a346609 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index 03185e649..cbadc918f 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a30ad733. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.a30ad733 + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0a346609. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.0a346609 Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index 802a6dbd9..b5f2d5bf2 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.a30ad733 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.0a346609 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 54f01b50c..417fdba03 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.a30ad733 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.0a346609 // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 121b0f74a..85b8bf34b 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-08T05:32:01Z" + createdAt: "2026-02-10T05:33:21Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. displayName: Istio Version path: version x-descriptors: @@ -197,7 +197,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609 - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +235,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a30ad733. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0a346609. displayName: Istio Version path: version x-descriptors: @@ -250,7 +250,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609 - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +285,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. displayName: Istio Version path: version x-descriptors: @@ -303,7 +303,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609 - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +359,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. displayName: Istio Version path: version x-descriptors: @@ -377,7 +377,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.a30ad733 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609 - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -405,7 +405,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.a30ad733 + - v1.30-alpha.0a346609 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -803,10 +803,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_a30ad733.cni: gcr.io/istio-testing/install-cni:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d - images.v1_30-alpha_a30ad733.istiod: gcr.io/istio-testing/pilot:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d - images.v1_30-alpha_a30ad733.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d - images.v1_30-alpha_a30ad733.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d + images.v1_30-alpha_0a346609.cni: gcr.io/istio-testing/install-cni:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a + images.v1_30-alpha_0a346609.istiod: gcr.io/istio-testing/pilot:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a + images.v1_30-alpha_0a346609.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a + images.v1_30-alpha_0a346609.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index 1e63926cd..f38aa032e 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.a30ad733 + - v1.30-alpha.0a346609 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index 3faa66e6f..f6042a083 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a30ad733. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0a346609. enum: - v1.28.3 - v1.28.2 @@ -10164,7 +10164,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.a30ad733 + - v1.30-alpha.0a346609 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index ef12935a4..d8b5a4d54 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. enum: - v1.28-latest - v1.28.3 @@ -10246,7 +10246,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.a30ad733 + - v1.30-alpha.0a346609 type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 09f346bb6..b5bf0d2be 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.a30ad733 + - v1.30-alpha.0a346609 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.a30ad733 + - v1.30-alpha.0a346609 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 61871b3bb..81bfba2f9 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. enum: - v1.28-latest - v1.28.3 @@ -1517,7 +1517,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.a30ad733 + - v1.30-alpha.0a346609 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index 44ba32d2a..7e1e592d8 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10121,7 +10121,7 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a30ad733. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0a346609. enum: - v1.28.3 - v1.28.2 @@ -10164,7 +10164,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.a30ad733 + - v1.30-alpha.0a346609 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index c5660a7c7..52707c2ec 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. enum: - v1.28-latest - v1.28.3 @@ -10246,7 +10246,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.a30ad733 + - v1.30-alpha.0a346609 type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index 8d5e2095f..eb57fa52f 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3446,7 +3446,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. enum: - v1.28-latest - v1.28.3 @@ -3485,7 +3485,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.a30ad733 + - v1.30-alpha.0a346609 type: string required: - namespace @@ -6997,7 +6997,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. enum: - v1.28-latest - v1.28.3 @@ -7036,7 +7036,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.a30ad733 + - v1.30-alpha.0a346609 type: string required: - namespace diff --git a/chart/values.yaml b/chart/values.yaml index d103941fe..49d919927 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -42,10 +42,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_a30ad733.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d - images.v1_30-alpha_a30ad733.istiod: gcr.io/istio-testing/pilot:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d - images.v1_30-alpha_a30ad733.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d - images.v1_30-alpha_a30ad733.cni: gcr.io/istio-testing/install-cni:1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d + images.v1_30-alpha_0a346609.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a + images.v1_30-alpha_0a346609.istiod: gcr.io/istio-testing/pilot:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a + images.v1_30-alpha_0a346609.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a + images.v1_30-alpha_0a346609.cni: gcr.io/istio-testing/install-cni:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a revisionHistoryLimit: 10 service: port: 8443 @@ -74,7 +74,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.a30ad733 + - v1.30-alpha.0a346609 [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index 2e451a1de..a790402ce 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.a30ad733] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.0a346609] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.a30ad733. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.a30ad733] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0a346609. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.0a346609] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.a30ad733] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.0a346609] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3524,7 +3524,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.a30ad733] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.0a346609] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3690,7 +3690,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.a30ad733. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.a30ad733] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.0a346609] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index b297d743b..06e868996 100644 --- a/go.mod +++ b/go.mod @@ -24,8 +24,8 @@ require ( gomodules.xyz/jsonpatch/v2 v2.5.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 - istio.io/client-go v1.29.0-alpha.0.0.20260205011149-b3a6b2e28b06 - istio.io/istio v0.0.0-20260208024451-a30ad73344d7 + istio.io/client-go v1.29.0-alpha.0.0.20260210050111-fc5c109fbe29 + istio.io/istio v0.0.0-20260209144354-0a3466091a33 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 @@ -169,7 +169,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - istio.io/api v1.29.0-alpha.0.0.20260205010447-d2bc7d18a337 // indirect + istio.io/api v1.29.0-alpha.0.0.20260210045913-ba273dacb2d8 // indirect k8s.io/apiserver v0.35.0 // indirect k8s.io/component-base v0.35.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect diff --git a/go.sum b/go.sum index 2dd88d72a..6a280e4bc 100644 --- a/go.sum +++ b/go.sum @@ -470,12 +470,12 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= helm.sh/helm/v3 v3.18.6 h1:S/2CqcYnNfLckkHLI0VgQbxgcDaU3N4A/46E3n9wSNY= helm.sh/helm/v3 v3.18.6/go.mod h1:L/dXDR2r539oPlFP1PJqKAC1CUgqHJDLkxKpDGrWnyg= -istio.io/api v1.29.0-alpha.0.0.20260205010447-d2bc7d18a337 h1:fTa0j3yQhp5RohEaAaGB+DiXWX6EEq4CGcrcvU+9Sao= -istio.io/api v1.29.0-alpha.0.0.20260205010447-d2bc7d18a337/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= -istio.io/client-go v1.29.0-alpha.0.0.20260205011149-b3a6b2e28b06 h1:S3ger4fZHVuV61d9HKwUksc2y1vQhtyu4zgVr0lD03M= -istio.io/client-go v1.29.0-alpha.0.0.20260205011149-b3a6b2e28b06/go.mod h1:NHEtxuW56GL/RuXXE6NLdzrBURs++EyIp2WSsL9Fpe8= -istio.io/istio v0.0.0-20260208024451-a30ad73344d7 h1:QjIjbK46AhUscVomrrEFiiFq1roN+/3I2hqCauHGO7M= -istio.io/istio v0.0.0-20260208024451-a30ad73344d7/go.mod h1:cVTeU6zOpccSZOT3xFeSPn7G0ySPG/vaP9T0kqgk0Wg= +istio.io/api v1.29.0-alpha.0.0.20260210045913-ba273dacb2d8 h1:dtdeRaQs2TnhaPcNLzQm/DEV3/lA38JZuHTHM2MSHTU= +istio.io/api v1.29.0-alpha.0.0.20260210045913-ba273dacb2d8/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= +istio.io/client-go v1.29.0-alpha.0.0.20260210050111-fc5c109fbe29 h1:PighpMA2jDMBynVVTZ//pCRYZ6qpL6fEeXQV71PJw7s= +istio.io/client-go v1.29.0-alpha.0.0.20260210050111-fc5c109fbe29/go.mod h1:aplGKDNJmW/PJVZB51oxfmhJ2Aaz6CIRf1q/zL+JqoA= +istio.io/istio v0.0.0-20260209144354-0a3466091a33 h1:jAsELQ9cKHMlrbq/VUsorc7NyyHumV73lvpNEPH/uTY= +istio.io/istio v0.0.0-20260209144354-0a3466091a33/go.mod h1:cVTeU6zOpccSZOT3xFeSPn7G0ySPG/vaP9T0kqgk0Wg= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index c8a2d4dab..2e2ea2cb0 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -197,15 +197,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.a30ad733 - - name: v1.30-alpha.a30ad733 - version: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d + ref: v1.30-alpha.0a346609 + - name: v1.30-alpha.0a346609 + version: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a repo: https://github.com/istio/istio branch: master - commit: a30ad73344d771ce45cba8a1d17b6bb2c209119d + commit: 0a3466091a333998e160a8aa3400a3aa65d4cb7a charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d/helm/base-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d/helm/cni-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d/helm/gateway-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d/helm/istiod-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d/helm/ztunnel-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a/helm/base-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a/helm/cni-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a/helm/gateway-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a/helm/istiod-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a/helm/ztunnel-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz diff --git a/resources/v1.30-alpha.0a346609/base-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag b/resources/v1.30-alpha.0a346609/base-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag new file mode 100644 index 000000000..6554f9b4d --- /dev/null +++ b/resources/v1.30-alpha.0a346609/base-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag @@ -0,0 +1 @@ +c5eb4d7c406daf26f767e2336ee6088c diff --git a/resources/v1.30-alpha.a30ad733/charts/base/Chart.yaml b/resources/v1.30-alpha.0a346609/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.a30ad733/charts/base/Chart.yaml rename to resources/v1.30-alpha.0a346609/charts/base/Chart.yaml index a7b462136..0677dec25 100644 --- a/resources/v1.30-alpha.a30ad733/charts/base/Chart.yaml +++ b/resources/v1.30-alpha.0a346609/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d +appVersion: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d +version: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a diff --git a/resources/v1.30-alpha.a30ad733/charts/base/README.md b/resources/v1.30-alpha.0a346609/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/README.md rename to resources/v1.30-alpha.0a346609/charts/base/README.md diff --git a/resources/v1.30-alpha.a30ad733/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.0a346609/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/files/profile-ambient.yaml rename to resources/v1.30-alpha.0a346609/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.0a346609/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/files/profile-demo.yaml rename to resources/v1.30-alpha.0a346609/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.0a346609/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/files/profile-preview.yaml rename to resources/v1.30-alpha.0a346609/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.0a346609/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/files/profile-remote.yaml rename to resources/v1.30-alpha.0a346609/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.0a346609/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/files/profile-stable.yaml rename to resources/v1.30-alpha.0a346609/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.0a346609/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/templates/NOTES.txt rename to resources/v1.30-alpha.0a346609/charts/base/templates/NOTES.txt diff --git a/resources/v1.30-alpha.a30ad733/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.0a346609/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.0a346609/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.0a346609/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.0a346609/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.0a346609/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.0a346609/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.0a346609/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/templates/zzz_profile.yaml rename to resources/v1.30-alpha.0a346609/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/base/values.yaml b/resources/v1.30-alpha.0a346609/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/base/values.yaml rename to resources/v1.30-alpha.0a346609/charts/base/values.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/Chart.yaml b/resources/v1.30-alpha.0a346609/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.a30ad733/charts/cni/Chart.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/Chart.yaml index e40fc0d22..aaa1dfe04 100644 --- a/resources/v1.30-alpha.a30ad733/charts/cni/Chart.yaml +++ b/resources/v1.30-alpha.0a346609/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d +appVersion: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d +version: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/README.md b/resources/v1.30-alpha.0a346609/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/README.md rename to resources/v1.30-alpha.0a346609/charts/cni/README.md diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.0a346609/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/files/profile-ambient.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.0a346609/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/files/profile-demo.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.0a346609/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/files/profile-preview.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.0a346609/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/files/profile-remote.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.0a346609/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/files/profile-stable.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.0a346609/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/templates/NOTES.txt rename to resources/v1.30-alpha.0a346609/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.0a346609/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/templates/_helpers.tpl rename to resources/v1.30-alpha.0a346609/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.0a346609/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.0a346609/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.0a346609/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.0a346609/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.0a346609/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.0a346609/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.0a346609/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.0a346609/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.0a346609/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.0a346609/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/cni/templates/zzz_profile.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/cni/values.yaml b/resources/v1.30-alpha.0a346609/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.a30ad733/charts/cni/values.yaml rename to resources/v1.30-alpha.0a346609/charts/cni/values.yaml index c0a7197d3..391aed9e5 100644 --- a/resources/v1.30-alpha.a30ad733/charts/cni/values.yaml +++ b/resources/v1.30-alpha.0a346609/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d + tag: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/Chart.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.a30ad733/charts/gateway/Chart.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/Chart.yaml index 0d47c629a..adfe22b1d 100644 --- a/resources/v1.30-alpha.a30ad733/charts/gateway/Chart.yaml +++ b/resources/v1.30-alpha.0a346609/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d +appVersion: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d +version: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/README.md b/resources/v1.30-alpha.0a346609/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/README.md rename to resources/v1.30-alpha.0a346609/charts/gateway/README.md diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-ambient.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-demo.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-preview.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-remote.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/files/profile-stable.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.0a346609/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/templates/NOTES.txt rename to resources/v1.30-alpha.0a346609/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.0a346609/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/templates/_helpers.tpl rename to resources/v1.30-alpha.0a346609/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/templates/deployment.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/templates/hpa.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/templates/role.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/templates/role.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/values.schema.json b/resources/v1.30-alpha.0a346609/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/values.schema.json rename to resources/v1.30-alpha.0a346609/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.a30ad733/charts/gateway/values.yaml b/resources/v1.30-alpha.0a346609/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/gateway/values.yaml rename to resources/v1.30-alpha.0a346609/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/Chart.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.a30ad733/charts/istiod/Chart.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/Chart.yaml index 15f25b72b..cc422b9aa 100644 --- a/resources/v1.30-alpha.a30ad733/charts/istiod/Chart.yaml +++ b/resources/v1.30-alpha.0a346609/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d +appVersion: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d +version: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/README.md b/resources/v1.30-alpha.0a346609/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/README.md rename to resources/v1.30-alpha.0a346609/charts/istiod/README.md diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/grpc-agent.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/grpc-simple.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-ambient.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-demo.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-preview.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-remote.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/profile-stable.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.0a346609/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/NOTES.txt rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.0a346609/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/_helpers.tpl rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/istiod/values.yaml b/resources/v1.30-alpha.0a346609/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.a30ad733/charts/istiod/values.yaml rename to resources/v1.30-alpha.0a346609/charts/istiod/values.yaml index f578cd904..4a31ec6b5 100644 --- a/resources/v1.30-alpha.a30ad733/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.0a346609/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d + tag: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/Chart.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/Chart.yaml index f212e3bbc..02b53e619 100644 --- a/resources/v1.30-alpha.a30ad733/charts/revisiontags/Chart.yaml +++ b/resources/v1.30-alpha.0a346609/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d +appVersion: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/revisiontags/values.yaml b/resources/v1.30-alpha.0a346609/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.a30ad733/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.0a346609/charts/revisiontags/values.yaml index f578cd904..4a31ec6b5 100644 --- a/resources/v1.30-alpha.a30ad733/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.0a346609/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d + tag: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/Chart.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/Chart.yaml index 0b786478e..e079d465e 100644 --- a/resources/v1.30-alpha.a30ad733/charts/ztunnel/Chart.yaml +++ b/resources/v1.30-alpha.0a346609/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d +appVersion: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d +version: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/README.md b/resources/v1.30-alpha.0a346609/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/README.md rename to resources/v1.30-alpha.0a346609/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/NOTES.txt rename to resources/v1.30-alpha.0a346609/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.30-alpha.0a346609/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.30-alpha.a30ad733/charts/ztunnel/values.yaml b/resources/v1.30-alpha.0a346609/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.a30ad733/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.0a346609/charts/ztunnel/values.yaml index d0276a72c..d682a4755 100644 --- a/resources/v1.30-alpha.a30ad733/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.0a346609/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d + tag: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.0a346609/cni-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag b/resources/v1.30-alpha.0a346609/cni-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag new file mode 100644 index 000000000..534df8dd4 --- /dev/null +++ b/resources/v1.30-alpha.0a346609/cni-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag @@ -0,0 +1 @@ +25025d0112d80c4b4a1228c1a8010f1a diff --git a/resources/v1.30-alpha.0a346609/commit b/resources/v1.30-alpha.0a346609/commit new file mode 100644 index 000000000..4d1e8eb73 --- /dev/null +++ b/resources/v1.30-alpha.0a346609/commit @@ -0,0 +1 @@ +0a3466091a333998e160a8aa3400a3aa65d4cb7a diff --git a/resources/v1.30-alpha.0a346609/gateway-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag b/resources/v1.30-alpha.0a346609/gateway-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag new file mode 100644 index 000000000..f9056cff2 --- /dev/null +++ b/resources/v1.30-alpha.0a346609/gateway-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag @@ -0,0 +1 @@ +1e179164e2dd5fd0f9815c76fd759549 diff --git a/resources/v1.30-alpha.0a346609/istiod-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag b/resources/v1.30-alpha.0a346609/istiod-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag new file mode 100644 index 000000000..1dad1c586 --- /dev/null +++ b/resources/v1.30-alpha.0a346609/istiod-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag @@ -0,0 +1 @@ +ba3de8ee9137e6f1de12f48bfa924f38 diff --git a/resources/v1.30-alpha.a30ad733/profiles/ambient.yaml b/resources/v1.30-alpha.0a346609/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/profiles/ambient.yaml rename to resources/v1.30-alpha.0a346609/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.a30ad733/profiles/default.yaml b/resources/v1.30-alpha.0a346609/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/profiles/default.yaml rename to resources/v1.30-alpha.0a346609/profiles/default.yaml diff --git a/resources/v1.30-alpha.a30ad733/profiles/demo.yaml b/resources/v1.30-alpha.0a346609/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/profiles/demo.yaml rename to resources/v1.30-alpha.0a346609/profiles/demo.yaml diff --git a/resources/v1.30-alpha.a30ad733/profiles/empty.yaml b/resources/v1.30-alpha.0a346609/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/profiles/empty.yaml rename to resources/v1.30-alpha.0a346609/profiles/empty.yaml diff --git a/resources/v1.30-alpha.a30ad733/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.0a346609/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/profiles/openshift-ambient.yaml rename to resources/v1.30-alpha.0a346609/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.a30ad733/profiles/openshift.yaml b/resources/v1.30-alpha.0a346609/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/profiles/openshift.yaml rename to resources/v1.30-alpha.0a346609/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.a30ad733/profiles/preview.yaml b/resources/v1.30-alpha.0a346609/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/profiles/preview.yaml rename to resources/v1.30-alpha.0a346609/profiles/preview.yaml diff --git a/resources/v1.30-alpha.a30ad733/profiles/remote.yaml b/resources/v1.30-alpha.0a346609/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/profiles/remote.yaml rename to resources/v1.30-alpha.0a346609/profiles/remote.yaml diff --git a/resources/v1.30-alpha.a30ad733/profiles/stable.yaml b/resources/v1.30-alpha.0a346609/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.a30ad733/profiles/stable.yaml rename to resources/v1.30-alpha.0a346609/profiles/stable.yaml diff --git a/resources/v1.30-alpha.0a346609/ztunnel-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag b/resources/v1.30-alpha.0a346609/ztunnel-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag new file mode 100644 index 000000000..55fd48514 --- /dev/null +++ b/resources/v1.30-alpha.0a346609/ztunnel-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag @@ -0,0 +1 @@ +467b37db0f019448448c83288f06b473 diff --git a/resources/v1.30-alpha.a30ad733/base-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag b/resources/v1.30-alpha.a30ad733/base-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag deleted file mode 100644 index be95f2797..000000000 --- a/resources/v1.30-alpha.a30ad733/base-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -6a20fbde6cc3450b90a670098b456adb diff --git a/resources/v1.30-alpha.a30ad733/cni-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag b/resources/v1.30-alpha.a30ad733/cni-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag deleted file mode 100644 index ef735eef6..000000000 --- a/resources/v1.30-alpha.a30ad733/cni-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -fa80969295cb1a10437a7e95e84c2502 diff --git a/resources/v1.30-alpha.a30ad733/commit b/resources/v1.30-alpha.a30ad733/commit deleted file mode 100644 index 3dc22795d..000000000 --- a/resources/v1.30-alpha.a30ad733/commit +++ /dev/null @@ -1 +0,0 @@ -a30ad73344d771ce45cba8a1d17b6bb2c209119d diff --git a/resources/v1.30-alpha.a30ad733/gateway-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag b/resources/v1.30-alpha.a30ad733/gateway-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag deleted file mode 100644 index 91f9f8b2f..000000000 --- a/resources/v1.30-alpha.a30ad733/gateway-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -f0bef15cfa2aeb23cbc1b388c39fa225 diff --git a/resources/v1.30-alpha.a30ad733/istiod-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag b/resources/v1.30-alpha.a30ad733/istiod-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag deleted file mode 100644 index 1ea84ce7e..000000000 --- a/resources/v1.30-alpha.a30ad733/istiod-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -ce979b022d392a5a04ddf431ebe85ceb diff --git a/resources/v1.30-alpha.a30ad733/ztunnel-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag b/resources/v1.30-alpha.a30ad733/ztunnel-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag deleted file mode 100644 index 2306532e9..000000000 --- a/resources/v1.30-alpha.a30ad733/ztunnel-1.30-alpha.a30ad73344d771ce45cba8a1d17b6bb2c209119d.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -8b4680d0cd74b577b9d57cf815811b25 From 0733256fe2d0bb24ff00acf5ec6b76e5182ebf84 Mon Sep 17 00:00:00 2001 From: Maxim Babushkin Date: Tue, 10 Feb 2026 09:37:11 +0200 Subject: [PATCH 35/40] Expose "peerCaCrl" Ztunnel param added in Helm (#1578) The "peerCaCrl" Helm parameter for Ztunnel has been added in the following PR - https://github.com/istio/istio/pull/58132 Now, lets expose it to Sail Operator. Signed-off-by: Maxim Babushkin --- api/v1/values_types_extra.go | 8 ++++++ api/v1/zz_generated.deepcopy.go | 25 +++++++++++++++++++ .../manifests/sailoperator.io_ztunnels.yaml | 20 +++++++++++++++ chart/crds/sailoperator.io_ztunnels.yaml | 20 +++++++++++++++ docs/api-reference/sailoperator.io.md | 17 +++++++++++++ 5 files changed, 90 insertions(+) diff --git a/api/v1/values_types_extra.go b/api/v1/values_types_extra.go index b6f2a5f05..c6bcc2271 100644 --- a/api/v1/values_types_extra.go +++ b/api/v1/values_types_extra.go @@ -23,6 +23,11 @@ type SDSConfigToken struct { Aud string `json:"aud,omitempty"` } +type PeerCaCrlConfig struct { + // When enabled, ztunnel will check certificates against the CRL + Enabled *bool `json:"enabled,omitempty"` +} + type CNIValues struct { // Configuration for the Istio CNI plugin. Cni *CNIConfig `json:"cni,omitempty"` @@ -75,6 +80,9 @@ type ZTunnelConfig struct { Resources *k8sv1.ResourceRequirements `json:"resources,omitempty"` // The resource quotas configuration for ztunnel ResourceQuotas *ResourceQuotas `json:"resourceQuotas,omitempty"` + // Certificate Revocation List (CRL) support for plugged-in CAs. + // When enabled, ztunnel will check certificates against the CRL + PeerCaCrl *PeerCaCrlConfig `json:"peerCaCrl,omitempty"` // K8s node selector settings. // // See https://kubernetes.io/docs/user-guide/node-selection/ diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go index 685cb83cc..01b22e756 100644 --- a/api/v1/zz_generated.deepcopy.go +++ b/api/v1/zz_generated.deepcopy.go @@ -3606,6 +3606,26 @@ func (in *OutboundTrafficPolicyConfig) DeepCopy() *OutboundTrafficPolicyConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PeerCaCrlConfig) DeepCopyInto(out *PeerCaCrlConfig) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PeerCaCrlConfig. +func (in *PeerCaCrlConfig) DeepCopy() *PeerCaCrlConfig { + if in == nil { + return nil + } + out := new(PeerCaCrlConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PilotConfig) DeepCopyInto(out *PilotConfig) { *out = *in @@ -5693,6 +5713,11 @@ func (in *ZTunnelConfig) DeepCopyInto(out *ZTunnelConfig) { *out = new(ResourceQuotas) (*in).DeepCopyInto(*out) } + if in.PeerCaCrl != nil { + in, out := &in.PeerCaCrl, &out.PeerCaCrl + *out = new(PeerCaCrlConfig) + (*in).DeepCopyInto(*out) + } if in.NodeSelector != nil { in, out := &in.NodeSelector, &out.NodeSelector *out = make(map[string]string, len(*in)) diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index b5bf0d2be..5287d5147 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -1225,6 +1225,16 @@ spec: See https://kubernetes.io/docs/user-guide/node-selection/ type: object + peerCaCrl: + description: |- + Certificate Revocation List (CRL) support for plugged-in CAs. + When enabled, ztunnel will check certificates against the CRL + properties: + enabled: + description: When enabled, ztunnel will check certificates + against the CRL + type: boolean + type: object podAnnotations: additionalProperties: type: string @@ -4776,6 +4786,16 @@ spec: See https://kubernetes.io/docs/user-guide/node-selection/ type: object + peerCaCrl: + description: |- + Certificate Revocation List (CRL) support for plugged-in CAs. + When enabled, ztunnel will check certificates against the CRL + properties: + enabled: + description: When enabled, ztunnel will check certificates + against the CRL + type: boolean + type: object podAnnotations: additionalProperties: type: string diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index eb57fa52f..b26c0447b 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -1225,6 +1225,16 @@ spec: See https://kubernetes.io/docs/user-guide/node-selection/ type: object + peerCaCrl: + description: |- + Certificate Revocation List (CRL) support for plugged-in CAs. + When enabled, ztunnel will check certificates against the CRL + properties: + enabled: + description: When enabled, ztunnel will check certificates + against the CRL + type: boolean + type: object podAnnotations: additionalProperties: type: string @@ -4776,6 +4786,16 @@ spec: See https://kubernetes.io/docs/user-guide/node-selection/ type: object + peerCaCrl: + description: |- + Certificate Revocation List (CRL) support for plugged-in CAs. + When enabled, ztunnel will check certificates against the CRL + properties: + enabled: + description: When enabled, ztunnel will check certificates + against the CRL + type: boolean + type: object podAnnotations: additionalProperties: type: string diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index a790402ce..e67718c19 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -2373,6 +2373,22 @@ _Appears in:_ | `REGISTRY_ONLY` | Restrict outbound traffic to services defined in the service registry as well as those defined through ServiceEntries | +#### PeerCaCrlConfig + + + + + + + +_Appears in:_ +- [ZTunnelConfig](#ztunnelconfig) + +| Field | Description | Default | Validation | +| --- | --- | --- | --- | +| `enabled` _boolean_ | When enabled, ztunnel will check certificates against the CRL | | | + + #### PilotConfig @@ -3451,6 +3467,7 @@ _Appears in:_ | `podLabels` _object (keys:string, values:string)_ | Additional labels to apply on the pod level. | | | | `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#resourcerequirements-v1-core)_ | The k8s resource requests and limits for the ztunnel Pods. | | | | `resourceQuotas` _[ResourceQuotas](#resourcequotas)_ | The resource quotas configuration for ztunnel | | | +| `peerCaCrl` _[PeerCaCrlConfig](#peercacrlconfig)_ | Certificate Revocation List (CRL) support for plugged-in CAs. When enabled, ztunnel will check certificates against the CRL | | | | `nodeSelector` _object (keys:string, values:string)_ | K8s node selector settings. See https://kubernetes.io/docs/user-guide/node-selection/ | | | | `imagePullSecrets` _string array_ | List of secret names to add to the service account as image pull secrets to use for pulling any images in pods that reference this ServiceAccount. Must be set for any cluster configured with private docker registry. | | | | `env` _object (keys:string, values:string)_ | A `key: value` mapping of environment variables to add to the pod | | | From bd8c753b29cc336da11149932fca1bff779139cc Mon Sep 17 00:00:00 2001 From: Francisco Herrera Date: Tue, 10 Feb 2026 14:00:24 +0100 Subject: [PATCH 36/40] Adding TARGET_ARCH to tag definition when run on CI true (#1583) * Adding TARGET_ARCH to tag definition when run on CI true Adding export TAG=pr-- when CI is true to avoid race conditions when building and pushing multiple arch jobs at the same time Signed-off-by: Francisco Herrera * Fix lint Fix lint error: Declare and assign separately to avoid masking return values Signed-off-by: Francisco Herrera * Fix indent Fix indent Signed-off-by: Francisco Herrera --------- Signed-off-by: Francisco Herrera --- tests/e2e/common-operator-integ-suite.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/e2e/common-operator-integ-suite.sh b/tests/e2e/common-operator-integ-suite.sh index f2fa8f649..2f50d7ec5 100755 --- a/tests/e2e/common-operator-integ-suite.sh +++ b/tests/e2e/common-operator-integ-suite.sh @@ -152,13 +152,14 @@ initialize_variables() { # Scenario 2: CI mode with default HUB -> use external registry with proper CI tag echo "CI mode detected for OCP, using external registry ${HUB}" export USE_INTERNAL_REGISTRY="false" - # Use PR_NUMBER if available, otherwise generate timestamp tag + # Use TARGET_ARCH to differentiate tags for different architectures in CI, avoid race conditions in CI when multiple runs are pushing to the same default tag if [ -n "${PR_NUMBER:-}" ]; then - export TAG="pr-${PR_NUMBER}" + TAG="pr-${PR_NUMBER}-${TARGET_ARCH}" + export TAG echo "Using PR-based tag: ${TAG}" else - TAG="ci-test-$(date +%s)" + TAG="ci-test-$(date +%s)-${TARGET_ARCH}" export TAG echo "Using timestamp-based tag: ${TAG}" fi From 871f07e975ae7ae1d46973718cd27e2b6ffb09d5 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot <165402251+openshift-service-mesh-bot@users.noreply.github.com> Date: Wed, 11 Feb 2026 00:51:23 -0500 Subject: [PATCH 37/40] Automator: Update dependencies in istio-ecosystem/sail-operator@main (#1587) Signed-off-by: openshift-service-mesh-bot --- api/v1/istio_types.go | 6 +- api/v1/istiocni_types.go | 6 +- api/v1/istiorevision_types.go | 6 +- api/v1/values_types.gen.go | 2 +- api/v1/ztunnel_types.go | 6 +- api/v1alpha1/ztunnel_types.go | 6 +- .../sailoperator.clusterserviceversion.yaml | 37 +- .../manifests/sailoperator.io_istiocnis.yaml | 5 +- .../sailoperator.io_istiorevisions.yaml | 5 +- bundle/manifests/sailoperator.io_istios.yaml | 5 +- .../manifests/sailoperator.io_ztunnels.yaml | 10 +- .../telemetry.istio.io_telemetries.yaml | 12 + chart/crds/sailoperator.io_istiocnis.yaml | 5 +- .../crds/sailoperator.io_istiorevisions.yaml | 5 +- chart/crds/sailoperator.io_istios.yaml | 5 +- chart/crds/sailoperator.io_ztunnels.yaml | 10 +- .../crds/telemetry.istio.io_telemetries.yaml | 12 + chart/values.yaml | 15 +- docs/api-reference/sailoperator.io.md | 10 +- go.mod | 6 +- go.sum | 12 +- pkg/istioversion/versions.yaml | 30 +- resources/v1.27.6/base-1.27.6.tgz.etag | 1 + .../charts/base/Chart.yaml | 4 +- .../charts/base/README.md | 0 .../charts/base/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.24.yaml | 15 + .../profile-compatibility-version-1.25.yaml | 11 + .../profile-compatibility-version-1.26.yaml | 8 + .../charts/base/files/profile-demo.yaml | 0 .../base/files/profile-platform-gke.yaml | 0 .../base/files/profile-platform-k3d.yaml | 0 .../base/files/profile-platform-k3s.yaml | 0 .../base/files/profile-platform-microk8s.yaml | 0 .../base/files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/base/files/profile-preview.yaml | 0 .../charts/base/files/profile-remote.yaml | 0 .../charts/base/files/profile-stable.yaml | 0 .../charts/base/templates/NOTES.txt | 0 ...ultrevision-validatingadmissionpolicy.yaml | 53 ++ ...vision-validatingwebhookconfiguration.yaml | 56 ++ .../base/templates/reader-serviceaccount.yaml | 20 + .../charts/base/templates/zzz_profile.yaml | 0 resources/v1.27.6/charts/base/values.yaml | 37 ++ .../charts/cni/Chart.yaml | 4 +- resources/v1.27.6/charts/cni/README.md | 65 ++ .../charts/cni/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.24.yaml | 15 + .../profile-compatibility-version-1.25.yaml | 11 + .../profile-compatibility-version-1.26.yaml | 8 + .../charts/cni/files/profile-demo.yaml | 0 .../cni/files/profile-platform-gke.yaml | 0 .../cni/files/profile-platform-k3d.yaml | 0 .../cni/files/profile-platform-k3s.yaml | 0 .../cni/files/profile-platform-microk8s.yaml | 0 .../cni/files/profile-platform-minikube.yaml | 0 .../cni/files/profile-platform-openshift.yaml | 0 .../charts/cni/files/profile-preview.yaml | 0 .../charts/cni/files/profile-remote.yaml | 0 .../charts/cni/files/profile-stable.yaml | 0 .../charts/cni/templates/NOTES.txt | 0 .../charts/cni/templates/_helpers.tpl | 0 .../charts/cni/templates/clusterrole.yaml | 81 +++ .../cni/templates/clusterrolebinding.yaml | 63 ++ .../charts/cni/templates/configmap-cni.yaml | 41 ++ .../charts/cni/templates/daemonset.yaml | 248 ++++++++ .../network-attachment-definition.yaml | 11 + .../charts/cni/templates/resourcequota.yaml | 19 + .../charts/cni/templates/serviceaccount.yaml | 18 + .../cni/templates/zzy_descope_legacy.yaml | 0 .../charts/cni/templates/zzz_profile.yaml | 0 resources/v1.27.6/charts/cni/values.yaml | 178 ++++++ .../charts/gateway/Chart.yaml | 4 +- resources/v1.27.6/charts/gateway/README.md | 170 ++++++ .../charts/gateway/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.24.yaml | 15 + .../profile-compatibility-version-1.25.yaml | 11 + .../profile-compatibility-version-1.26.yaml | 8 + .../charts/gateway/files/profile-demo.yaml | 0 .../gateway/files/profile-platform-gke.yaml | 0 .../gateway/files/profile-platform-k3d.yaml | 0 .../gateway/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/gateway/files/profile-preview.yaml | 0 .../charts/gateway/files/profile-remote.yaml | 0 .../charts/gateway/files/profile-stable.yaml | 0 .../charts/gateway/templates/NOTES.txt | 0 .../charts/gateway/templates/_helpers.tpl | 0 .../charts/gateway/templates/deployment.yaml | 0 .../charts/gateway/templates/hpa.yaml | 0 .../templates/poddisruptionbudget.yaml | 18 + .../charts/gateway/templates/role.yaml | 0 .../charts/gateway/templates/service.yaml | 72 +++ .../gateway/templates/serviceaccount.yaml | 0 .../charts/gateway/templates/zzz_profile.yaml | 0 .../v1.27.6/charts/gateway/values.schema.json | 359 +++++++++++ resources/v1.27.6/charts/gateway/values.yaml | 194 ++++++ .../charts/istiod/Chart.yaml | 4 +- resources/v1.27.6/charts/istiod/README.md | 73 +++ .../files/gateway-injection-template.yaml | 274 +++++++++ .../charts/istiod/files/grpc-agent.yaml | 0 .../charts/istiod/files/grpc-simple.yaml | 0 .../istiod/files/injection-template.yaml | 541 +++++++++++++++++ .../charts/istiod/files/kube-gateway.yaml | 401 ++++++++++++ .../charts/istiod/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.24.yaml | 15 + .../profile-compatibility-version-1.25.yaml | 11 + .../profile-compatibility-version-1.26.yaml | 8 + .../charts/istiod/files/profile-demo.yaml | 0 .../istiod/files/profile-platform-gke.yaml | 0 .../istiod/files/profile-platform-k3d.yaml | 0 .../istiod/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/istiod/files/profile-preview.yaml | 0 .../charts/istiod/files/profile-remote.yaml | 0 .../charts/istiod/files/profile-stable.yaml | 0 .../v1.27.6/charts/istiod/files/waypoint.yaml | 396 ++++++++++++ .../charts/istiod/templates/NOTES.txt | 0 .../charts/istiod/templates/_helpers.tpl | 0 .../charts/istiod/templates/autoscale.yaml | 43 ++ .../charts/istiod/templates/clusterrole.yaml | 213 +++++++ .../istiod/templates/clusterrolebinding.yaml | 40 ++ .../istiod/templates/configmap-jwks.yaml | 18 + .../istiod/templates/configmap-values.yaml | 19 + .../charts/istiod/templates/configmap.yaml | 111 ++++ .../charts/istiod/templates/deployment.yaml | 312 ++++++++++ .../templates/gateway-class-configmap.yaml | 20 + .../templates/istiod-injector-configmap.yaml | 81 +++ .../istiod/templates/mutatingwebhook.yaml | 164 +++++ .../istiod/templates/poddisruptionbudget.yaml | 36 ++ .../istiod/templates/reader-clusterrole.yaml | 62 ++ .../templates/reader-clusterrolebinding.yaml | 17 + .../templates/remote-istiod-endpoints.yaml | 30 + .../templates/remote-istiod-service.yaml | 41 ++ .../istiod/templates/revision-tags.yaml | 149 +++++ .../v1.27.6/charts/istiod/templates/role.yaml | 35 ++ .../charts/istiod/templates/rolebinding.yaml | 21 + .../charts/istiod/templates/service.yaml | 57 ++ .../istiod/templates/serviceaccount.yaml | 24 + .../templates/validatingadmissionpolicy.yaml | 63 ++ .../validatingwebhookconfiguration.yaml | 68 +++ .../istiod/templates/zzy_descope_legacy.yaml | 3 + .../charts/istiod/templates/zzz_profile.yaml | 0 resources/v1.27.6/charts/istiod/values.yaml | 569 ++++++++++++++++++ .../charts/revisiontags/Chart.yaml | 2 +- .../revisiontags/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.24.yaml | 15 + .../profile-compatibility-version-1.25.yaml | 11 + .../profile-compatibility-version-1.26.yaml | 8 + .../revisiontags/files/profile-demo.yaml | 0 .../files/profile-platform-gke.yaml | 0 .../files/profile-platform-k3d.yaml | 0 .../files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../revisiontags/files/profile-preview.yaml | 0 .../revisiontags/files/profile-remote.yaml | 0 .../revisiontags/files/profile-stable.yaml | 0 .../revisiontags/templates/revision-tags.yaml | 149 +++++ .../revisiontags/templates/zzz_profile.yaml | 0 .../v1.27.6/charts/revisiontags/values.yaml | 569 ++++++++++++++++++ .../charts/ztunnel/Chart.yaml | 4 +- resources/v1.27.6/charts/ztunnel/README.md | 50 ++ .../charts/ztunnel/files/profile-ambient.yaml | 0 .../profile-compatibility-version-1.24.yaml | 15 + .../profile-compatibility-version-1.25.yaml | 11 + .../profile-compatibility-version-1.26.yaml | 8 + .../charts/ztunnel/files/profile-demo.yaml | 0 .../ztunnel/files/profile-platform-gke.yaml | 0 .../ztunnel/files/profile-platform-k3d.yaml | 0 .../ztunnel/files/profile-platform-k3s.yaml | 0 .../files/profile-platform-microk8s.yaml | 0 .../files/profile-platform-minikube.yaml | 0 .../files/profile-platform-openshift.yaml | 0 .../charts/ztunnel/files/profile-preview.yaml | 0 .../charts/ztunnel/files/profile-remote.yaml | 0 .../charts/ztunnel/files/profile-stable.yaml | 0 .../charts/ztunnel/templates/NOTES.txt | 0 .../charts/ztunnel/templates/_helpers.tpl | 0 .../charts/ztunnel/templates/daemonset.yaml | 210 +++++++ .../charts/ztunnel/templates/rbac.yaml | 72 +++ .../ztunnel/templates/resourcequota.yaml | 20 + .../charts/ztunnel/templates/zzz_profile.yaml | 0 resources/v1.27.6/charts/ztunnel/values.yaml | 128 ++++ resources/v1.27.6/cni-1.27.6.tgz.etag | 1 + resources/v1.27.6/commit | 1 + resources/v1.27.6/gateway-1.27.6.tgz.etag | 1 + resources/v1.27.6/istiod-1.27.6.tgz.etag | 1 + .../profiles/ambient.yaml | 0 .../profiles/default.yaml | 0 .../profiles/demo.yaml | 0 .../profiles/empty.yaml | 0 .../profiles/openshift-ambient.yaml | 0 .../profiles/openshift.yaml | 0 .../profiles/preview.yaml | 0 .../profiles/remote.yaml | 0 .../profiles/stable.yaml | 0 resources/v1.27.6/ztunnel-1.27.6.tgz.etag | 1 + ...91a333998e160a8aa3400a3aa65d4cb7a.tgz.etag | 1 - ...91a333998e160a8aa3400a3aa65d4cb7a.tgz.etag | 1 - resources/v1.30-alpha.0a346609/commit | 1 - ...91a333998e160a8aa3400a3aa65d4cb7a.tgz.etag | 1 - ...91a333998e160a8aa3400a3aa65d4cb7a.tgz.etag | 1 - ...91a333998e160a8aa3400a3aa65d4cb7a.tgz.etag | 1 - ...b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag | 1 + .../charts/base/Chart.yaml | 10 + .../charts/base/README.md | 35 ++ .../charts/base/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/base/files/profile-demo.yaml | 94 +++ .../base/files/profile-platform-gke.yaml | 10 + .../base/files/profile-platform-k3d.yaml | 7 + .../base/files/profile-platform-k3s.yaml | 7 + .../base/files/profile-platform-microk8s.yaml | 7 + .../base/files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/base/files/profile-preview.yaml | 13 + .../charts/base/files/profile-remote.yaml | 13 + .../charts/base/files/profile-stable.yaml | 8 + .../charts/base/templates/NOTES.txt | 5 + ...ultrevision-validatingadmissionpolicy.yaml | 0 ...vision-validatingwebhookconfiguration.yaml | 0 .../base/templates/reader-serviceaccount.yaml | 0 .../charts/base/templates/zzz_profile.yaml | 75 +++ .../charts/base/values.yaml | 0 .../charts/cni/Chart.yaml | 11 + .../charts/cni/README.md | 0 .../charts/cni/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/cni/files/profile-demo.yaml | 94 +++ .../cni/files/profile-platform-gke.yaml | 10 + .../cni/files/profile-platform-k3d.yaml | 7 + .../cni/files/profile-platform-k3s.yaml | 7 + .../cni/files/profile-platform-microk8s.yaml | 7 + .../cni/files/profile-platform-minikube.yaml | 6 + .../cni/files/profile-platform-openshift.yaml | 19 + .../charts/cni/files/profile-preview.yaml | 13 + .../charts/cni/files/profile-remote.yaml | 13 + .../charts/cni/files/profile-stable.yaml | 8 + .../charts/cni/templates/NOTES.txt | 5 + .../charts/cni/templates/_helpers.tpl | 8 + .../charts/cni/templates/clusterrole.yaml | 0 .../cni/templates/clusterrolebinding.yaml | 0 .../charts/cni/templates/configmap-cni.yaml | 0 .../charts/cni/templates/daemonset.yaml | 0 .../network-attachment-definition.yaml | 0 .../charts/cni/templates/networkpolicy.yaml | 0 .../charts/cni/templates/resourcequota.yaml | 0 .../charts/cni/templates/serviceaccount.yaml | 0 .../cni/templates/zzy_descope_legacy.yaml | 3 + .../charts/cni/templates/zzz_profile.yaml | 75 +++ .../charts/cni/values.yaml | 2 +- .../charts/gateway/Chart.yaml | 12 + .../charts/gateway/README.md | 0 .../charts/gateway/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/gateway/files/profile-demo.yaml | 94 +++ .../gateway/files/profile-platform-gke.yaml | 10 + .../gateway/files/profile-platform-k3d.yaml | 7 + .../gateway/files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/gateway/files/profile-preview.yaml | 13 + .../charts/gateway/files/profile-remote.yaml | 13 + .../charts/gateway/files/profile-stable.yaml | 8 + .../charts/gateway/templates/NOTES.txt | 9 + .../charts/gateway/templates/_helpers.tpl | 40 ++ .../charts/gateway/templates/deployment.yaml | 145 +++++ .../charts/gateway/templates/hpa.yaml | 40 ++ .../gateway/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../charts/gateway/templates/role.yaml | 37 ++ .../charts/gateway/templates/service.yaml | 0 .../gateway/templates/serviceaccount.yaml | 15 + .../charts/gateway/templates/zzz_profile.yaml | 75 +++ .../charts/gateway/values.schema.json | 0 .../charts/gateway/values.yaml | 0 .../charts/istiod/Chart.yaml | 12 + .../charts/istiod/README.md | 0 .../charts/istiod/files/agentgateway.yaml | 0 .../files/gateway-injection-template.yaml | 0 .../charts/istiod/files/grpc-agent.yaml | 318 ++++++++++ .../charts/istiod/files/grpc-simple.yaml | 65 ++ .../istiod/files/injection-template.yaml | 0 .../charts/istiod/files/kube-gateway.yaml | 0 .../charts/istiod/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/istiod/files/profile-demo.yaml | 94 +++ .../istiod/files/profile-platform-gke.yaml | 10 + .../istiod/files/profile-platform-k3d.yaml | 7 + .../istiod/files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/istiod/files/profile-preview.yaml | 13 + .../charts/istiod/files/profile-remote.yaml | 13 + .../charts/istiod/files/profile-stable.yaml | 8 + .../charts/istiod/files/waypoint.yaml | 0 .../charts/istiod/templates/NOTES.txt | 82 +++ .../charts/istiod/templates/_helpers.tpl | 23 + .../charts/istiod/templates/autoscale.yaml | 0 .../charts/istiod/templates/clusterrole.yaml | 0 .../istiod/templates/clusterrolebinding.yaml | 0 .../istiod/templates/configmap-jwks.yaml | 0 .../istiod/templates/configmap-values.yaml | 0 .../charts/istiod/templates/configmap.yaml | 0 .../charts/istiod/templates/deployment.yaml | 0 .../templates/gateway-class-configmap.yaml | 0 .../templates/istiod-injector-configmap.yaml | 0 .../istiod/templates/mutatingwebhook.yaml | 0 .../istiod/templates/networkpolicy.yaml | 0 .../istiod/templates/poddisruptionbudget.yaml | 0 .../istiod/templates/reader-clusterrole.yaml | 0 .../templates/reader-clusterrolebinding.yaml | 0 .../remote-istiod-endpointslices.yaml | 0 .../templates/remote-istiod-service.yaml | 0 .../istiod/templates/revision-tags-mwc.yaml | 0 .../istiod/templates/revision-tags-svc.yaml | 0 .../charts/istiod/templates/role.yaml | 0 .../charts/istiod/templates/rolebinding.yaml | 0 .../charts/istiod/templates/service.yaml | 0 .../istiod/templates/serviceaccount.yaml | 0 .../templates/validatingadmissionpolicy.yaml | 0 .../validatingwebhookconfiguration.yaml | 0 .../istiod/templates/zzy_descope_legacy.yaml | 0 .../charts/istiod/templates/zzz_profile.yaml | 75 +++ .../charts/istiod/values.yaml | 2 +- .../charts/revisiontags/Chart.yaml | 8 + .../revisiontags/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../revisiontags/files/profile-demo.yaml | 94 +++ .../files/profile-platform-gke.yaml | 10 + .../files/profile-platform-k3d.yaml | 7 + .../files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../revisiontags/files/profile-preview.yaml | 13 + .../revisiontags/files/profile-remote.yaml | 13 + .../revisiontags/files/profile-stable.yaml | 8 + .../templates/revision-tags-mwc.yaml | 0 .../templates/revision-tags-svc.yaml | 0 .../revisiontags/templates/zzz_profile.yaml | 75 +++ .../charts/revisiontags/values.yaml | 2 +- .../charts/ztunnel/Chart.yaml | 11 + .../charts/ztunnel/README.md | 0 .../charts/ztunnel/files/profile-ambient.yaml | 24 + .../profile-compatibility-version-1.25.yaml | 0 .../profile-compatibility-version-1.26.yaml | 0 .../profile-compatibility-version-1.27.yaml | 0 .../profile-compatibility-version-1.28.yaml | 0 .../charts/ztunnel/files/profile-demo.yaml | 94 +++ .../ztunnel/files/profile-platform-gke.yaml | 10 + .../ztunnel/files/profile-platform-k3d.yaml | 7 + .../ztunnel/files/profile-platform-k3s.yaml | 7 + .../files/profile-platform-microk8s.yaml | 7 + .../files/profile-platform-minikube.yaml | 6 + .../files/profile-platform-openshift.yaml | 19 + .../charts/ztunnel/files/profile-preview.yaml | 13 + .../charts/ztunnel/files/profile-remote.yaml | 13 + .../charts/ztunnel/files/profile-stable.yaml | 8 + .../charts/ztunnel/templates/NOTES.txt | 5 + .../charts/ztunnel/templates/_helpers.tpl | 1 + .../charts/ztunnel/templates/daemonset.yaml | 0 .../ztunnel/templates/networkpolicy.yaml | 0 .../charts/ztunnel/templates/rbac.yaml | 0 .../ztunnel/templates/resourcequota.yaml | 0 .../ztunnel/templates/serviceaccount.yaml | 0 .../charts/ztunnel/templates/zzz_profile.yaml | 75 +++ .../charts/ztunnel/values.yaml | 2 +- ...b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag | 1 + resources/v1.30-alpha.9e476e6b/commit | 1 + ...b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag | 1 + ...b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag | 1 + .../profiles/ambient.yaml | 5 + .../profiles/default.yaml | 12 + .../v1.30-alpha.9e476e6b/profiles/demo.yaml | 5 + .../v1.30-alpha.9e476e6b/profiles/empty.yaml | 5 + .../profiles/openshift-ambient.yaml | 7 + .../profiles/openshift.yaml | 6 + .../profiles/preview.yaml | 8 + .../v1.30-alpha.9e476e6b/profiles/remote.yaml | 7 + .../v1.30-alpha.9e476e6b/profiles/stable.yaml | 5 + ...b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag | 1 + 406 files changed, 9808 insertions(+), 100 deletions(-) create mode 100644 resources/v1.27.6/base-1.27.6.tgz.etag rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/base/Chart.yaml (63%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/base/README.md (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/base/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.27.6/charts/base/files/profile-compatibility-version-1.24.yaml create mode 100644 resources/v1.27.6/charts/base/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.27.6/charts/base/files/profile-compatibility-version-1.26.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/base/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/base/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/base/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/base/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/base/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/base/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/base/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/base/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/base/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/base/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/base/templates/NOTES.txt (100%) create mode 100644 resources/v1.27.6/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml create mode 100644 resources/v1.27.6/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml create mode 100644 resources/v1.27.6/charts/base/templates/reader-serviceaccount.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/base/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.27.6/charts/base/values.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/Chart.yaml (62%) create mode 100644 resources/v1.27.6/charts/cni/README.md rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.27.6/charts/cni/files/profile-compatibility-version-1.24.yaml create mode 100644 resources/v1.27.6/charts/cni/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.27.6/charts/cni/files/profile-compatibility-version-1.26.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/templates/_helpers.tpl (100%) create mode 100644 resources/v1.27.6/charts/cni/templates/clusterrole.yaml create mode 100644 resources/v1.27.6/charts/cni/templates/clusterrolebinding.yaml create mode 100644 resources/v1.27.6/charts/cni/templates/configmap-cni.yaml create mode 100644 resources/v1.27.6/charts/cni/templates/daemonset.yaml create mode 100644 resources/v1.27.6/charts/cni/templates/network-attachment-definition.yaml create mode 100644 resources/v1.27.6/charts/cni/templates/resourcequota.yaml create mode 100644 resources/v1.27.6/charts/cni/templates/serviceaccount.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/templates/zzy_descope_legacy.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/cni/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.27.6/charts/cni/values.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/Chart.yaml (64%) create mode 100644 resources/v1.27.6/charts/gateway/README.md rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.27.6/charts/gateway/files/profile-compatibility-version-1.24.yaml create mode 100644 resources/v1.27.6/charts/gateway/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.27.6/charts/gateway/files/profile-compatibility-version-1.26.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/templates/_helpers.tpl (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/templates/hpa.yaml (100%) create mode 100644 resources/v1.27.6/charts/gateway/templates/poddisruptionbudget.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/templates/role.yaml (100%) create mode 100644 resources/v1.27.6/charts/gateway/templates/service.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/gateway/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.27.6/charts/gateway/values.schema.json create mode 100644 resources/v1.27.6/charts/gateway/values.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/Chart.yaml (63%) create mode 100644 resources/v1.27.6/charts/istiod/README.md create mode 100644 resources/v1.27.6/charts/istiod/files/gateway-injection-template.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/files/grpc-agent.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/files/grpc-simple.yaml (100%) create mode 100644 resources/v1.27.6/charts/istiod/files/injection-template.yaml create mode 100644 resources/v1.27.6/charts/istiod/files/kube-gateway.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.27.6/charts/istiod/files/profile-compatibility-version-1.24.yaml create mode 100644 resources/v1.27.6/charts/istiod/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.27.6/charts/istiod/files/profile-compatibility-version-1.26.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/files/profile-stable.yaml (100%) create mode 100644 resources/v1.27.6/charts/istiod/files/waypoint.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/templates/_helpers.tpl (100%) create mode 100644 resources/v1.27.6/charts/istiod/templates/autoscale.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/clusterrole.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/clusterrolebinding.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/configmap-jwks.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/configmap-values.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/configmap.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/deployment.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/gateway-class-configmap.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/istiod-injector-configmap.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/mutatingwebhook.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/poddisruptionbudget.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/reader-clusterrole.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/reader-clusterrolebinding.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/remote-istiod-endpoints.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/remote-istiod-service.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/revision-tags.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/role.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/rolebinding.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/service.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/serviceaccount.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/validatingadmissionpolicy.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/validatingwebhookconfiguration.yaml create mode 100644 resources/v1.27.6/charts/istiod/templates/zzy_descope_legacy.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/istiod/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.27.6/charts/istiod/values.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/revisiontags/Chart.yaml (71%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/revisiontags/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.27.6/charts/revisiontags/files/profile-compatibility-version-1.24.yaml create mode 100644 resources/v1.27.6/charts/revisiontags/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.27.6/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/revisiontags/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/revisiontags/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/revisiontags/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/revisiontags/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/revisiontags/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/revisiontags/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/revisiontags/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/revisiontags/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/revisiontags/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/revisiontags/files/profile-stable.yaml (100%) create mode 100644 resources/v1.27.6/charts/revisiontags/templates/revision-tags.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/revisiontags/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.27.6/charts/revisiontags/values.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/ztunnel/Chart.yaml (63%) create mode 100644 resources/v1.27.6/charts/ztunnel/README.md rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/ztunnel/files/profile-ambient.yaml (100%) create mode 100644 resources/v1.27.6/charts/ztunnel/files/profile-compatibility-version-1.24.yaml create mode 100644 resources/v1.27.6/charts/ztunnel/files/profile-compatibility-version-1.25.yaml create mode 100644 resources/v1.27.6/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/ztunnel/files/profile-demo.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/ztunnel/files/profile-platform-gke.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/ztunnel/files/profile-platform-k3d.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/ztunnel/files/profile-platform-k3s.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/ztunnel/files/profile-platform-microk8s.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/ztunnel/files/profile-platform-minikube.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/ztunnel/files/profile-platform-openshift.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/ztunnel/files/profile-preview.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/ztunnel/files/profile-remote.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/ztunnel/files/profile-stable.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/ztunnel/templates/NOTES.txt (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/ztunnel/templates/_helpers.tpl (100%) create mode 100644 resources/v1.27.6/charts/ztunnel/templates/daemonset.yaml create mode 100644 resources/v1.27.6/charts/ztunnel/templates/rbac.yaml create mode 100644 resources/v1.27.6/charts/ztunnel/templates/resourcequota.yaml rename resources/{v1.30-alpha.0a346609 => v1.27.6}/charts/ztunnel/templates/zzz_profile.yaml (100%) create mode 100644 resources/v1.27.6/charts/ztunnel/values.yaml create mode 100644 resources/v1.27.6/cni-1.27.6.tgz.etag create mode 100644 resources/v1.27.6/commit create mode 100644 resources/v1.27.6/gateway-1.27.6.tgz.etag create mode 100644 resources/v1.27.6/istiod-1.27.6.tgz.etag rename resources/{v1.30-alpha.0a346609 => v1.27.6}/profiles/ambient.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/profiles/default.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/profiles/demo.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/profiles/empty.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/profiles/openshift-ambient.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/profiles/openshift.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/profiles/preview.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/profiles/remote.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.27.6}/profiles/stable.yaml (100%) create mode 100644 resources/v1.27.6/ztunnel-1.27.6.tgz.etag delete mode 100644 resources/v1.30-alpha.0a346609/base-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag delete mode 100644 resources/v1.30-alpha.0a346609/cni-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag delete mode 100644 resources/v1.30-alpha.0a346609/commit delete mode 100644 resources/v1.30-alpha.0a346609/gateway-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag delete mode 100644 resources/v1.30-alpha.0a346609/istiod-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag delete mode 100644 resources/v1.30-alpha.0a346609/ztunnel-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag create mode 100644 resources/v1.30-alpha.9e476e6b/base-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag create mode 100644 resources/v1.30-alpha.9e476e6b/charts/base/Chart.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/base/README.md create mode 100644 resources/v1.30-alpha.9e476e6b/charts/base/files/profile-ambient.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/base/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/base/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/base/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/base/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/base/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/base/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/base/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/base/files/profile-stable.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/base/templates/NOTES.txt rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/base/templates/reader-serviceaccount.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/base/templates/zzz_profile.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/base/values.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/Chart.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/cni/README.md (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-ambient.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/cni/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/cni/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/cni/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/cni/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-stable.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/templates/NOTES.txt create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/templates/_helpers.tpl rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/cni/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/cni/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/cni/templates/configmap-cni.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/cni/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/cni/templates/network-attachment-definition.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/cni/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/cni/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/cni/templates/serviceaccount.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/templates/zzy_descope_legacy.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/cni/templates/zzz_profile.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/cni/values.yaml (99%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/Chart.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/gateway/README.md (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-ambient.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/gateway/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/gateway/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/gateway/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/gateway/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-stable.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/templates/NOTES.txt create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/templates/_helpers.tpl create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/templates/deployment.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/templates/hpa.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/gateway/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/gateway/templates/poddisruptionbudget.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/templates/role.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/gateway/templates/service.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/templates/serviceaccount.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/gateway/templates/zzz_profile.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/gateway/values.schema.json (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/gateway/values.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/Chart.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/README.md (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/files/agentgateway.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/files/gateway-injection-template.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/files/grpc-agent.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/files/grpc-simple.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/files/injection-template.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/files/kube-gateway.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-ambient.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-stable.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/files/waypoint.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/templates/NOTES.txt create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/templates/_helpers.tpl rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/autoscale.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/clusterrole.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/configmap-jwks.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/configmap-values.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/configmap.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/deployment.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/gateway-class-configmap.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/istiod-injector-configmap.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/mutatingwebhook.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/poddisruptionbudget.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/reader-clusterrole.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/reader-clusterrolebinding.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/remote-istiod-endpointslices.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/remote-istiod-service.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/revision-tags-svc.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/role.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/rolebinding.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/service.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/serviceaccount.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/validatingadmissionpolicy.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/validatingwebhookconfiguration.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/templates/zzy_descope_legacy.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/istiod/templates/zzz_profile.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/istiod/values.yaml (99%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/revisiontags/Chart.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-ambient.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/revisiontags/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/revisiontags/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/revisiontags/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/revisiontags/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-stable.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/revisiontags/templates/revision-tags-mwc.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/revisiontags/templates/revision-tags-svc.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/revisiontags/templates/zzz_profile.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/revisiontags/values.yaml (99%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/ztunnel/Chart.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/ztunnel/README.md (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-ambient.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/ztunnel/files/profile-compatibility-version-1.25.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/ztunnel/files/profile-compatibility-version-1.26.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/ztunnel/files/profile-compatibility-version-1.27.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/ztunnel/files/profile-compatibility-version-1.28.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-demo.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-gke.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-k3d.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-k3s.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-microk8s.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-minikube.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-openshift.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-preview.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-remote.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-stable.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/NOTES.txt create mode 100644 resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/_helpers.tpl rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/ztunnel/templates/daemonset.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/ztunnel/templates/networkpolicy.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/ztunnel/templates/rbac.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/ztunnel/templates/resourcequota.yaml (100%) rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/ztunnel/templates/serviceaccount.yaml (100%) create mode 100644 resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/zzz_profile.yaml rename resources/{v1.30-alpha.0a346609 => v1.30-alpha.9e476e6b}/charts/ztunnel/values.yaml (99%) create mode 100644 resources/v1.30-alpha.9e476e6b/cni-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag create mode 100644 resources/v1.30-alpha.9e476e6b/commit create mode 100644 resources/v1.30-alpha.9e476e6b/gateway-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag create mode 100644 resources/v1.30-alpha.9e476e6b/istiod-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag create mode 100644 resources/v1.30-alpha.9e476e6b/profiles/ambient.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/profiles/default.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/profiles/demo.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/profiles/empty.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/profiles/openshift-ambient.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/profiles/openshift.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/profiles/preview.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/profiles/remote.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/profiles/stable.yaml create mode 100644 resources/v1.30-alpha.9e476e6b/ztunnel-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag diff --git a/api/v1/istio_types.go b/api/v1/istio_types.go index fe9ece380..a0dbb82d6 100644 --- a/api/v1/istio_types.go +++ b/api/v1/istio_types.go @@ -37,9 +37,9 @@ const ( type IstioSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.0a346609 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.9e476e6b"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.9e476e6b // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiocni_types.go b/api/v1/istiocni_types.go index 1de1098d8..2f52b2a4d 100644 --- a/api/v1/istiocni_types.go +++ b/api/v1/istiocni_types.go @@ -28,9 +28,9 @@ const ( type IstioCNISpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.0a346609 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.9e476e6b"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23-latest;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22-latest;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;master;v1.30-alpha.9e476e6b // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1/istiorevision_types.go b/api/v1/istiorevision_types.go index cbadc918f..108993f12 100644 --- a/api/v1/istiorevision_types.go +++ b/api/v1/istiorevision_types.go @@ -30,9 +30,9 @@ const ( type IstioRevisionSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0a346609. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609"} - // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.0a346609 + // Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.9e476e6b. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.9e476e6b"} + // +kubebuilder:validation:Enum=v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;v1.23.6;v1.23.5;v1.23.4;v1.23.3;v1.23.2;v1.22.8;v1.22.7;v1.22.6;v1.22.5;v1.21.6;v1.30-alpha.9e476e6b Version string `json:"version"` // Namespace to which the Istio components should be installed. diff --git a/api/v1/values_types.gen.go b/api/v1/values_types.gen.go index f1edb4744..26bdecd59 100644 --- a/api/v1/values_types.gen.go +++ b/api/v1/values_types.gen.go @@ -3501,7 +3501,7 @@ type Network struct { // If `ENABLE_HCM_INTERNAL_NETWORKS` is set to true, MeshNetworks can be used to // to explicitly define the networks in Envoy's internal address configuration. // Envoy uses the IPs in the `internalAddressConfig` to decide whether or not to sanitize -// Envoy headers. If the IP address is listed an internal, the Envoy headers are not +// Envoy headers. If the IP address is listed as internal, the Envoy headers are not // sanitized. As of Envoy 1.33, the default value for `internalAddressConfig` is set to // an empty set. Previously, the default value was the set of all private IPs. Setting // the `internalAddressConfig` to all private IPs (via Envoy's previous default behavior diff --git a/api/v1/ztunnel_types.go b/api/v1/ztunnel_types.go index b5f2d5bf2..edd6cd890 100644 --- a/api/v1/ztunnel_types.go +++ b/api/v1/ztunnel_types.go @@ -28,9 +28,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.0a346609 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.9e476e6b"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.9e476e6b // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/api/v1alpha1/ztunnel_types.go b/api/v1alpha1/ztunnel_types.go index 417fdba03..80f5416ea 100644 --- a/api/v1alpha1/ztunnel_types.go +++ b/api/v1alpha1/ztunnel_types.go @@ -29,9 +29,9 @@ const ( type ZTunnelSpec struct { // +sail:version // Defines the version of Istio to install. - // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. - // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609"} - // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.0a346609 + // Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. + // +operator-sdk:csv:customresourcedefinitions:type=spec,order=1,displayName="Istio Version",xDescriptors={"urn:alm:descriptor:com.tectonic.ui:fieldGroup:General", "urn:alm:descriptor:com.tectonic.ui:select:v1.28-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.28.0", "urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.6", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.5", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.4", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.3", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.2", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.1", "urn:alm:descriptor:com.tectonic.ui:select:v1.27.0", "urn:alm:descriptor:com.tectonic.ui:select:master", "urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.9e476e6b"} + // +kubebuilder:validation:Enum=v1.28-latest;v1.28.3;v1.28.2;v1.28.1;v1.28.0;v1.27-latest;v1.27.6;v1.27.5;v1.27.4;v1.27.3;v1.27.2;v1.27.1;v1.27.0;v1.26-latest;v1.26.8;v1.26.7;v1.26.6;v1.26.5;v1.26.4;v1.26.3;v1.26.2;v1.26.1;v1.26.0;v1.25-latest;v1.25.5;v1.25.4;v1.25.3;v1.25.2;v1.25.1;v1.24-latest;v1.24.6;v1.24.5;v1.24.4;v1.24.3;v1.24.2;v1.24.1;v1.24.0;master;v1.30-alpha.9e476e6b // +kubebuilder:default=v1.28.3 Version string `json:"version"` diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml index 85b8bf34b..8bdebb122 100644 --- a/bundle/manifests/sailoperator.clusterserviceversion.yaml +++ b/bundle/manifests/sailoperator.clusterserviceversion.yaml @@ -45,7 +45,7 @@ metadata: capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-10T05:33:21Z" + createdAt: "2026-02-11T05:32:48Z" description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" @@ -179,7 +179,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. displayName: Istio Version path: version x-descriptors: @@ -190,6 +190,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.28.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.0 - urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest + - urn:alm:descriptor:com.tectonic.ui:select:v1.27.6 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.5 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.4 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.3 @@ -197,7 +198,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.9e476e6b - description: Namespace to which the Istio CNI component should be installed. Note that this field is immutable. displayName: Namespace path: namespace @@ -235,7 +236,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0a346609. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.9e476e6b. displayName: Istio Version path: version x-descriptors: @@ -244,13 +245,14 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.28.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.0 + - urn:alm:descriptor:com.tectonic.ui:select:v1.27.6 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.5 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.4 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.3 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.2 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.9e476e6b - description: Namespace to which the Istio components should be installed. displayName: Namespace path: namespace @@ -285,7 +287,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:RevisionBased - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. displayName: Istio Version path: version x-descriptors: @@ -296,6 +298,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.28.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.0 - urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest + - urn:alm:descriptor:com.tectonic.ui:select:v1.27.6 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.5 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.4 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.3 @@ -303,7 +306,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.9e476e6b - description: |- Defines how many seconds the operator should wait before removing a non-active revision after all the workloads have stopped using it. You may want to set this value on the order of minutes. @@ -359,7 +362,7 @@ spec: specDescriptors: - description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. displayName: Istio Version path: version x-descriptors: @@ -370,6 +373,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.28.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.28.0 - urn:alm:descriptor:com.tectonic.ui:select:v1.27-latest + - urn:alm:descriptor:com.tectonic.ui:select:v1.27.6 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.5 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.4 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.3 @@ -377,7 +381,7 @@ spec: - urn:alm:descriptor:com.tectonic.ui:select:v1.27.1 - urn:alm:descriptor:com.tectonic.ui:select:v1.27.0 - urn:alm:descriptor:com.tectonic.ui:select:master - - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.0a346609 + - urn:alm:descriptor:com.tectonic.ui:select:v1.30-alpha.9e476e6b - description: Namespace to which the Istio ztunnel component should be installed. displayName: Namespace path: namespace @@ -398,6 +402,7 @@ spec: - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.6 - v1.27.5 - v1.27.4 - v1.27.3 @@ -405,7 +410,7 @@ spec: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.0a346609 + - v1.30-alpha.9e476e6b [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. displayName: Sail Operator @@ -787,6 +792,10 @@ spec: images.v1_27_5.istiod: gcr.io/istio-release/pilot:1.27.5 images.v1_27_5.proxy: gcr.io/istio-release/proxyv2:1.27.5 images.v1_27_5.ztunnel: gcr.io/istio-release/ztunnel:1.27.5 + images.v1_27_6.cni: gcr.io/istio-release/install-cni:1.27.6 + images.v1_27_6.istiod: gcr.io/istio-release/pilot:1.27.6 + images.v1_27_6.proxy: gcr.io/istio-release/proxyv2:1.27.6 + images.v1_27_6.ztunnel: gcr.io/istio-release/ztunnel:1.27.6 images.v1_28_0.cni: gcr.io/istio-release/install-cni:1.28.0 images.v1_28_0.istiod: gcr.io/istio-release/pilot:1.28.0 images.v1_28_0.proxy: gcr.io/istio-release/proxyv2:1.28.0 @@ -803,10 +812,10 @@ spec: images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_0a346609.cni: gcr.io/istio-testing/install-cni:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a - images.v1_30-alpha_0a346609.istiod: gcr.io/istio-testing/pilot:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a - images.v1_30-alpha_0a346609.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a - images.v1_30-alpha_0a346609.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a + images.v1_30-alpha_9e476e6b.cni: gcr.io/istio-testing/install-cni:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b + images.v1_30-alpha_9e476e6b.istiod: gcr.io/istio-testing/pilot:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b + images.v1_30-alpha_9e476e6b.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b + images.v1_30-alpha_9e476e6b.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: sailoperator diff --git a/bundle/manifests/sailoperator.io_istiocnis.yaml b/bundle/manifests/sailoperator.io_istiocnis.yaml index f38aa032e..069ff381a 100644 --- a/bundle/manifests/sailoperator.io_istiocnis.yaml +++ b/bundle/manifests/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. enum: - v1.28-latest - v1.28.3 @@ -1474,6 +1474,7 @@ spec: - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.6 - v1.27.5 - v1.27.4 - v1.27.3 @@ -1517,7 +1518,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.0a346609 + - v1.30-alpha.9e476e6b type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istiorevisions.yaml b/bundle/manifests/sailoperator.io_istiorevisions.yaml index f6042a083..0dc877cf3 100644 --- a/bundle/manifests/sailoperator.io_istiorevisions.yaml +++ b/bundle/manifests/sailoperator.io_istiorevisions.yaml @@ -10121,12 +10121,13 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0a346609. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.9e476e6b. enum: - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 + - v1.27.6 - v1.27.5 - v1.27.4 - v1.27.3 @@ -10164,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.0a346609 + - v1.30-alpha.9e476e6b type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_istios.yaml b/bundle/manifests/sailoperator.io_istios.yaml index d8b5a4d54..f5ddbf115 100644 --- a/bundle/manifests/sailoperator.io_istios.yaml +++ b/bundle/manifests/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. enum: - v1.28-latest - v1.28.3 @@ -10203,6 +10203,7 @@ spec: - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.6 - v1.27.5 - v1.27.4 - v1.27.3 @@ -10246,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.0a346609 + - v1.30-alpha.9e476e6b type: string required: - namespace diff --git a/bundle/manifests/sailoperator.io_ztunnels.yaml b/bundle/manifests/sailoperator.io_ztunnels.yaml index 5287d5147..f21c4f9eb 100644 --- a/bundle/manifests/sailoperator.io_ztunnels.yaml +++ b/bundle/manifests/sailoperator.io_ztunnels.yaml @@ -3456,7 +3456,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. enum: - v1.28-latest - v1.28.3 @@ -3464,6 +3464,7 @@ spec: - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.6 - v1.27.5 - v1.27.4 - v1.27.3 @@ -3495,7 +3496,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.0a346609 + - v1.30-alpha.9e476e6b type: string required: - namespace @@ -7017,7 +7018,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. enum: - v1.28-latest - v1.28.3 @@ -7025,6 +7026,7 @@ spec: - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.6 - v1.27.5 - v1.27.4 - v1.27.3 @@ -7056,7 +7058,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.0a346609 + - v1.30-alpha.9e476e6b type: string required: - namespace diff --git a/bundle/manifests/telemetry.istio.io_telemetries.yaml b/bundle/manifests/telemetry.istio.io_telemetries.yaml index 9bc6ebe6c..da9ca3800 100644 --- a/bundle/manifests/telemetry.istio.io_telemetries.yaml +++ b/bundle/manifests/telemetry.istio.io_telemetries.yaml @@ -356,6 +356,12 @@ spec: type: object description: Optional. type: object + disableContextPropagation: + description: Controls whether trace context headers (e.g., `traceparent`/`tracestate` + for W3C, `X-B3-*` for Zipkin) are propagated in forwarded + requests. + nullable: true + type: boolean disableSpanReporting: description: Controls span reporting. nullable: true @@ -820,6 +826,12 @@ spec: type: object description: Optional. type: object + disableContextPropagation: + description: Controls whether trace context headers (e.g., `traceparent`/`tracestate` + for W3C, `X-B3-*` for Zipkin) are propagated in forwarded + requests. + nullable: true + type: boolean disableSpanReporting: description: Controls span reporting. nullable: true diff --git a/chart/crds/sailoperator.io_istiocnis.yaml b/chart/crds/sailoperator.io_istiocnis.yaml index 81bfba2f9..b9ca4ad41 100644 --- a/chart/crds/sailoperator.io_istiocnis.yaml +++ b/chart/crds/sailoperator.io_istiocnis.yaml @@ -1466,7 +1466,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. enum: - v1.28-latest - v1.28.3 @@ -1474,6 +1474,7 @@ spec: - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.6 - v1.27.5 - v1.27.4 - v1.27.3 @@ -1517,7 +1518,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.0a346609 + - v1.30-alpha.9e476e6b type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istiorevisions.yaml b/chart/crds/sailoperator.io_istiorevisions.yaml index 7e1e592d8..306b3d9dd 100644 --- a/chart/crds/sailoperator.io_istiorevisions.yaml +++ b/chart/crds/sailoperator.io_istiorevisions.yaml @@ -10121,12 +10121,13 @@ spec: version: description: |- Defines the version of Istio to install. - Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0a346609. + Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.9e476e6b. enum: - v1.28.3 - v1.28.2 - v1.28.1 - v1.28.0 + - v1.27.6 - v1.27.5 - v1.27.4 - v1.27.3 @@ -10164,7 +10165,7 @@ spec: - v1.22.6 - v1.22.5 - v1.21.6 - - v1.30-alpha.0a346609 + - v1.30-alpha.9e476e6b type: string required: - namespace diff --git a/chart/crds/sailoperator.io_istios.yaml b/chart/crds/sailoperator.io_istios.yaml index 52707c2ec..5c0f3566f 100644 --- a/chart/crds/sailoperator.io_istios.yaml +++ b/chart/crds/sailoperator.io_istios.yaml @@ -10195,7 +10195,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. enum: - v1.28-latest - v1.28.3 @@ -10203,6 +10203,7 @@ spec: - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.6 - v1.27.5 - v1.27.4 - v1.27.3 @@ -10246,7 +10247,7 @@ spec: - v1.22.5 - v1.21.6 - master - - v1.30-alpha.0a346609 + - v1.30-alpha.9e476e6b type: string required: - namespace diff --git a/chart/crds/sailoperator.io_ztunnels.yaml b/chart/crds/sailoperator.io_ztunnels.yaml index b26c0447b..38241e97f 100644 --- a/chart/crds/sailoperator.io_ztunnels.yaml +++ b/chart/crds/sailoperator.io_ztunnels.yaml @@ -3456,7 +3456,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. enum: - v1.28-latest - v1.28.3 @@ -3464,6 +3464,7 @@ spec: - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.6 - v1.27.5 - v1.27.4 - v1.27.3 @@ -3495,7 +3496,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.0a346609 + - v1.30-alpha.9e476e6b type: string required: - namespace @@ -7017,7 +7018,7 @@ spec: default: v1.28.3 description: |- Defines the version of Istio to install. - Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. + Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. enum: - v1.28-latest - v1.28.3 @@ -7025,6 +7026,7 @@ spec: - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.6 - v1.27.5 - v1.27.4 - v1.27.3 @@ -7056,7 +7058,7 @@ spec: - v1.24.1 - v1.24.0 - master - - v1.30-alpha.0a346609 + - v1.30-alpha.9e476e6b type: string required: - namespace diff --git a/chart/crds/telemetry.istio.io_telemetries.yaml b/chart/crds/telemetry.istio.io_telemetries.yaml index 23747292e..618ca3c8a 100644 --- a/chart/crds/telemetry.istio.io_telemetries.yaml +++ b/chart/crds/telemetry.istio.io_telemetries.yaml @@ -355,6 +355,12 @@ spec: type: object description: Optional. type: object + disableContextPropagation: + description: Controls whether trace context headers (e.g., `traceparent`/`tracestate` + for W3C, `X-B3-*` for Zipkin) are propagated in forwarded + requests. + nullable: true + type: boolean disableSpanReporting: description: Controls span reporting. nullable: true @@ -819,6 +825,12 @@ spec: type: object description: Optional. type: object + disableContextPropagation: + description: Controls whether trace context headers (e.g., `traceparent`/`tracestate` + for W3C, `X-B3-*` for Zipkin) are propagated in forwarded + requests. + nullable: true + type: boolean disableSpanReporting: description: Controls span reporting. nullable: true diff --git a/chart/values.yaml b/chart/values.yaml index 49d919927..5e2803716 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -18,6 +18,10 @@ deployment: images.v1_28_0.istiod: gcr.io/istio-release/pilot:1.28.0 images.v1_28_0.proxy: gcr.io/istio-release/proxyv2:1.28.0 images.v1_28_0.cni: gcr.io/istio-release/install-cni:1.28.0 + images.v1_27_6.ztunnel: gcr.io/istio-release/ztunnel:1.27.6 + images.v1_27_6.istiod: gcr.io/istio-release/pilot:1.27.6 + images.v1_27_6.proxy: gcr.io/istio-release/proxyv2:1.27.6 + images.v1_27_6.cni: gcr.io/istio-release/install-cni:1.27.6 images.v1_27_5.ztunnel: gcr.io/istio-release/ztunnel:1.27.5 images.v1_27_5.istiod: gcr.io/istio-release/pilot:1.27.5 images.v1_27_5.proxy: gcr.io/istio-release/proxyv2:1.27.5 @@ -42,10 +46,10 @@ deployment: images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_0a346609.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a - images.v1_30-alpha_0a346609.istiod: gcr.io/istio-testing/pilot:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a - images.v1_30-alpha_0a346609.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a - images.v1_30-alpha_0a346609.cni: gcr.io/istio-testing/install-cni:1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a + images.v1_30-alpha_9e476e6b.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b + images.v1_30-alpha_9e476e6b.istiod: gcr.io/istio-testing/pilot:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b + images.v1_30-alpha_9e476e6b.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b + images.v1_30-alpha_9e476e6b.cni: gcr.io/istio-testing/install-cni:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b revisionHistoryLimit: 10 service: port: 8443 @@ -67,6 +71,7 @@ csv: - v1.28.1 - v1.28.0 - v1.27-latest + - v1.27.6 - v1.27.5 - v1.27.4 - v1.27.3 @@ -74,7 +79,7 @@ csv: - v1.27.1 - v1.27.0 - master - - v1.30-alpha.0a346609 + - v1.30-alpha.9e476e6b [See this page](https://github.com/istio-ecosystem/sail-operator/blob/main/bundle/README.md) for instructions on how to use it. support: Community based diff --git a/docs/api-reference/sailoperator.io.md b/docs/api-reference/sailoperator.io.md index e67718c19..d3ed48eb6 100644 --- a/docs/api-reference/sailoperator.io.md +++ b/docs/api-reference/sailoperator.io.md @@ -678,7 +678,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.0a346609] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.9e476e6b] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio CNI component should be installed. Note that this field is immutable. | istio-cni | | | `values` _[CNIValues](#cnivalues)_ | Defines the values to be passed to the Helm charts when installing Istio CNI. | | | @@ -917,7 +917,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.0a346609. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.0a346609] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, v1.30-alpha.9e476e6b. | | Enum: [v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 v1.30-alpha.9e476e6b] | | `namespace` _string_ | Namespace to which the Istio components should be installed. | | | | `values` _[Values](#values)_ | Defines the values to be passed to the Helm charts when installing Istio. | | | @@ -1110,7 +1110,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.0a346609] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 v1.23-latest v1.23.6 v1.23.5 v1.23.4 v1.23.3 v1.23.2 v1.22-latest v1.22.8 v1.22.7 v1.22.6 v1.22.5 v1.21.6 master v1.30-alpha.9e476e6b] | | `updateStrategy` _[IstioUpdateStrategy](#istioupdatestrategy)_ | Defines the update strategy to use when the version in the Istio CR is updated. | \{ type:InPlace \} | | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is always applied. On OpenShift, the 'openshift' profile is also applied on top of 'default'. Must be one of: ambient, default, demo, empty, openshift, openshift-ambient, preview, remote, stable. | | Enum: [ambient default demo empty external openshift openshift-ambient preview remote stable] | | `namespace` _string_ | Namespace to which the Istio components should be installed. Note that this field is immutable. | istio-system | | @@ -3541,7 +3541,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.0a346609] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.9e476e6b] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | @@ -3707,7 +3707,7 @@ _Appears in:_ | Field | Description | Default | Validation | | --- | --- | --- | --- | -| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.0a346609. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.0a346609] | +| `version` _string_ | Defines the version of Istio to install. Must be one of: v1.28-latest, v1.28.3, v1.28.2, v1.28.1, v1.28.0, v1.27-latest, v1.27.6, v1.27.5, v1.27.4, v1.27.3, v1.27.2, v1.27.1, v1.27.0, master, v1.30-alpha.9e476e6b. | v1.28.3 | Enum: [v1.28-latest v1.28.3 v1.28.2 v1.28.1 v1.28.0 v1.27-latest v1.27.6 v1.27.5 v1.27.4 v1.27.3 v1.27.2 v1.27.1 v1.27.0 v1.26-latest v1.26.8 v1.26.7 v1.26.6 v1.26.5 v1.26.4 v1.26.3 v1.26.2 v1.26.1 v1.26.0 v1.25-latest v1.25.5 v1.25.4 v1.25.3 v1.25.2 v1.25.1 v1.24-latest v1.24.6 v1.24.5 v1.24.4 v1.24.3 v1.24.2 v1.24.1 v1.24.0 master v1.30-alpha.9e476e6b] | | `profile` _string_ | The built-in installation configuration profile to use. The 'default' profile is 'ambient' and it is always applied. Must be one of: ambient, default, demo, empty, external, preview, remote, stable. | ambient | Enum: [ambient default demo empty external openshift-ambient openshift preview remote stable] | | `namespace` _string_ | Namespace to which the Istio ztunnel component should be installed. | ztunnel | | | `values` _[ZTunnelValues](#ztunnelvalues)_ | Defines the values to be passed to the Helm charts when installing Istio ztunnel. | | | diff --git a/go.mod b/go.mod index 06e868996..a515802c6 100644 --- a/go.mod +++ b/go.mod @@ -24,8 +24,8 @@ require ( gomodules.xyz/jsonpatch/v2 v2.5.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.18.6 - istio.io/client-go v1.29.0-alpha.0.0.20260210050111-fc5c109fbe29 - istio.io/istio v0.0.0-20260209144354-0a3466091a33 + istio.io/client-go v1.29.0-alpha.0.0.20260210161328-2c12cf6497ed + istio.io/istio v0.0.0-20260211000925-9e476e6b7731 k8s.io/api v0.35.0 k8s.io/apiextensions-apiserver v0.35.0 k8s.io/apimachinery v0.35.0 @@ -169,7 +169,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - istio.io/api v1.29.0-alpha.0.0.20260210045913-ba273dacb2d8 // indirect + istio.io/api v1.29.0-alpha.0.0.20260210161025-1d9832db7b28 // indirect k8s.io/apiserver v0.35.0 // indirect k8s.io/component-base v0.35.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect diff --git a/go.sum b/go.sum index 6a280e4bc..87246d928 100644 --- a/go.sum +++ b/go.sum @@ -470,12 +470,12 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= helm.sh/helm/v3 v3.18.6 h1:S/2CqcYnNfLckkHLI0VgQbxgcDaU3N4A/46E3n9wSNY= helm.sh/helm/v3 v3.18.6/go.mod h1:L/dXDR2r539oPlFP1PJqKAC1CUgqHJDLkxKpDGrWnyg= -istio.io/api v1.29.0-alpha.0.0.20260210045913-ba273dacb2d8 h1:dtdeRaQs2TnhaPcNLzQm/DEV3/lA38JZuHTHM2MSHTU= -istio.io/api v1.29.0-alpha.0.0.20260210045913-ba273dacb2d8/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= -istio.io/client-go v1.29.0-alpha.0.0.20260210050111-fc5c109fbe29 h1:PighpMA2jDMBynVVTZ//pCRYZ6qpL6fEeXQV71PJw7s= -istio.io/client-go v1.29.0-alpha.0.0.20260210050111-fc5c109fbe29/go.mod h1:aplGKDNJmW/PJVZB51oxfmhJ2Aaz6CIRf1q/zL+JqoA= -istio.io/istio v0.0.0-20260209144354-0a3466091a33 h1:jAsELQ9cKHMlrbq/VUsorc7NyyHumV73lvpNEPH/uTY= -istio.io/istio v0.0.0-20260209144354-0a3466091a33/go.mod h1:cVTeU6zOpccSZOT3xFeSPn7G0ySPG/vaP9T0kqgk0Wg= +istio.io/api v1.29.0-alpha.0.0.20260210161025-1d9832db7b28 h1:XfD9JeoBiLBUAE/qUdXGHXGgp/QjD4oEMQ3wWblr2MU= +istio.io/api v1.29.0-alpha.0.0.20260210161025-1d9832db7b28/go.mod h1:+brQWcBHoROuyA6fv8rbgg8Kfn0RCGuqoY0duCMuSLA= +istio.io/client-go v1.29.0-alpha.0.0.20260210161328-2c12cf6497ed h1:3YEZuC1anwr0xbov1qDXttUbSsKVTYmqqiNp8l2TVYA= +istio.io/client-go v1.29.0-alpha.0.0.20260210161328-2c12cf6497ed/go.mod h1:jMwrwPdbeFUycV1v3z7qzCIjgNDLCs9IIRUO+d7d5M0= +istio.io/istio v0.0.0-20260211000925-9e476e6b7731 h1:YGH20N9omHSMKoS2Mdkd9N6BkmYF2ni9hXgW/zQttDc= +istio.io/istio v0.0.0-20260211000925-9e476e6b7731/go.mod h1:vNZf8a+SKyS4VTvMhxE7cp3CrcWQt0oPZ/liLJ2mz1E= k8s.io/api v0.35.0 h1:iBAU5LTyBI9vw3L5glmat1njFK34srdLmktWwLTprlY= k8s.io/api v0.35.0/go.mod h1:AQ0SNTzm4ZAczM03QH42c7l3bih1TbAXYo0DkF8ktnA= k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJatA5T4= diff --git a/pkg/istioversion/versions.yaml b/pkg/istioversion/versions.yaml index 2e2ea2cb0..f57860118 100644 --- a/pkg/istioversion/versions.yaml +++ b/pkg/istioversion/versions.yaml @@ -58,7 +58,17 @@ versions: - https://istio-release.storage.googleapis.com/charts/cni-1.28.0.tgz - https://istio-release.storage.googleapis.com/charts/ztunnel-1.28.0.tgz - name: v1.27-latest - ref: v1.27.5 + ref: v1.27.6 + - name: v1.27.6 + version: 1.27.6 + repo: https://github.com/istio/istio + commit: 1.27.6 + charts: + - https://istio-release.storage.googleapis.com/charts/base-1.27.6.tgz + - https://istio-release.storage.googleapis.com/charts/istiod-1.27.6.tgz + - https://istio-release.storage.googleapis.com/charts/gateway-1.27.6.tgz + - https://istio-release.storage.googleapis.com/charts/cni-1.27.6.tgz + - https://istio-release.storage.googleapis.com/charts/ztunnel-1.27.6.tgz - name: v1.27.5 version: 1.27.5 repo: https://github.com/istio/istio @@ -197,15 +207,15 @@ versions: - name: v1.21.6 eol: true - name: master - ref: v1.30-alpha.0a346609 - - name: v1.30-alpha.0a346609 - version: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a + ref: v1.30-alpha.9e476e6b + - name: v1.30-alpha.9e476e6b + version: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b repo: https://github.com/istio/istio branch: master - commit: 0a3466091a333998e160a8aa3400a3aa65d4cb7a + commit: 9e476e6b77314411c8b45a2b97a546fbb99ddc8b charts: - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a/helm/base-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a/helm/cni-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a/helm/gateway-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a/helm/istiod-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz - - https://storage.googleapis.com/istio-build/dev/1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a/helm/ztunnel-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b/helm/base-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b/helm/cni-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b/helm/gateway-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b/helm/istiod-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz + - https://storage.googleapis.com/istio-build/dev/1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b/helm/ztunnel-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz diff --git a/resources/v1.27.6/base-1.27.6.tgz.etag b/resources/v1.27.6/base-1.27.6.tgz.etag new file mode 100644 index 000000000..1c0dab2d5 --- /dev/null +++ b/resources/v1.27.6/base-1.27.6.tgz.etag @@ -0,0 +1 @@ +419e493293c56dc96204907406c5c88a diff --git a/resources/v1.30-alpha.0a346609/charts/base/Chart.yaml b/resources/v1.27.6/charts/base/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.0a346609/charts/base/Chart.yaml rename to resources/v1.27.6/charts/base/Chart.yaml index 0677dec25..deab057d6 100644 --- a/resources/v1.30-alpha.0a346609/charts/base/Chart.yaml +++ b/resources/v1.27.6/charts/base/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a +appVersion: 1.27.6 description: Helm chart for deploying Istio cluster resources and CRDs icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -7,4 +7,4 @@ keywords: name: base sources: - https://github.com/istio/istio -version: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a +version: 1.27.6 diff --git a/resources/v1.30-alpha.0a346609/charts/base/README.md b/resources/v1.27.6/charts/base/README.md similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/README.md rename to resources/v1.27.6/charts/base/README.md diff --git a/resources/v1.30-alpha.0a346609/charts/base/files/profile-ambient.yaml b/resources/v1.27.6/charts/base/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/files/profile-ambient.yaml rename to resources/v1.27.6/charts/base/files/profile-ambient.yaml diff --git a/resources/v1.27.6/charts/base/files/profile-compatibility-version-1.24.yaml b/resources/v1.27.6/charts/base/files/profile-compatibility-version-1.24.yaml new file mode 100644 index 000000000..4f3dbef7e --- /dev/null +++ b/resources/v1.27.6/charts/base/files/profile-compatibility-version-1.24.yaml @@ -0,0 +1,15 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + PILOT_ENABLE_IP_AUTOALLOCATE: "false" + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + dnsCapture: false + reconcileIptablesOnStartup: false + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.6/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.27.6/charts/base/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 000000000..b2f45948c --- /dev/null +++ b/resources/v1.27.6/charts/base/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.6/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.27.6/charts/base/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 000000000..af1069732 --- /dev/null +++ b/resources/v1.27.6/charts/base/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" \ No newline at end of file diff --git a/resources/v1.30-alpha.0a346609/charts/base/files/profile-demo.yaml b/resources/v1.27.6/charts/base/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/files/profile-demo.yaml rename to resources/v1.27.6/charts/base/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-gke.yaml b/resources/v1.27.6/charts/base/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-gke.yaml rename to resources/v1.27.6/charts/base/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-k3d.yaml b/resources/v1.27.6/charts/base/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-k3d.yaml rename to resources/v1.27.6/charts/base/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-k3s.yaml b/resources/v1.27.6/charts/base/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-k3s.yaml rename to resources/v1.27.6/charts/base/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.27.6/charts/base/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-microk8s.yaml rename to resources/v1.27.6/charts/base/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-minikube.yaml b/resources/v1.27.6/charts/base/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-minikube.yaml rename to resources/v1.27.6/charts/base/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-openshift.yaml b/resources/v1.27.6/charts/base/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/files/profile-platform-openshift.yaml rename to resources/v1.27.6/charts/base/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/base/files/profile-preview.yaml b/resources/v1.27.6/charts/base/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/files/profile-preview.yaml rename to resources/v1.27.6/charts/base/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/base/files/profile-remote.yaml b/resources/v1.27.6/charts/base/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/files/profile-remote.yaml rename to resources/v1.27.6/charts/base/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/base/files/profile-stable.yaml b/resources/v1.27.6/charts/base/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/files/profile-stable.yaml rename to resources/v1.27.6/charts/base/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/base/templates/NOTES.txt b/resources/v1.27.6/charts/base/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/templates/NOTES.txt rename to resources/v1.27.6/charts/base/templates/NOTES.txt diff --git a/resources/v1.27.6/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.27.6/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml new file mode 100644 index 000000000..2616b09c9 --- /dev/null +++ b/resources/v1.27.6/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml @@ -0,0 +1,53 @@ +{{- if and .Values.experimental.stableValidationPolicy (not (eq .Values.defaultRevision "")) }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicy +metadata: + name: "stable-channel-default-policy.istio.io" + labels: + release: {{ .Release.Name }} + istio: istiod + istio.io/rev: {{ .Values.defaultRevision }} + app.kubernetes.io/name: "istiod" + {{ include "istio.labels" . | nindent 4 }} +spec: + failurePolicy: Fail + matchConstraints: + resourceRules: + - apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: ["*"] + operations: ["CREATE", "UPDATE"] + resources: ["*"] + variables: + - name: isEnvoyFilter + expression: "object.kind == 'EnvoyFilter'" + - name: isWasmPlugin + expression: "object.kind == 'WasmPlugin'" + - name: isProxyConfig + expression: "object.kind == 'ProxyConfig'" + - name: isTelemetry + expression: "object.kind == 'Telemetry'" + validations: + - expression: "!variables.isEnvoyFilter" + - expression: "!variables.isWasmPlugin" + - expression: "!variables.isProxyConfig" + - expression: | + !( + variables.isTelemetry && ( + (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || + (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || + (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) + ) + ) +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicyBinding +metadata: + name: "stable-channel-default-policy-binding.istio.io" +spec: + policyName: "stable-channel-default-policy.istio.io" + validationActions: [Deny] +{{- end }} diff --git a/resources/v1.27.6/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.27.6/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml new file mode 100644 index 000000000..8cb76fd77 --- /dev/null +++ b/resources/v1.27.6/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml @@ -0,0 +1,56 @@ +{{- if not (eq .Values.defaultRevision "") }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: istiod-default-validator + labels: + app: istiod + release: {{ .Release.Name }} + istio: istiod + istio.io/rev: {{ .Values.defaultRevision | quote }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +webhooks: + - name: validation.istio.io + clientConfig: + {{- if .Values.base.validationURL }} + url: {{ .Values.base.validationURL }} + {{- else }} + service: + {{- if (eq .Values.defaultRevision "default") }} + name: istiod + {{- else }} + name: istiod-{{ .Values.defaultRevision }} + {{- end }} + namespace: {{ .Values.global.istioNamespace }} + path: "/validate" + {{- end }} + {{- if .Values.base.validationCABundle }} + caBundle: "{{ .Values.base.validationCABundle }}" + {{- end }} + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: + - "*" + resources: + - "*" + + {{- if .Values.base.validationCABundle }} + # Disable webhook controller in Pilot to stop patching it + failurePolicy: Fail + {{- else }} + # Fail open until the validation webhook is ready. The webhook controller + # will update this to `Fail` and patch in the `caBundle` when the webhook + # endpoint is ready. + failurePolicy: Ignore + {{- end }} + sideEffects: None + admissionReviewVersions: ["v1"] +{{- end }} diff --git a/resources/v1.27.6/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.27.6/charts/base/templates/reader-serviceaccount.yaml new file mode 100644 index 000000000..ba829a6bf --- /dev/null +++ b/resources/v1.27.6/charts/base/templates/reader-serviceaccount.yaml @@ -0,0 +1,20 @@ +# This singleton service account aggregates reader permissions for the revisions in a given cluster +# ATM this is a singleton per cluster with Istio installed, and is not revisioned. It maybe should be, +# as otherwise compromising the token for this SA would give you access to *every* installed revision. +# Should be used for remote secret creation. +apiVersion: v1 +kind: ServiceAccount + {{- if .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +metadata: + name: istio-reader-service-account + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istio-reader + release: {{ .Release.Name }} + app.kubernetes.io/name: "istio-reader" + {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.30-alpha.0a346609/charts/base/templates/zzz_profile.yaml b/resources/v1.27.6/charts/base/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/templates/zzz_profile.yaml rename to resources/v1.27.6/charts/base/templates/zzz_profile.yaml diff --git a/resources/v1.27.6/charts/base/values.yaml b/resources/v1.27.6/charts/base/values.yaml new file mode 100644 index 000000000..d18296f00 --- /dev/null +++ b/resources/v1.27.6/charts/base/values.yaml @@ -0,0 +1,37 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + global: + + # ImagePullSecrets for control plane ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + + # Used to locate istiod. + istioNamespace: istio-system + base: + # A list of CRDs to exclude. Requires `enableCRDTemplates` to be true. + # Example: `excludedCRDs: ["envoyfilters.networking.istio.io"]`. + # Note: when installing with `istioctl`, `enableIstioConfigCRDs=false` must also be set. + excludedCRDs: [] + # Helm (as of V3) does not support upgrading CRDs, because it is not universally + # safe for them to support this. + # Istio as a project enforces certain backwards-compat guarantees that allow us + # to safely upgrade CRDs in spite of this, so we default to self-managing CRDs + # as standard K8S resources in Helm, and disable Helm's CRD management. See also: + # https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts + enableCRDTemplates: true + + # Validation webhook configuration url + # For example: https://$remotePilotAddress:15017/validate + validationURL: "" + # Validation webhook caBundle value. Useful when running pilot with a well known cert + validationCABundle: "" + + # For istioctl usage to disable istio config crds in base + enableIstioConfigCRDs: true + + defaultRevision: "default" + experimental: + stableValidationPolicy: false diff --git a/resources/v1.30-alpha.0a346609/charts/cni/Chart.yaml b/resources/v1.27.6/charts/cni/Chart.yaml similarity index 62% rename from resources/v1.30-alpha.0a346609/charts/cni/Chart.yaml rename to resources/v1.27.6/charts/cni/Chart.yaml index aaa1dfe04..82e055472 100644 --- a/resources/v1.30-alpha.0a346609/charts/cni/Chart.yaml +++ b/resources/v1.27.6/charts/cni/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a +appVersion: 1.27.6 description: Helm chart for istio-cni components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: cni sources: - https://github.com/istio/istio -version: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a +version: 1.27.6 diff --git a/resources/v1.27.6/charts/cni/README.md b/resources/v1.27.6/charts/cni/README.md new file mode 100644 index 000000000..a8b78d5bd --- /dev/null +++ b/resources/v1.27.6/charts/cni/README.md @@ -0,0 +1,65 @@ +# Istio CNI Helm Chart + +This chart installs the Istio CNI Plugin. See the [CNI installation guide](https://istio.io/latest/docs/setup/additional-setup/cni/) +for more information. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `istio-cni`: + +```console +helm install istio-cni istio/cni -n kube-system +``` + +Installation in `kube-system` is recommended to ensure the [`system-node-critical`](https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/) +`priorityClassName` can be used. You can install in other namespace only on K8S clusters that allow +'system-node-critical' outside of kube-system. + +## Configuration + +To view support configuration options and documentation, run: + +```console +helm show values istio/istio-cni +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. + +### Ambient + +To enable ambient, you can use the ambient profile: `--set profile=ambient`. + +#### Calico + +For Calico, you must also modify the settings to allow source spoofing: + +- if deployed by operator, `kubectl patch felixconfigurations default --type='json' -p='[{"op": "add", "path": "/spec/workloadSourceSpoofing", "value": "Any"}]'` +- if deployed by manifest, add env `FELIX_WORKLOADSOURCESPOOFING` with value `Any` in `spec.template.spec.containers.env` for daemonset `calico-node`. (This will allow PODs with specified annotation to skip the rpf check. ) + +### GKE notes + +On GKE, 'kube-system' is required. + +If using `helm template`, `--set cni.cniBinDir=/home/kubernetes/bin` is required - with `helm install` +it is auto-detected. diff --git a/resources/v1.30-alpha.0a346609/charts/cni/files/profile-ambient.yaml b/resources/v1.27.6/charts/cni/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/files/profile-ambient.yaml rename to resources/v1.27.6/charts/cni/files/profile-ambient.yaml diff --git a/resources/v1.27.6/charts/cni/files/profile-compatibility-version-1.24.yaml b/resources/v1.27.6/charts/cni/files/profile-compatibility-version-1.24.yaml new file mode 100644 index 000000000..4f3dbef7e --- /dev/null +++ b/resources/v1.27.6/charts/cni/files/profile-compatibility-version-1.24.yaml @@ -0,0 +1,15 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + PILOT_ENABLE_IP_AUTOALLOCATE: "false" + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + dnsCapture: false + reconcileIptablesOnStartup: false + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.6/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.27.6/charts/cni/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 000000000..b2f45948c --- /dev/null +++ b/resources/v1.27.6/charts/cni/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.6/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.27.6/charts/cni/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 000000000..af1069732 --- /dev/null +++ b/resources/v1.27.6/charts/cni/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" \ No newline at end of file diff --git a/resources/v1.30-alpha.0a346609/charts/cni/files/profile-demo.yaml b/resources/v1.27.6/charts/cni/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/files/profile-demo.yaml rename to resources/v1.27.6/charts/cni/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-gke.yaml b/resources/v1.27.6/charts/cni/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-gke.yaml rename to resources/v1.27.6/charts/cni/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.27.6/charts/cni/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-k3d.yaml rename to resources/v1.27.6/charts/cni/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.27.6/charts/cni/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-k3s.yaml rename to resources/v1.27.6/charts/cni/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.27.6/charts/cni/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-microk8s.yaml rename to resources/v1.27.6/charts/cni/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.27.6/charts/cni/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-minikube.yaml rename to resources/v1.27.6/charts/cni/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.27.6/charts/cni/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/files/profile-platform-openshift.yaml rename to resources/v1.27.6/charts/cni/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/files/profile-preview.yaml b/resources/v1.27.6/charts/cni/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/files/profile-preview.yaml rename to resources/v1.27.6/charts/cni/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/files/profile-remote.yaml b/resources/v1.27.6/charts/cni/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/files/profile-remote.yaml rename to resources/v1.27.6/charts/cni/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/files/profile-stable.yaml b/resources/v1.27.6/charts/cni/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/files/profile-stable.yaml rename to resources/v1.27.6/charts/cni/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/templates/NOTES.txt b/resources/v1.27.6/charts/cni/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/templates/NOTES.txt rename to resources/v1.27.6/charts/cni/templates/NOTES.txt diff --git a/resources/v1.30-alpha.0a346609/charts/cni/templates/_helpers.tpl b/resources/v1.27.6/charts/cni/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/templates/_helpers.tpl rename to resources/v1.27.6/charts/cni/templates/_helpers.tpl diff --git a/resources/v1.27.6/charts/cni/templates/clusterrole.yaml b/resources/v1.27.6/charts/cni/templates/clusterrole.yaml new file mode 100644 index 000000000..1779e0bb1 --- /dev/null +++ b/resources/v1.27.6/charts/cni/templates/clusterrole.yaml @@ -0,0 +1,81 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +rules: +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +- apiGroups: [""] + resources: ["pods","nodes","namespaces"] + verbs: ["get", "list", "watch"] +{{- if (eq ((coalesce .Values.platform .Values.global.platform) | default "") "openshift") }} +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +{{- end }} +--- +{{- if .Values.repair.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-repair-role + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["watch", "get", "list"] +{{- if .Values.repair.repairPods }} +{{- /* No privileges needed*/}} +{{- else if .Values.repair.deletePods }} + - apiGroups: [""] + resources: ["pods"] + verbs: ["delete"] +{{- else if .Values.repair.labelPods }} + - apiGroups: [""] + {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} + resources: ["pods/status"] + verbs: ["patch", "update"] +{{- end }} +{{- end }} +--- +{{- if .Values.ambient.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-ambient + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + {{- /* pods/status is less privileged than the full pod, and either can label. So use the lower pods/status */}} + resources: ["pods/status"] + verbs: ["patch", "update"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + resourceNames: ["{{ template "name" . }}-node"] + verbs: ["get"] +{{- end }} diff --git a/resources/v1.27.6/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.27.6/charts/cni/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..42fedab1f --- /dev/null +++ b/resources/v1.27.6/charts/cni/templates/clusterrolebinding.yaml @@ -0,0 +1,63 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "name" . }} + namespace: {{ .Release.Namespace }} +--- +{{- if .Values.repair.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-repair-rolebinding + labels: + k8s-app: {{ template "name" . }}-repair + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ template "name" . }} + namespace: {{ .Release.Namespace}} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-repair-role +{{- end }} +--- +{{- if .Values.ambient.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-ambient + labels: + k8s-app: {{ template "name" . }}-repair + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ template "name" . }} + namespace: {{ .Release.Namespace}} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-ambient +{{- end }} diff --git a/resources/v1.27.6/charts/cni/templates/configmap-cni.yaml b/resources/v1.27.6/charts/cni/templates/configmap-cni.yaml new file mode 100644 index 000000000..6f6ef329a --- /dev/null +++ b/resources/v1.27.6/charts/cni/templates/configmap-cni.yaml @@ -0,0 +1,41 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ template "name" . }}-config + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +data: + CURRENT_AGENT_VERSION: {{ .Values.tag | default .Values.global.tag | quote }} + AMBIENT_ENABLED: {{ .Values.ambient.enabled | quote }} + AMBIENT_ENABLEMENT_SELECTOR: {{ .Values.ambient.enablementSelectors | toYaml | quote }} + AMBIENT_DNS_CAPTURE: {{ .Values.ambient.dnsCapture | quote }} + AMBIENT_IPV6: {{ .Values.ambient.ipv6 | quote }} + AMBIENT_RECONCILE_POD_RULES_ON_STARTUP: {{ .Values.ambient.reconcileIptablesOnStartup | quote }} + {{- if .Values.cniConfFileName }} # K8S < 1.24 doesn't like empty values + CNI_CONF_NAME: {{ .Values.cniConfFileName }} # Name of the CNI config file to create. Only override if you know the exact path your CNI requires.. + {{- end }} + ISTIO_OWNED_CNI_CONFIG: {{ .Values.istioOwnedCNIConfig | quote }} + {{- if .Values.istioOwnedCNIConfig }} + ISTIO_OWNED_CNI_CONF_FILENAME: {{ .Values.istioOwnedCNIConfigFileName | quote }} + {{- end }} + CHAINED_CNI_PLUGIN: {{ .Values.chained | quote }} + EXCLUDE_NAMESPACES: "{{ range $idx, $ns := .Values.excludeNamespaces }}{{ if $idx }},{{ end }}{{ $ns }}{{ end }}" + REPAIR_ENABLED: {{ .Values.repair.enabled | quote }} + REPAIR_LABEL_PODS: {{ .Values.repair.labelPods | quote }} + REPAIR_DELETE_PODS: {{ .Values.repair.deletePods | quote }} + REPAIR_REPAIR_PODS: {{ .Values.repair.repairPods | quote }} + REPAIR_INIT_CONTAINER_NAME: {{ .Values.repair.initContainerName | quote }} + REPAIR_BROKEN_POD_LABEL_KEY: {{ .Values.repair.brokenPodLabelKey | quote }} + REPAIR_BROKEN_POD_LABEL_VALUE: {{ .Values.repair.brokenPodLabelValue | quote }} + NATIVE_NFTABLES: {{ .Values.global.nativeNftables | quote }} + {{- with .Values.env }} + {{- range $key, $val := . }} + {{ $key }}: "{{ $val }}" + {{- end }} + {{- end }} diff --git a/resources/v1.27.6/charts/cni/templates/daemonset.yaml b/resources/v1.27.6/charts/cni/templates/daemonset.yaml new file mode 100644 index 000000000..896de3d03 --- /dev/null +++ b/resources/v1.27.6/charts/cni/templates/daemonset.yaml @@ -0,0 +1,248 @@ +# This manifest installs the Istio install-cni container, as well +# as the Istio CNI plugin and config on +# each master and worker node in a Kubernetes cluster. +# +# $detectedBinDir exists to support a GKE-specific platform override, +# and is deprecated in favor of using the explicit `gke` platform profile. +{{- $detectedBinDir := (.Capabilities.KubeVersion.GitVersion | contains "-gke") | ternary + "/home/kubernetes/bin" + "/opt/cni/bin" +}} +{{- if .Values.cniBinDir }} +{{ $detectedBinDir = .Values.cniBinDir }} +{{- end }} +kind: DaemonSet +apiVersion: apps/v1 +metadata: + # Note that this is templated but evaluates to a fixed name + # which the CNI plugin may fall back onto in some failsafe scenarios. + # if this name is changed, CNI plugin logic that checks for this name + # format should also be updated. + name: {{ template "name" . }}-node + namespace: {{ .Release.Namespace }} + labels: + k8s-app: {{ template "name" . }}-node + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + k8s-app: {{ template "name" . }}-node + {{- with .Values.updateStrategy }} + updateStrategy: + {{- toYaml . | nindent 4 }} + {{- end }} + template: + metadata: + labels: + k8s-app: {{ template "name" . }}-node + sidecar.istio.io/inject: "false" + istio.io/dataplane-mode: none + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 8 }} + annotations: + sidecar.istio.io/inject: "false" + # Add Prometheus Scrape annotations + prometheus.io/scrape: 'true' + prometheus.io/port: "15014" + prometheus.io/path: '/metrics' + # Add AppArmor annotation + # This is required to avoid conflicts with AppArmor profiles which block certain + # privileged pod capabilities. + # Required for Kubernetes 1.29 which does not support setting appArmorProfile in the + # securityContext which is otherwise preferred. + container.apparmor.security.beta.kubernetes.io/install-cni: unconfined + # Custom annotations + {{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: +{{- if and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet +{{- end }} + nodeSelector: + kubernetes.io/os: linux + # Can be configured to allow for excluding istio-cni from being scheduled on specified nodes + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + priorityClassName: system-node-critical + serviceAccountName: {{ template "name" . }} + # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force + # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. + terminationGracePeriodSeconds: 5 + containers: + # This container installs the Istio CNI binaries + # and CNI network config file on each node. + - name: install-cni +{{- if contains "/" .Values.image }} + image: "{{ .Values.image }}" +{{- else }} + image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "install-cni" }}:{{ template "istio-tag" . }}" +{{- end }} +{{- if or .Values.pullPolicy .Values.global.imagePullPolicy }} + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.imagePullPolicy }} +{{- end }} + ports: + - containerPort: 15014 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8000 + securityContext: + privileged: false + runAsGroup: 0 + runAsUser: 0 + runAsNonRoot: false + # Both ambient and sidecar repair mode require elevated node privileges to function. + # But we don't need _everything_ in `privileged`, so explicitly set it to false and + # add capabilities based on feature. + capabilities: + drop: + - ALL + add: + # CAP_NET_ADMIN is required to allow ipset and route table access + - NET_ADMIN + # CAP_NET_RAW is required to allow iptables mutation of the `nat` table + - NET_RAW + # CAP_SYS_PTRACE is required for repair and ambient mode to describe + # the pod's network namespace. + - SYS_PTRACE + # CAP_SYS_ADMIN is required for both ambient and repair, in order to open + # network namespaces in `/proc` to obtain descriptors for entering pod network + # namespaces. There does not appear to be a more granular capability for this. + - SYS_ADMIN + # While we run as a 'root' (UID/GID 0), since we drop all capabilities we lose + # the typical ability to read/write to folders owned by others. + # This can cause problems if the hostPath mounts we use, which we require write access into, + # are owned by non-root. DAC_OVERRIDE bypasses these and gives us write access into any folder. + - DAC_OVERRIDE +{{- if .Values.seLinuxOptions }} +{{ with (merge .Values.seLinuxOptions (dict "type" "spc_t")) }} + seLinuxOptions: +{{ toYaml . | trim | indent 14 }} +{{- end }} +{{- end }} +{{- if .Values.seccompProfile }} + seccompProfile: +{{ toYaml .Values.seccompProfile | trim | indent 14 }} +{{- end }} + command: ["install-cni"] + args: + {{- if or .Values.logging.level .Values.global.logging.level }} + - --log_output_level={{ coalesce .Values.logging.level .Values.global.logging.level }} + {{- end}} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end}} + envFrom: + - configMapRef: + name: {{ template "name" . }}-config + env: + - name: REPAIR_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: REPAIR_RUN_AS_DAEMON + value: "true" + - name: REPAIR_SIDECAR_ANNOTATION + value: "sidecar.istio.io/status" + {{- if not (and .Values.ambient.enabled .Values.ambient.shareHostNetworkNamespace) }} + - name: ALLOW_SWITCH_TO_HOST_NS + value: "true" + {{- end }} + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: '1' + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: '1' + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key }} + value: "{{ $val }}" + {{- end }} + {{- end }} + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + {{- if or .Values.repair.repairPods .Values.ambient.enabled }} + - mountPath: /host/proc + name: cni-host-procfs + readOnly: true + {{- end }} + - mountPath: /host/etc/cni/net.d + name: cni-net-dir + - mountPath: /var/run/istio-cni + name: cni-socket-dir + {{- if .Values.ambient.enabled }} + - mountPath: /host/var/run/netns + mountPropagation: HostToContainer + name: cni-netns-dir + - mountPath: /var/run/ztunnel + name: cni-ztunnel-sock-dir + {{ end }} + resources: +{{- if .Values.resources }} +{{ toYaml .Values.resources | trim | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | trim | indent 12 }} +{{- end }} + volumes: + # Used to install CNI. + - name: cni-bin-dir + hostPath: + path: {{ $detectedBinDir }} + {{- if or .Values.repair.repairPods .Values.ambient.enabled }} + - name: cni-host-procfs + hostPath: + path: /proc + type: Directory + {{- end }} + {{- if .Values.ambient.enabled }} + - name: cni-ztunnel-sock-dir + hostPath: + path: /var/run/ztunnel + type: DirectoryOrCreate + {{- end }} + - name: cni-net-dir + hostPath: + path: {{ .Values.cniConfDir }} + # Used for UDS sockets for logging, ambient eventing + - name: cni-socket-dir + hostPath: + path: /var/run/istio-cni + - name: cni-netns-dir + hostPath: + path: {{ .Values.cniNetnsDir }} + type: DirectoryOrCreate # DirectoryOrCreate instead of Directory for the following reason - CNI may not bind mount this until a non-hostnetwork pod is scheduled on the node, + # and we don't want to block CNI agent pod creation on waiting for the first non-hostnetwork pod. + # Once the CNI does mount this, it will get populated and we're good. diff --git a/resources/v1.27.6/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.27.6/charts/cni/templates/network-attachment-definition.yaml new file mode 100644 index 000000000..86a2eb7c0 --- /dev/null +++ b/resources/v1.27.6/charts/cni/templates/network-attachment-definition.yaml @@ -0,0 +1,11 @@ +{{- if eq .Values.provider "multus" }} +apiVersion: k8s.cni.cncf.io/v1 +kind: NetworkAttachmentDefinition +metadata: + name: {{ template "name" . }} + namespace: default + labels: + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +{{- end }} diff --git a/resources/v1.27.6/charts/cni/templates/resourcequota.yaml b/resources/v1.27.6/charts/cni/templates/resourcequota.yaml new file mode 100644 index 000000000..9a6d61ff9 --- /dev/null +++ b/resources/v1.27.6/charts/cni/templates/resourcequota.yaml @@ -0,0 +1,19 @@ +{{- if .Values.resourceQuotas.enabled }} +apiVersion: v1 +kind: ResourceQuota +metadata: + name: {{ template "name" . }}-resource-quota + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} +spec: + hard: + pods: {{ .Values.resourceQuotas.pods | quote }} + scopeSelector: + matchExpressions: + - operator: In + scopeName: PriorityClass + values: + - system-node-critical +{{- end }} diff --git a/resources/v1.27.6/charts/cni/templates/serviceaccount.yaml b/resources/v1.27.6/charts/cni/templates/serviceaccount.yaml new file mode 100644 index 000000000..3193d7b74 --- /dev/null +++ b/resources/v1.27.6/charts/cni/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ServiceAccount +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} +metadata: + name: {{ template "name" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" }} + operator.istio.io/component: "Cni" + app.kubernetes.io/name: {{ template "name" . }} + {{- include "istio.labels" . | nindent 4 }} diff --git a/resources/v1.30-alpha.0a346609/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.27.6/charts/cni/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/templates/zzy_descope_legacy.yaml rename to resources/v1.27.6/charts/cni/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/templates/zzz_profile.yaml b/resources/v1.27.6/charts/cni/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/templates/zzz_profile.yaml rename to resources/v1.27.6/charts/cni/templates/zzz_profile.yaml diff --git a/resources/v1.27.6/charts/cni/values.yaml b/resources/v1.27.6/charts/cni/values.yaml new file mode 100644 index 000000000..a19463083 --- /dev/null +++ b/resources/v1.27.6/charts/cni/values.yaml @@ -0,0 +1,178 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + hub: "" + tag: "" + variant: "" + image: install-cni + pullPolicy: "" + + # Same as `global.logging.level`, but will override it if set + logging: + level: "" + + # Configuration file to insert istio-cni plugin configuration + # by default this will be the first file found in the cni-conf-dir + # Example + # cniConfFileName: 10-calico.conflist + + # CNI-and-platform specific path defaults. + # These may need to be set to platform-specific values, consult + # overrides for your platform in `manifests/helm-profiles/platform-*.yaml` + cniBinDir: /opt/cni/bin + cniConfDir: /etc/cni/net.d + cniConfFileName: "" + cniNetnsDir: "/var/run/netns" + + # If Istio owned CNI config is enabled, defaults to 02-istio-cni.conflist + istioOwnedCNIConfigFileName: "" + istioOwnedCNIConfig: false + + excludeNamespaces: + - kube-system + + # Allows user to set custom affinity for the DaemonSet + affinity: {} + + # Custom annotations on pod level, if you need them + podAnnotations: {} + + # Deploy the config files as plugin chain (value "true") or as standalone files in the conf dir (value "false")? + # Some k8s flavors (e.g. OpenShift) do not support the chain approach, set to false if this is the case + chained: true + + # Custom configuration happens based on the CNI provider. + # Possible values: "default", "multus" + provider: "default" + + # Configure ambient settings + ambient: + # If enabled, ambient redirection will be enabled + enabled: false + # If ambient is enabled, this selector will be used to identify the ambient-enabled pods + enablementSelectors: + - podSelector: + matchLabels: {istio.io/dataplane-mode: ambient} + - podSelector: + matchExpressions: + - { key: istio.io/dataplane-mode, operator: NotIn, values: [none] } + namespaceSelector: + matchLabels: {istio.io/dataplane-mode: ambient} + # Set ambient config dir path: defaults to /etc/ambient-config + configDir: "" + # If enabled, and ambient is enabled, DNS redirection will be enabled + dnsCapture: true + # If enabled, and ambient is enabled, enables ipv6 support + ipv6: true + # If enabled, and ambient is enabled, the CNI agent will reconcile incompatible iptables rules and chains at startup. + # This will eventually be enabled by default + reconcileIptablesOnStartup: false + # If enabled, and ambient is enabled, the CNI agent will always share the network namespace of the host node it is running on + shareHostNetworkNamespace: false + + + repair: + enabled: true + hub: "" + tag: "" + + # Repair controller has 3 modes. Pick which one meets your use cases. Note only one may be used. + # This defines the action the controller will take when a pod is detected as broken. + + # labelPods will label all pods with =. + # This is only capable of identifying broken pods; the user is responsible for fixing them (generally, by deleting them). + # Note this gives the DaemonSet a relatively high privilege, as modifying pod metadata/status can have wider impacts. + labelPods: false + # deletePods will delete any broken pod. These will then be rescheduled, hopefully onto a node that is fully ready. + # Note this gives the DaemonSet a relatively high privilege, as it can delete any Pod. + deletePods: false + # repairPods will dynamically repair any broken pod by setting up the pod networking configuration even after it has started. + # Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. + # This requires no RBAC privilege, but does require `securityContext.privileged/CAP_SYS_ADMIN`. + repairPods: true + + initContainerName: "istio-validation" + + brokenPodLabelKey: "cni.istio.io/uninitialized" + brokenPodLabelValue: "true" + + # Set to `type: RuntimeDefault` to use the default profile if available. + seccompProfile: {} + + # SELinux options to set in the istio-cni-node pods. You may need to set this to `type: spc_t` for some platforms. + seLinuxOptions: {} + + resources: + requests: + cpu: 100m + memory: 100Mi + + resourceQuotas: + enabled: false + pods: 5000 + + tolerations: + # Make sure istio-cni-node gets scheduled on all nodes. + - effect: NoSchedule + operator: Exists + # Mark the pod as a critical add-on for rescheduling. + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + + # K8s DaemonSet update strategy. + # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + revision: "" + + # For Helm compatibility. + ownerName: "" + + global: + # Default hub for Istio images. + # Releases are published to docker hub under 'istio' project. + # Dev builds from prow are on gcr.io + hub: gcr.io/istio-release + + # Default tag for Istio images. + tag: 1.27.6 + + # Variant of the image to use. + # Currently supported are: [debug, distroless] + variant: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent. + imagePullPolicy: "" + + # change cni scope level to control logging out of istio-cni-node DaemonSet + logging: + level: info + + logAsJson: false + + # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) + # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + # - private-registry-key + + # Default resources allocated + defaultResources: + requests: + cpu: 100m + memory: 100Mi + + # In order to use native nftable rules instead of iptable rules, set this flag to true. + nativeNftables: false + + # A `key: value` mapping of environment variables to add to the pod + env: {} diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/Chart.yaml b/resources/v1.27.6/charts/gateway/Chart.yaml similarity index 64% rename from resources/v1.30-alpha.0a346609/charts/gateway/Chart.yaml rename to resources/v1.27.6/charts/gateway/Chart.yaml index adfe22b1d..a2327378e 100644 --- a/resources/v1.30-alpha.0a346609/charts/gateway/Chart.yaml +++ b/resources/v1.27.6/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a +appVersion: 1.27.6 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - https://github.com/istio/istio type: application -version: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a +version: 1.27.6 diff --git a/resources/v1.27.6/charts/gateway/README.md b/resources/v1.27.6/charts/gateway/README.md new file mode 100644 index 000000000..5c064d165 --- /dev/null +++ b/resources/v1.27.6/charts/gateway/README.md @@ -0,0 +1,170 @@ +# Istio Gateway Helm Chart + +This chart installs an Istio gateway deployment. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `istio-ingressgateway`: + +```console +helm install istio-ingressgateway istio/gateway +``` + +## Uninstalling the Chart + +To uninstall/delete the `istio-ingressgateway` deployment: + +```console +helm delete istio-ingressgateway +``` + +## Configuration + +To view support configuration options and documentation, run: + +```console +helm show values istio/gateway +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. + +### OpenShift + +When deploying the gateway in an OpenShift cluster, use the `openshift` profile to override the default values, for example: + +```console +helm install istio-ingressgateway istio/gateway --set profile=openshift +``` + +### `image: auto` Information + +The image used by the chart, `auto`, may be unintuitive. +This exists because the pod spec will be automatically populated at runtime, using the same mechanism as [Sidecar Injection](istio.io/latest/docs/setup/additional-setup/sidecar-injection). +This allows the same configurations and lifecycle to apply to gateways as sidecars. + +Note: this does mean that the namespace the gateway is deployed in must not have the `istio-injection=disabled` label. +See [Controlling the injection policy](https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy) for more info. + +### Examples + +#### Egress Gateway + +Deploying a Gateway to be used as an [Egress Gateway](https://istio.io/latest/docs/tasks/traffic-management/egress/egress-gateway/): + +```yaml +service: + # Egress gateways do not need an external LoadBalancer IP + type: ClusterIP +``` + +#### Multi-network/VM Gateway + +Deploying a Gateway to be used as a [Multi-network Gateway](https://istio.io/latest/docs/setup/install/multicluster/) for network `network-1`: + +```yaml +networkGateway: network-1 +``` + +### Migrating from other installation methods + +Installations from other installation methods (such as istioctl, Istio Operator, other helm charts, etc) can be migrated to use the new Helm charts +following the guidance below. +If you are able to, a clean installation is simpler. However, this often requires an external IP migration which can be challenging. + +WARNING: when installing over an existing deployment, the two deployments will be merged together by Helm, which may lead to unexpected results. + +#### Legacy Gateway Helm charts + +Istio historically offered two different charts - `manifests/charts/gateways/istio-ingress` and `manifests/charts/gateways/istio-egress`. +These are replaced by this chart. +While not required, it is recommended all new users use this chart, and existing users migrate when possible. + +This chart has the following benefits and differences: +* Designed with Helm best practices in mind (standardized values options, values schema, values are not all nested under `gateways.istio-ingressgateway.*`, release name and namespace taken into account, etc). +* Utilizes Gateway injection, simplifying upgrades, allowing gateways to run in any namespace, and avoiding repeating config for sidecars and gateways. +* Published to official Istio Helm repository. +* Single chart for all gateways (Ingress, Egress, East West). + +#### General concerns + +For a smooth migration, the resource names and `Deployment.spec.selector` labels must match. + +If you install with `helm install istio-gateway istio/gateway`, resources will be named `istio-gateway` and the `selector` labels set to: + +```yaml +app: istio-gateway +istio: gateway # the release name with leading istio- prefix stripped +``` + +If your existing installation doesn't follow these names, you can override them. For example, if you have resources named `my-custom-gateway` with `selector` labels +`foo=bar,istio=ingressgateway`: + +```yaml +name: my-custom-gateway # Override the name to match existing resources +labels: + app: "" # Unset default app selector label + istio: ingressgateway # override default istio selector label + foo: bar # Add the existing custom selector label +``` + +#### Migrating an existing Helm release + +An existing helm release can be `helm upgrade`d to this chart by using the same release name. For example, if a previous +installation was done like: + +```console +helm install istio-ingress manifests/charts/gateways/istio-ingress -n istio-system +``` + +It could be upgraded with + +```console +helm upgrade istio-ingress manifests/charts/gateway -n istio-system --set name=istio-ingressgateway --set labels.app=istio-ingressgateway --set labels.istio=ingressgateway +``` + +Note the name and labels are overridden to match the names of the existing installation. + +Warning: the helm charts here default to using port 80 and 443, while the old charts used 8080 and 8443. +If you have AuthorizationPolicies that reference port these ports, you should update them during this process, +or customize the ports to match the old defaults. +See the [security advisory](https://istio.io/latest/news/security/istio-security-2021-002/) for more information. + +#### Other migrations + +If you see errors like `rendered manifests contain a resource that already exists` during installation, you may need to forcibly take ownership. + +The script below can handle this for you. Replace `RELEASE` and `NAMESPACE` with the name and namespace of the release: + +```console +KINDS=(service deployment) +RELEASE=istio-ingressgateway +NAMESPACE=istio-system +for KIND in "${KINDS[@]}"; do + kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-name=$RELEASE + kubectl --namespace $NAMESPACE --overwrite=true annotate $KIND $RELEASE meta.helm.sh/release-namespace=$NAMESPACE + kubectl --namespace $NAMESPACE --overwrite=true label $KIND $RELEASE app.kubernetes.io/managed-by=Helm +done +``` + +You may ignore errors about resources not being found. diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-ambient.yaml b/resources/v1.27.6/charts/gateway/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/files/profile-ambient.yaml rename to resources/v1.27.6/charts/gateway/files/profile-ambient.yaml diff --git a/resources/v1.27.6/charts/gateway/files/profile-compatibility-version-1.24.yaml b/resources/v1.27.6/charts/gateway/files/profile-compatibility-version-1.24.yaml new file mode 100644 index 000000000..4f3dbef7e --- /dev/null +++ b/resources/v1.27.6/charts/gateway/files/profile-compatibility-version-1.24.yaml @@ -0,0 +1,15 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + PILOT_ENABLE_IP_AUTOALLOCATE: "false" + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + dnsCapture: false + reconcileIptablesOnStartup: false + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.6/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.27.6/charts/gateway/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 000000000..b2f45948c --- /dev/null +++ b/resources/v1.27.6/charts/gateway/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.6/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.27.6/charts/gateway/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 000000000..af1069732 --- /dev/null +++ b/resources/v1.27.6/charts/gateway/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" \ No newline at end of file diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-demo.yaml b/resources/v1.27.6/charts/gateway/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/files/profile-demo.yaml rename to resources/v1.27.6/charts/gateway/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.27.6/charts/gateway/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-gke.yaml rename to resources/v1.27.6/charts/gateway/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.27.6/charts/gateway/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-k3d.yaml rename to resources/v1.27.6/charts/gateway/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.27.6/charts/gateway/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-k3s.yaml rename to resources/v1.27.6/charts/gateway/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.27.6/charts/gateway/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-microk8s.yaml rename to resources/v1.27.6/charts/gateway/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.27.6/charts/gateway/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-minikube.yaml rename to resources/v1.27.6/charts/gateway/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.27.6/charts/gateway/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/files/profile-platform-openshift.yaml rename to resources/v1.27.6/charts/gateway/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-preview.yaml b/resources/v1.27.6/charts/gateway/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/files/profile-preview.yaml rename to resources/v1.27.6/charts/gateway/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-remote.yaml b/resources/v1.27.6/charts/gateway/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/files/profile-remote.yaml rename to resources/v1.27.6/charts/gateway/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-stable.yaml b/resources/v1.27.6/charts/gateway/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/files/profile-stable.yaml rename to resources/v1.27.6/charts/gateway/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/templates/NOTES.txt b/resources/v1.27.6/charts/gateway/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/templates/NOTES.txt rename to resources/v1.27.6/charts/gateway/templates/NOTES.txt diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/templates/_helpers.tpl b/resources/v1.27.6/charts/gateway/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/templates/_helpers.tpl rename to resources/v1.27.6/charts/gateway/templates/_helpers.tpl diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/templates/deployment.yaml b/resources/v1.27.6/charts/gateway/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/templates/deployment.yaml rename to resources/v1.27.6/charts/gateway/templates/deployment.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/templates/hpa.yaml b/resources/v1.27.6/charts/gateway/templates/hpa.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/templates/hpa.yaml rename to resources/v1.27.6/charts/gateway/templates/hpa.yaml diff --git a/resources/v1.27.6/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.27.6/charts/gateway/templates/poddisruptionbudget.yaml new file mode 100644 index 000000000..b0155cdf0 --- /dev/null +++ b/resources/v1.27.6/charts/gateway/templates/poddisruptionbudget.yaml @@ -0,0 +1,18 @@ +{{- if .Values.podDisruptionBudget }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} +spec: + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + {{- with .Values.podDisruptionBudget }} + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/templates/role.yaml b/resources/v1.27.6/charts/gateway/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/templates/role.yaml rename to resources/v1.27.6/charts/gateway/templates/role.yaml diff --git a/resources/v1.27.6/charts/gateway/templates/service.yaml b/resources/v1.27.6/charts/gateway/templates/service.yaml new file mode 100644 index 000000000..e8e2cdb58 --- /dev/null +++ b/resources/v1.27.6/charts/gateway/templates/service.yaml @@ -0,0 +1,72 @@ +{{- if not (eq .Values.service.type "None") }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.networkGateway }} + topology.istio.io/network: "{{.}}" + {{- end }} + annotations: + {{- merge (deepCopy .Values.service.annotations) .Values.annotations | toYaml | nindent 4 }} +spec: +{{- with .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ . }}" +{{- end }} +{{- if eq .Values.service.type "LoadBalancer" }} + {{- if hasKey .Values.service "allocateLoadBalancerNodePorts" }} + allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }} + {{- end }} + {{- if hasKey .Values.service "loadBalancerClass" }} + loadBalancerClass: {{ .Values.service.loadBalancerClass }} + {{- end }} +{{- end }} +{{- if .Values.service.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} +{{- end }} +{{- if .Values.service.ipFamilies }} + ipFamilies: +{{- range .Values.service.ipFamilies }} + - {{ . }} +{{- end }} +{{- end }} +{{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml . | indent 4 }} +{{- end }} +{{- with .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: "{{ . }}" +{{- end }} + type: {{ .Values.service.type }} + ports: +{{- if .Values.networkGateway }} + - name: status-port + port: 15021 + targetPort: 15021 + - name: tls + port: 15443 + targetPort: 15443 + - name: tls-istiod + port: 15012 + targetPort: 15012 + - name: tls-webhook + port: 15017 + targetPort: 15017 +{{- else }} +{{ .Values.service.ports | toYaml | indent 4 }} +{{- end }} +{{- if .Values.service.externalIPs }} + externalIPs: {{- range .Values.service.externalIPs }} + - {{.}} + {{- end }} +{{- end }} + selector: + {{- include "gateway.selectorLabels" . | nindent 4 }} + {{- with .Values.service.selectorLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/templates/serviceaccount.yaml b/resources/v1.27.6/charts/gateway/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/templates/serviceaccount.yaml rename to resources/v1.27.6/charts/gateway/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/templates/zzz_profile.yaml b/resources/v1.27.6/charts/gateway/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/templates/zzz_profile.yaml rename to resources/v1.27.6/charts/gateway/templates/zzz_profile.yaml diff --git a/resources/v1.27.6/charts/gateway/values.schema.json b/resources/v1.27.6/charts/gateway/values.schema.json new file mode 100644 index 000000000..c28db4513 --- /dev/null +++ b/resources/v1.27.6/charts/gateway/values.schema.json @@ -0,0 +1,359 @@ +{ + "$schema": "http://json-schema.org/schema#", + "$defs": { + "values": { + "type": "object", + "additionalProperties": false, + "properties": { + "_internal_defaults_do_not_set": { + "type": "object" + }, + "global": { + "type": "object" + }, + "affinity": { + "type": "object" + }, + "securityContext": { + "type": [ + "object", + "null" + ] + }, + "containerSecurityContext": { + "type": [ + "object", + "null" + ] + }, + "kind": { + "type": "string", + "enum": [ + "Deployment", + "DaemonSet" + ] + }, + "annotations": { + "additionalProperties": { + "type": [ + "string", + "integer" + ] + }, + "type": "object" + }, + "autoscaling": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "maxReplicas": { + "type": "integer" + }, + "minReplicas": { + "type": "integer" + }, + "targetCPUUtilizationPercentage": { + "type": "integer" + } + } + }, + "env": { + "type": "object" + }, + "envVarFrom": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { "type": "string" }, + "valueFrom": { "type": "object" } + } + } + }, + "strategy": { + "type": "object" + }, + "minReadySeconds": { + "type": [ "null", "integer" ] + }, + "readinessProbe": { + "type": [ "null", "object" ] + }, + "labels": { + "type": "object" + }, + "name": { + "type": "string" + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object", + "properties": { + "inject.istio.io/templates": { + "type": "string" + }, + "prometheus.io/path": { + "type": "string" + }, + "prometheus.io/port": { + "type": "string" + }, + "prometheus.io/scrape": { + "type": "string" + } + } + }, + "replicaCount": { + "type": [ + "integer", + "null" + ] + }, + "resources": { + "type": "object", + "properties": { + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": ["string", "null"] + }, + "memory": { + "type": ["string", "null"] + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": ["string", "null"] + }, + "memory": { + "type": ["string", "null"] + } + } + } + } + }, + "revision": { + "type": "string" + }, + "defaultRevision": { + "type": "string" + }, + "compatibilityVersion": { + "type": "string" + }, + "profile": { + "type": "string" + }, + "platform": { + "type": "string" + }, + "pilot": { + "type": "object" + }, + "runAsRoot": { + "type": "boolean" + }, + "unprivilegedPort": { + "type": [ + "string", + "boolean" + ], + "enum": [ + true, + false, + "auto" + ] + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "selectorLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "externalTrafficPolicy": { + "type": "string" + }, + "loadBalancerIP": { + "type": "string" + }, + "loadBalancerSourceRanges": { + "type": "array" + }, + "ipFamilies": { + "items": { + "type": "string", + "enum": [ + "IPv4", + "IPv6" + ] + } + }, + "ipFamilyPolicy": { + "type": "string", + "enum": [ + "", + "SingleStack", + "PreferDualStack", + "RequireDualStack" + ] + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "targetPort": { + "type": "integer" + } + } + } + }, + "type": { + "type": "string" + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "name": { + "type": "string" + }, + "create": { + "type": "boolean" + } + } + }, + "rbac": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "array" + }, + "networkGateway": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string", + "enum": [ + "", + "Always", + "IfNotPresent", + "Never" + ] + }, + "imagePullSecrets": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + } + } + }, + "podDisruptionBudget": { + "type": "object", + "properties": { + "minAvailable": { + "type": [ + "integer", + "string" + ] + }, + "maxUnavailable": { + "type": [ + "integer", + "string" + ] + }, + "unhealthyPodEvictionPolicy": { + "type": "string", + "enum": [ + "", + "IfHealthyBudget", + "AlwaysAllow" + ] + } + } + }, + "terminationGracePeriodSeconds": { + "type": "number" + }, + "volumes": { + "type": "array", + "items": { + "type": "object" + } + }, + "volumeMounts": { + "type": "array", + "items": { + "type": "object" + } + }, + "initContainers": { + "type": "array", + "items": { "type": "object" } + }, + "additionalContainers": { + "type": "array", + "items": { "type": "object" } + }, + "priorityClassName": { + "type": "string" + }, + "lifecycle": { + "type": "object", + "properties": { + "postStart": { + "type": "object" + }, + "preStop": { + "type": "object" + } + } + } + } + } + }, + "defaults": { + "$ref": "#/$defs/values" + }, + "$ref": "#/$defs/values" +} diff --git a/resources/v1.27.6/charts/gateway/values.yaml b/resources/v1.27.6/charts/gateway/values.yaml new file mode 100644 index 000000000..c5ac32ad2 --- /dev/null +++ b/resources/v1.27.6/charts/gateway/values.yaml @@ -0,0 +1,194 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + # Name allows overriding the release name. Generally this should not be set + name: "" + # revision declares which revision this gateway is a part of + revision: "" + + # Controls the spec.replicas setting for the Gateway deployment if set. + # Otherwise defaults to Kubernetes Deployment default (1). + replicaCount: + + kind: Deployment + + rbac: + # If enabled, roles will be created to enable accessing certificates from Gateways. This is not needed + # when using http://gateway-api.org/. + enabled: true + + serviceAccount: + # If set, a service account will be created. Otherwise, the default is used + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set, the release name is used + name: "" + + podAnnotations: + prometheus.io/port: "15020" + prometheus.io/scrape: "true" + prometheus.io/path: "/stats/prometheus" + inject.istio.io/templates: "gateway" + sidecar.istio.io/inject: "true" + + # Define the security context for the pod. + # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. + # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. + securityContext: {} + containerSecurityContext: {} + + service: + # Type of service. Set to "None" to disable the service entirely + type: LoadBalancer + # Additional labels to add to the service selector + selectorLabels: {} + ports: + - name: status-port + port: 15021 + protocol: TCP + targetPort: 15021 + - name: http2 + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 + annotations: {} + loadBalancerIP: "" + loadBalancerSourceRanges: [] + externalTrafficPolicy: "" + externalIPs: [] + ipFamilyPolicy: "" + ipFamilies: [] + ## Whether to automatically allocate NodePorts (only for LoadBalancers). + # allocateLoadBalancerNodePorts: false + ## Set LoadBalancer class (only for LoadBalancers). + # loadBalancerClass: "" + + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 2000m + memory: 1024Mi + + autoscaling: + enabled: true + minReplicas: 1 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: {} + autoscaleBehavior: {} + + # Pod environment variables + env: {} + + # Use envVarFrom to define full environment variable entries with complex sources, + # such as valueFrom.secretKeyRef, valueFrom.configMapKeyRef. Each item must include a `name` and `valueFrom`. + # + # Example: + # envVarFrom: + # - name: EXAMPLE_SECRET + # valueFrom: + # secretKeyRef: + # name: example-name + # key: example-key + envVarFrom: [] + + # Deployment Update strategy + strategy: {} + + # Sets the Deployment minReadySeconds value + minReadySeconds: + + # Optionally configure a custom readinessProbe. By default the control plane + # automatically injects the readinessProbe. If you wish to override that + # behavior, you may define your own readinessProbe here. + readinessProbe: {} + + # Labels to apply to all resources + labels: + # By default, don't enroll gateways into the ambient dataplane + "istio.io/dataplane-mode": none + + # Annotations to apply to all resources + annotations: {} + + nodeSelector: {} + + tolerations: [] + + topologySpreadConstraints: [] + + affinity: {} + + # If specified, the gateway will act as a network gateway for the given network. + networkGateway: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent + imagePullPolicy: "" + + imagePullSecrets: [] + + # This value is used to configure a Kubernetes PodDisruptionBudget for the gateway. + # + # By default, the `podDisruptionBudget` is disabled (set to `{}`), + # which means that no PodDisruptionBudget resource will be created. + # + # To enable the PodDisruptionBudget, configure it by specifying the + # `minAvailable` or `maxUnavailable`. For example, to set the + # minimum number of available replicas to 1, you can update this value as follows: + # + # podDisruptionBudget: + # minAvailable: 1 + # + # Or, to allow a maximum of 1 unavailable replica, you can set: + # + # podDisruptionBudget: + # maxUnavailable: 1 + # + # You can also specify the `unhealthyPodEvictionPolicy` field, and the valid values are `IfHealthyBudget` and `AlwaysAllow`. + # For example, to set the `unhealthyPodEvictionPolicy` to `AlwaysAllow`, you can update this value as follows: + # + # podDisruptionBudget: + # minAvailable: 1 + # unhealthyPodEvictionPolicy: AlwaysAllow + # + # To disable the PodDisruptionBudget, you can leave it as an empty object `{}`: + # + # podDisruptionBudget: {} + # + podDisruptionBudget: {} + + # Sets the per-pod terminationGracePeriodSeconds setting. + terminationGracePeriodSeconds: 30 + + # A list of `Volumes` added into the Gateway Pods. See + # https://kubernetes.io/docs/concepts/storage/volumes/. + volumes: [] + + # A list of `VolumeMounts` added into the Gateway Pods. See + # https://kubernetes.io/docs/concepts/storage/volumes/. + volumeMounts: [] + + # Inject initContainers into the Gateway Pods. + initContainers: [] + + # Inject additional containers into the Gateway Pods. + additionalContainers: [] + + # Configure this to a higher priority class in order to make sure your Istio gateway pods + # will not be killed because of low priority class. + # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + # for more detail. + priorityClassName: "" + + # Configure the lifecycle hooks for the gateway. See + # https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/. + lifecycle: {} diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/Chart.yaml b/resources/v1.27.6/charts/istiod/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.0a346609/charts/istiod/Chart.yaml rename to resources/v1.27.6/charts/istiod/Chart.yaml index cc422b9aa..add31efd3 100644 --- a/resources/v1.30-alpha.0a346609/charts/istiod/Chart.yaml +++ b/resources/v1.27.6/charts/istiod/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a +appVersion: 1.27.6 description: Helm chart for istio control plane icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ keywords: name: istiod sources: - https://github.com/istio/istio -version: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a +version: 1.27.6 diff --git a/resources/v1.27.6/charts/istiod/README.md b/resources/v1.27.6/charts/istiod/README.md new file mode 100644 index 000000000..ddbfbc8fe --- /dev/null +++ b/resources/v1.27.6/charts/istiod/README.md @@ -0,0 +1,73 @@ +# Istiod Helm Chart + +This chart installs an Istiod deployment. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +Before installing, ensure CRDs are installed in the cluster (from the `istio/base` chart). + +To install the chart with the release name `istiod`: + +```console +kubectl create namespace istio-system +helm install istiod istio/istiod --namespace istio-system +``` + +## Uninstalling the Chart + +To uninstall/delete the `istiod` deployment: + +```console +helm delete istiod --namespace istio-system +``` + +## Configuration + +To view support configuration options and documentation, run: + +```console +helm show values istio/istiod +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. + +### Examples + +#### Configuring mesh configuration settings + +Any [Mesh Config](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/) options can be configured like below: + +```yaml +meshConfig: + accessLogFile: /dev/stdout +``` + +#### Revisions + +Control plane revisions allow deploying multiple versions of the control plane in the same cluster. +This allows safe [canary upgrades](https://istio.io/latest/docs/setup/upgrade/canary/) + +```yaml +revision: my-revision-name +``` diff --git a/resources/v1.27.6/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.27.6/charts/istiod/files/gateway-injection-template.yaml new file mode 100644 index 000000000..bc15ee3c3 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/files/gateway-injection-template.yaml @@ -0,0 +1,274 @@ +{{- $containers := list }} +{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} +metadata: + labels: + service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} + service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} + annotations: + istio.io/rev: {{ .Revision | default "default" | quote }} + {{- if ge (len $containers) 1 }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} + kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}" + {{- end }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} + kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}" + {{- end }} + {{- end }} +spec: + securityContext: + {{- if .Values.gateways.securityContext }} + {{- toYaml .Values.gateways.securityContext | nindent 4 }} + {{- else }} + sysctls: + - name: net.ipv4.ip_unprivileged_port_start + value: "0" + {{- end }} + containers: + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} + - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} + - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.lifecycle }} + lifecycle: + {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} + {{- end }} + securityContext: + runAsUser: {{ .ProxyUID | default "1337" }} + runAsGroup: {{ .ProxyGID | default "1337" }} + env: + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + {{- if .CompliancePolicy }} + - name: COMPLIANCE_POLICY + value: "{{ .CompliancePolicy }}" + {{- end }} + - name: ISTIO_META_APP_CONTAINERS + value: "{{ $containers | join "," }}" + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ .ProxyConfig.InterceptionMode.String }}" + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{- if .DeploymentMeta.Name }} + - name: ISTIO_META_WORKLOAD_NAME + value: "{{ .DeploymentMeta.Name }}" + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: ISTIO_BOOTSTRAP_OVERRIDE + value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" + {{- end }} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + readinessProbe: + httpGet: + path: /healthz/ready + port: 15021 + initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }} + timeoutSeconds: 3 + failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + - name: credential-socket + mountPath: /var/run/secrets/credential-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - mountPath: /etc/istio/custom-bootstrap + name: custom-bootstrap-volume + {{- end }} + # SDS channel between istioagent and Envoy + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- end }} + - name: istio-podinfo + mountPath: /etc/istio/pod + volumes: + - emptyDir: + name: workload-socket + - emptyDir: {} + name: credential-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else}} + - emptyDir: {} + name: workload-certs + {{- end }} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: custom-bootstrap-volume + configMap: + name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/grpc-agent.yaml b/resources/v1.27.6/charts/istiod/files/grpc-agent.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/grpc-agent.yaml rename to resources/v1.27.6/charts/istiod/files/grpc-agent.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/grpc-simple.yaml b/resources/v1.27.6/charts/istiod/files/grpc-simple.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/grpc-simple.yaml rename to resources/v1.27.6/charts/istiod/files/grpc-simple.yaml diff --git a/resources/v1.27.6/charts/istiod/files/injection-template.yaml b/resources/v1.27.6/charts/istiod/files/injection-template.yaml new file mode 100644 index 000000000..468e9ac4a --- /dev/null +++ b/resources/v1.27.6/charts/istiod/files/injection-template.yaml @@ -0,0 +1,541 @@ +{{- define "resources" }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} + requests: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` | quote }} + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` | quote }} + {{ end }} + {{- end }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + limits: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` | quote }} + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` | quote }} + {{ end }} + {{- end }} + {{- else }} + {{- if .Values.global.proxy.resources }} + {{ toYaml .Values.global.proxy.resources | indent 6 }} + {{- end }} + {{- end }} +{{- end }} +{{ $tproxy := (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) }} +{{ $capNetBindService := (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) }} +{{ $nativeSidecar := ne (index .ObjectMeta.Annotations `sidecar.istio.io/nativeSidecar` | default (printf "%t" .NativeSidecars)) "false" }} +{{- $containers := list }} +{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} +metadata: + labels: + security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio" | quote }} + {{- if eq (index .ProxyConfig.ProxyMetadata "ISTIO_META_ENABLE_HBONE") "true" }} + networking.istio.io/tunnel: {{ index .ObjectMeta.Labels `networking.istio.io/tunnel` | default "http" | quote }} + {{- end }} + service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | trunc 63 | trimSuffix "-" | quote }} + service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} + annotations: { + istio.io/rev: {{ .Revision | default "default" | quote }}, + {{- if ge (len $containers) 1 }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} + kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", + {{- end }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} + kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", + {{- end }} + {{- end }} +{{- if .Values.pilot.cni.enabled }} + {{- if eq .Values.pilot.cni.provider "multus" }} + k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `default/istio-cni` }}', + {{- end }} + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", + {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} + {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}", + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} + traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", + {{- end }} + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}", + {{- end }} + {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }} + {{ with index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}istio.io/reroute-virtual-interfaces: "{{.}}",{{ end }} + {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}traffic.sidecar.istio.io/excludeInterfaces: "{{.}}",{{ end }} +{{- end }} + } +spec: + {{- $holdProxy := and + (or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts) + (not $nativeSidecar) }} + {{- $noInitContainer := and + (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE`) + (not $nativeSidecar) }} + {{ if $noInitContainer }} + initContainers: [] + {{ else -}} + initContainers: + {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} + {{ if .Values.pilot.cni.enabled -}} + - name: istio-validation + {{ else -}} + - name: istio-init + {{ end -}} + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + args: + - istio-iptables + - "-p" + - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }} + - "-z" + - {{ .MeshConfig.ProxyInboundListenPort | default "15006" | quote }} + - "-u" + - {{ if $tproxy }} "1337" {{ else }} {{ .ProxyUID | default "1337" | quote }} {{ end }} + - "-m" + - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + - "-i" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + - "-x" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + - "-b" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}" + - "-d" + {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} + - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{- else }} + - "15090,15021" + {{- end }} + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} + - "-q" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" + {{ end -}} + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} + - "-o" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{ end -}} + {{ if (isset .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces`) -}} + - "-k" + - "{{ index .ObjectMeta.Annotations `istio.io/reroute-virtual-interfaces` }}" + {{ else if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} + - "-k" + - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" + {{ end -}} + {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces`) -}} + - "-c" + - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeInterfaces` }}" + {{ end -}} + - "--log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }}" + {{ if .Values.global.logAsJson -}} + - "--log_as_json" + {{ end -}} + {{ if .Values.pilot.cni.enabled -}} + - "--run-validation" + - "--skip-rule-apply" + {{ else if .Values.global.proxy_init.forceApplyIptables -}} + - "--force-apply" + {{ end -}} + {{ if .Values.global.nativeNftables -}} + - "--native-nftables" + {{ end -}} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + {{- if .ProxyConfig.ProxyMetadata }} + env: + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + resources: + {{ template "resources" . }} + securityContext: + allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} + privileged: {{ .Values.global.proxy.privileged }} + capabilities: + {{- if not .Values.pilot.cni.enabled }} + add: + - NET_ADMIN + - NET_RAW + {{- end }} + drop: + - ALL + {{- if not .Values.pilot.cni.enabled }} + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + {{- else }} + readOnlyRootFilesystem: true + runAsGroup: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyGID | default "1337" }} {{ end }} + runAsUser: {{ if $tproxy }} 1337 {{ else }} {{ .ProxyUID | default "1337" }} {{ end }} + runAsNonRoot: true + {{- end }} + {{ end -}} + {{ end -}} + {{ if not $nativeSidecar }} + containers: + {{ end }} + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + {{ if $nativeSidecar }}restartPolicy: Always{{end}} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} + - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} + - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.outlierLogPath }} + - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} + {{- end}} + {{- if .Values.global.proxy.lifecycle }} + lifecycle: + {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} + {{- else if $holdProxy }} + lifecycle: + postStart: + exec: + command: + - pilot-agent + - wait + {{- else if $nativeSidecar }} + {{- /* preStop is called when the pod starts shutdown. Initialize drain. We will get SIGTERM once applications are torn down. */}} + lifecycle: + preStop: + exec: + command: + - pilot-agent + - request + - --debug-port={{(annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort)}} + - POST + - drain + {{- end }} + env: + {{- if eq .InboundTrafficPolicyMode "localhost" }} + - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION + value: "true" + {{- end }} + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: ISTIO_META_APP_CONTAINERS + value: "{{ $containers | join "," }}" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + {{- if .CompliancePolicy }} + - name: COMPLIANCE_POLICY + value: "{{ .CompliancePolicy }}" + {{- end }} + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{- with (index .ObjectMeta.Labels `service.istio.io/workload-name` | default .DeploymentMeta.Name) }} + - name: ISTIO_META_WORKLOAD_NAME + value: "{{ . }}" + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: ISTIO_BOOTSTRAP_OVERRIDE + value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" + {{- end }} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} + {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} + {{ if .Values.global.proxy.startupProbe.enabled }} + startupProbe: + httpGet: + path: /healthz/ready + port: 15021 + initialDelaySeconds: 0 + periodSeconds: 1 + timeoutSeconds: 3 + failureThreshold: {{ .Values.global.proxy.startupProbe.failureThreshold }} + {{ end }} + readinessProbe: + httpGet: + path: /healthz/ready + port: 15021 + initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} + timeoutSeconds: 3 + failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} + {{ end -}} + securityContext: + {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }} + allowPrivilegeEscalation: true + capabilities: + add: + - NET_ADMIN + drop: + - ALL + privileged: true + readOnlyRootFilesystem: true + runAsGroup: {{ .ProxyGID | default "1337" }} + runAsNonRoot: false + runAsUser: 0 + {{- else }} + allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} + capabilities: + {{ if or $tproxy $capNetBindService -}} + add: + {{ if $tproxy -}} + - NET_ADMIN + {{- end }} + {{ if $capNetBindService -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} + drop: + - ALL + privileged: {{ .Values.global.proxy.privileged }} + readOnlyRootFilesystem: true + {{ if or $tproxy $capNetBindService -}} + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 1337 + {{- else -}} + runAsNonRoot: true + runAsUser: {{ .ProxyUID | default "1337" }} + runAsGroup: {{ .ProxyGID | default "1337" }} + {{- end }} + {{- end }} + resources: + {{ template "resources" . }} + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + - name: credential-socket + mountPath: /var/run/secrets/credential-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + - mountPath: /var/run/secrets/istio/crl + name: istio-ca-crl + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - mountPath: /etc/istio/custom-bootstrap + name: custom-bootstrap-volume + {{- end }} + # SDS channel between istioagent and Envoy + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- end }} + - name: istio-podinfo + mountPath: /etc/istio/pod + {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} + - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }} + name: lightstep-certs + readOnly: true + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} + {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 6 }} + {{ end }} + {{- end }} + volumes: + - emptyDir: + name: workload-socket + - emptyDir: + name: credential-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else }} + - emptyDir: + name: workload-certs + {{- end }} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: custom-bootstrap-volume + configMap: + name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + - name: istio-ca-crl + configMap: + name: istio-ca-crl + optional: true + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} + {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 4 }} + {{ end }} + {{ end }} + {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} + - name: lightstep-certs + secret: + optional: true + secretName: lightstep.cacert + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} diff --git a/resources/v1.27.6/charts/istiod/files/kube-gateway.yaml b/resources/v1.27.6/charts/istiod/files/kube-gateway.yaml new file mode 100644 index 000000000..616fb42c7 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/files/kube-gateway.yaml @@ -0,0 +1,401 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{.ServiceAccount | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + {{- if ge .KubeVersion 128 }} + # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" + {{- end }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.istio.io/managed" "istio.io-gateway-controller" + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + selector: + matchLabels: + "{{.GatewayNameLabel}}": {{.Name}} + template: + metadata: + annotations: + {{- toJsonMap + (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") + (strdict "istio.io/rev" (.Revision | default "default")) + (strdict + "prometheus.io/path" "/stats/prometheus" + "prometheus.io/port" "15020" + "prometheus.io/scrape" "true" + ) | nindent 8 }} + labels: + {{- toJsonMap + (strdict + "sidecar.istio.io/inject" "false" + "service.istio.io/canonical-name" .DeploymentName + "service.istio.io/canonical-revision" "latest" + ) + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.istio.io/managed" "istio.io-gateway-controller" + ) | nindent 8 }} + spec: + securityContext: + {{- if .Values.gateways.securityContext }} + {{- toYaml .Values.gateways.securityContext | nindent 8 }} + {{- else }} + sysctls: + - name: net.ipv4.ip_unprivileged_port_start + value: "0" + {{- if .Values.gateways.seccompProfile }} + seccompProfile: + {{- toYaml .Values.gateways.seccompProfile | nindent 10 }} + {{- end }} + {{- end }} + serviceAccountName: {{.ServiceAccount | quote}} + containers: + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + {{- if .Values.global.proxy.resources }} + resources: + {{- toYaml .Values.global.proxy.resources | nindent 10 }} + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + securityContext: + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsUser: {{ .ProxyUID | default "1337" }} + runAsGroup: {{ .ProxyGID | default "1337" }} + runAsNonRoot: true + ports: + - containerPort: 15020 + name: metrics + protocol: TCP + - containerPort: 15021 + name: status-port + protocol: TCP + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} + - --proxyComponentLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} + - --log_output_level + - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.lifecycle }} + lifecycle: + {{- toYaml .Values.global.proxy.lifecycle | nindent 10 }} + {{- end }} + env: + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: "[]" + - name: ISTIO_META_APP_CONTAINERS + value: "" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName .ClusterID }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ .ProxyConfig.InterceptionMode.String }}" + {{- with (valueOrDefault (index .InfrastructureLabels "topology.istio.io/network") .Values.global.network) }} + - name: ISTIO_META_NETWORK + value: {{.|quote}} + {{- end }} + - name: ISTIO_META_WORKLOAD_NAME + value: {{.DeploymentName|quote}} + - name: ISTIO_META_OWNER + value: "kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}}" + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- with (index .InfrastructureLabels "topology.istio.io/network") }} + - name: ISTIO_META_REQUESTED_NETWORK_VIEW + value: {{.|quote}} + {{- end }} + startupProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 4 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + - name: credential-socket + mountPath: /var/run/secrets/credential-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + # SDS channel between istioagent and Envoy + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + - name: istio-podinfo + mountPath: /etc/istio/pod + volumes: + - emptyDir: {} + name: workload-socket + - emptyDir: {} + name: credential-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else}} + - emptyDir: {} + name: workload-certs + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq ((.Values.pilot).env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + {{ toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: {{.UID}} +spec: + ipFamilyPolicy: PreferDualStack + ports: + {{- range $key, $val := .Ports }} + - name: {{ $val.Name | quote }} + port: {{ $val.Port }} + protocol: TCP + appProtocol: {{ $val.AppProtocol }} + {{- end }} + selector: + "{{.GatewayNameLabel}}": {{.Name}} + {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} + loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} + {{- end }} + type: {{ .ServiceType | quote }} +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{.DeploymentName | quote}} + maxReplicas: 1 +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + selector: + matchLabels: + gateway.networking.k8s.io/gateway-name: {{.Name|quote}} + diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-ambient.yaml b/resources/v1.27.6/charts/istiod/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/profile-ambient.yaml rename to resources/v1.27.6/charts/istiod/files/profile-ambient.yaml diff --git a/resources/v1.27.6/charts/istiod/files/profile-compatibility-version-1.24.yaml b/resources/v1.27.6/charts/istiod/files/profile-compatibility-version-1.24.yaml new file mode 100644 index 000000000..4f3dbef7e --- /dev/null +++ b/resources/v1.27.6/charts/istiod/files/profile-compatibility-version-1.24.yaml @@ -0,0 +1,15 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + PILOT_ENABLE_IP_AUTOALLOCATE: "false" + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + dnsCapture: false + reconcileIptablesOnStartup: false + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.6/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.27.6/charts/istiod/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 000000000..b2f45948c --- /dev/null +++ b/resources/v1.27.6/charts/istiod/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.6/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.27.6/charts/istiod/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 000000000..af1069732 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" \ No newline at end of file diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-demo.yaml b/resources/v1.27.6/charts/istiod/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/profile-demo.yaml rename to resources/v1.27.6/charts/istiod/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.27.6/charts/istiod/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-gke.yaml rename to resources/v1.27.6/charts/istiod/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.27.6/charts/istiod/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-k3d.yaml rename to resources/v1.27.6/charts/istiod/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.27.6/charts/istiod/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-k3s.yaml rename to resources/v1.27.6/charts/istiod/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.27.6/charts/istiod/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-microk8s.yaml rename to resources/v1.27.6/charts/istiod/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.27.6/charts/istiod/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-minikube.yaml rename to resources/v1.27.6/charts/istiod/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.27.6/charts/istiod/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/profile-platform-openshift.yaml rename to resources/v1.27.6/charts/istiod/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-preview.yaml b/resources/v1.27.6/charts/istiod/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/profile-preview.yaml rename to resources/v1.27.6/charts/istiod/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-remote.yaml b/resources/v1.27.6/charts/istiod/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/profile-remote.yaml rename to resources/v1.27.6/charts/istiod/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-stable.yaml b/resources/v1.27.6/charts/istiod/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/profile-stable.yaml rename to resources/v1.27.6/charts/istiod/files/profile-stable.yaml diff --git a/resources/v1.27.6/charts/istiod/files/waypoint.yaml b/resources/v1.27.6/charts/istiod/files/waypoint.yaml new file mode 100644 index 000000000..3e6a2f5dc --- /dev/null +++ b/resources/v1.27.6/charts/istiod/files/waypoint.yaml @@ -0,0 +1,396 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{.ServiceAccount | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + {{- if ge .KubeVersion 128 }} + # Safe since 1.28: https://github.com/kubernetes/kubernetes/pull/117412 + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" + {{- end }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.istio.io/managed" .ControllerLabel + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" +spec: + selector: + matchLabels: + "{{.GatewayNameLabel}}": "{{.Name}}" + template: + metadata: + annotations: + {{- toJsonMap + (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") + (strdict "istio.io/rev" (.Revision | default "default")) + (strdict + "prometheus.io/path" "/stats/prometheus" + "prometheus.io/port" "15020" + "prometheus.io/scrape" "true" + ) | nindent 8 }} + labels: + {{- toJsonMap + (strdict + "sidecar.istio.io/inject" "false" + "istio.io/dataplane-mode" "none" + "service.istio.io/canonical-name" .DeploymentName + "service.istio.io/canonical-revision" "latest" + ) + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + "gateway.istio.io/managed" .ControllerLabel + ) | nindent 8}} + spec: + {{- if .Values.global.waypoint.affinity }} + affinity: + {{- toYaml .Values.global.waypoint.affinity | nindent 8 }} + {{- end }} + {{- if .Values.global.waypoint.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml .Values.global.waypoint.topologySpreadConstraints | nindent 8 }} + {{- end }} + {{- if .Values.global.waypoint.nodeSelector }} + nodeSelector: + {{- toYaml .Values.global.waypoint.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.global.waypoint.tolerations }} + tolerations: + {{- toYaml .Values.global.waypoint.tolerations | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: 2 + serviceAccountName: {{.ServiceAccount | quote}} + containers: + - name: istio-proxy + ports: + - containerPort: 15020 + name: metrics + protocol: TCP + - containerPort: 15021 + name: status-port + protocol: TCP + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + args: + - proxy + - waypoint + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --serviceCluster + - {{.ServiceAccount}}.$(POD_NAMESPACE) + - --proxyLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel | quote}} + - --proxyComponentLogLevel + - {{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel | quote}} + - --log_output_level + - {{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level | quote}} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.outlierLogPath }} + - --outlierLogPath={{ .Values.global.proxy.outlierLogPath }} + {{- end}} + env: + - name: ISTIO_META_SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: ISTIO_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + {{- if .ProxyConfig.ProxyMetadata }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + {{- $network := valueOrDefault (index .InfrastructureLabels `topology.istio.io/network`) .Values.global.network }} + {{- if $network }} + - name: ISTIO_META_NETWORK + value: "{{ $network }}" + {{- end }} + - name: ISTIO_META_INTERCEPTION_MODE + value: REDIRECT + - name: ISTIO_META_WORKLOAD_NAME + value: {{.DeploymentName}} + - name: ISTIO_META_OWNER + value: kubernetes://apis/apps/v1/namespaces/{{.Namespace}}/deployments/{{.DeploymentName}} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- if .Values.global.waypoint.resources }} + resources: + {{- toYaml .Values.global.waypoint.resources | nindent 10 }} + {{- end }} + startupProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 4 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 0 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + privileged: false + {{- if not (eq .Values.global.platform "openshift") }} + runAsGroup: 1337 + runAsUser: 1337 + {{- end }} + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL +{{- if .Values.gateways.seccompProfile }} + seccompProfile: +{{- toYaml .Values.gateways.seccompProfile | nindent 12 }} +{{- end }} + volumeMounts: + - mountPath: /var/run/secrets/workload-spiffe-uds + name: workload-socket + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + - mountPath: /var/lib/istio/data + name: istio-data + - mountPath: /etc/istio/proxy + name: istio-envoy + - mountPath: /var/run/secrets/tokens + name: istio-token + - mountPath: /etc/istio/pod + name: istio-podinfo + volumes: + - emptyDir: {} + name: workload-socket + - emptyDir: + medium: Memory + name: istio-envoy + - emptyDir: + medium: Memory + name: go-proxy-envoy + - emptyDir: {} + name: istio-data + - emptyDir: {} + name: go-proxy-data + - downwardAPI: + items: + - fieldRef: + fieldPath: metadata.labels + path: labels + - fieldRef: + fieldPath: metadata.annotations + path: annotations + name: istio-podinfo + - name: istio-token + projected: + sources: + - serviceAccountToken: + audience: istio-ca + expirationSeconds: 43200 + path: istio-token + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + {{ toJsonMap + (strdict "networking.istio.io/traffic-distribution" "PreferClose") + (omit .InfrastructureAnnotations + "kubectl.kubernetes.io/last-applied-configuration" + "gateway.istio.io/name-override" + "gateway.istio.io/service-account" + "gateway.istio.io/controller-version" + ) | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: "{{.Name}}" + uid: "{{.UID}}" +spec: + ipFamilyPolicy: PreferDualStack + ports: + {{- range $key, $val := .Ports }} + - name: {{ $val.Name | quote }} + port: {{ $val.Port }} + protocol: TCP + appProtocol: {{ $val.AppProtocol }} + {{- end }} + selector: + "{{.GatewayNameLabel}}": "{{.Name}}" + {{- if and (.Spec.Addresses) (eq .ServiceType "LoadBalancer") }} + loadBalancerIP: {{ (index .Spec.Addresses 0).Value | quote}} + {{- end }} + type: {{ .ServiceType | quote }} +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{.DeploymentName | quote}} + maxReplicas: 1 +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{.DeploymentName | quote}} + namespace: {{.Namespace | quote}} + annotations: + {{- toJsonMap (omit .InfrastructureAnnotations "kubectl.kubernetes.io/last-applied-configuration" "gateway.istio.io/name-override" "gateway.istio.io/service-account" "gateway.istio.io/controller-version") | nindent 4 }} + labels: + {{- toJsonMap + .InfrastructureLabels + (strdict + "gateway.networking.k8s.io/gateway-name" .Name + ) | nindent 4 }} + ownerReferences: + - apiVersion: gateway.networking.k8s.io/v1beta1 + kind: Gateway + name: {{.Name}} + uid: "{{.UID}}" +spec: + selector: + matchLabels: + gateway.networking.k8s.io/gateway-name: {{.Name|quote}} + diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/NOTES.txt b/resources/v1.27.6/charts/istiod/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/NOTES.txt rename to resources/v1.27.6/charts/istiod/templates/NOTES.txt diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/_helpers.tpl b/resources/v1.27.6/charts/istiod/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/_helpers.tpl rename to resources/v1.27.6/charts/istiod/templates/_helpers.tpl diff --git a/resources/v1.27.6/charts/istiod/templates/autoscale.yaml b/resources/v1.27.6/charts/istiod/templates/autoscale.yaml new file mode 100644 index 000000000..9b952ba85 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/autoscale.yaml @@ -0,0 +1,43 @@ +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +{{- if and .Values.autoscaleEnabled .Values.autoscaleMin .Values.autoscaleMax }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + maxReplicas: {{ .Values.autoscaleMax }} + minReplicas: {{ .Values.autoscaleMin }} + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.cpu.targetAverageUtilization }} + {{- if .Values.memory.targetAverageUtilization }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.memory.targetAverageUtilization }} + {{- end }} + {{- if .Values.autoscaleBehavior }} + behavior: {{ toYaml .Values.autoscaleBehavior | nindent 4 }} + {{- end }} +--- +{{- end }} +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/clusterrole.yaml b/resources/v1.27.6/charts/istiod/templates/clusterrole.yaml new file mode 100644 index 000000000..d9c86f43f --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/clusterrole.yaml @@ -0,0 +1,213 @@ +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +rules: + # sidecar injection controller + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update", "patch"] + + # configuration validation webhook controller + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update"] + + # istio configuration + # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) + # please proceed with caution + - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] + verbs: ["get", "watch", "list"] + resources: ["*"] +{{- if .Values.global.istiod.enableAnalysis }} + - apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] + verbs: ["update", "patch"] + resources: + - authorizationpolicies/status + - destinationrules/status + - envoyfilters/status + - gateways/status + - peerauthentications/status + - proxyconfigs/status + - requestauthentications/status + - serviceentries/status + - sidecars/status + - telemetries/status + - virtualservices/status + - wasmplugins/status + - workloadentries/status + - workloadgroups/status +{{- end }} + - apiGroups: ["networking.istio.io"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "workloadentries" ] + - apiGroups: ["networking.istio.io"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "workloadentries/status", "serviceentries/status" ] + - apiGroups: ["security.istio.io"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "authorizationpolicies/status" ] + - apiGroups: [""] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "services/status" ] + + # auto-detect installed CRD definitions + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + + # discovery and routing + - apiGroups: [""] + resources: ["pods", "nodes", "services", "namespaces", "endpoints"] + verbs: ["get", "list", "watch"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] + +{{- if .Values.taint.enabled }} + - apiGroups: [""] + resources: ["nodes"] + verbs: ["patch"] +{{- end }} + + # ingress controller +{{- if .Values.global.istiod.enableAnalysis }} + - apiGroups: ["extensions", "networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["extensions", "networking.k8s.io"] + resources: ["ingresses/status"] + verbs: ["*"] +{{- end}} + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses", "ingressclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses/status"] + verbs: ["*"] + + # required for CA's namespace controller + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "get", "list", "watch", "update"] + + # Istiod and bootstrap. +{{- $omitCertProvidersForClusterRole := list "istiod" "custom" "none"}} +{{- if or .Values.env.EXTERNAL_CA (not (has .Values.global.pilotCertProvider $omitCertProvidersForClusterRole)) }} + - apiGroups: ["certificates.k8s.io"] + resources: + - "certificatesigningrequests" + - "certificatesigningrequests/approval" + - "certificatesigningrequests/status" + verbs: ["update", "create", "get", "delete", "watch"] + - apiGroups: ["certificates.k8s.io"] + resources: + - "signers" + resourceNames: +{{- range .Values.global.certSigners }} + - {{ . | quote }} +{{- end }} + verbs: ["approve"] +{{- end}} +{{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + - apiGroups: ["certificates.k8s.io"] + resources: ["clustertrustbundles"] + verbs: ["update", "create", "delete", "list", "watch", "get"] + - apiGroups: ["certificates.k8s.io"] + resources: ["signers"] + resourceNames: ["istio.io/istiod-ca"] + verbs: ["attest"] +{{- end }} + + # Used by Istiod to verify the JWT tokens + - apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] + + # Used by Istiod to verify gateway SDS + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] + + # Use for Kubernetes Service APIs + - apiGroups: ["gateway.networking.k8s.io", "gateway.networking.x-k8s.io"] + resources: ["*"] + verbs: ["get", "watch", "list"] + - apiGroups: ["gateway.networking.x-k8s.io"] + resources: + - xbackendtrafficpolicies/status + - xlistenersets/status + verbs: ["update", "patch"] + - apiGroups: ["gateway.networking.k8s.io"] + resources: + - backendtlspolicies/status + - gatewayclasses/status + - gateways/status + - grpcroutes/status + - httproutes/status + - referencegrants/status + - tcproutes/status + - tlsroutes/status + - udproutes/status + verbs: ["update", "patch"] + - apiGroups: ["gateway.networking.k8s.io"] + resources: ["gatewayclasses"] + verbs: ["create", "update", "patch", "delete"] + - apiGroups: ["inference.networking.x-k8s.io"] + resources: ["inferencepools"] + verbs: ["get", "watch", "list"] + - apiGroups: ["inference.networking.x-k8s.io"] + resources: ["inferencepools/status"] + verbs: ["update", "patch"] + + # Needed for multicluster secret reading, possibly ingress certs in the future + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] + + # Used for MCS serviceexport management + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceexports"] + verbs: [ "get", "watch", "list", "create", "delete"] + + # Used for MCS serviceimport management + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceimports"] + verbs: ["get", "watch", "list"] +--- +{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +rules: + - apiGroups: ["apps"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "deployments" ] + - apiGroups: ["autoscaling"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "horizontalpodautoscalers" ] + - apiGroups: ["policy"] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "poddisruptionbudgets" ] + - apiGroups: [""] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "services" ] + - apiGroups: [""] + verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ] + resources: [ "serviceaccounts"] +{{- end }} +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.27.6/charts/istiod/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..1b8fa4d07 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/clusterrolebinding.yaml @@ -0,0 +1,40 @@ +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istiod-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} +--- +{{- if not (eq (toString .Values.env.PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER) "false") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istiod-gateway-controller{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +subjects: +- kind: ServiceAccount + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} +{{- end }} +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.27.6/charts/istiod/templates/configmap-jwks.yaml new file mode 100644 index 000000000..9d931c406 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/configmap-jwks.yaml @@ -0,0 +1,18 @@ +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +{{- if .Values.jwksResolverExtraRootCA }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + release: {{ .Release.Name }} + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: + extra.pem: {{ .Values.jwksResolverExtraRootCA | quote }} +{{- end }} +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/configmap-values.yaml b/resources/v1.27.6/charts/istiod/templates/configmap-values.yaml new file mode 100644 index 000000000..75e6e0bcc --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/configmap-values.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: values{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + annotations: + kubernetes.io/description: This ConfigMap contains the Helm values used during chart rendering. This ConfigMap is rendered for debugging purposes and external tooling; modifying these values has no effect. + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: + original-values: |- +{{ .Values._original | toPrettyJson | indent 4 }} +{{- $_ := unset $.Values "_original" }} + merged-values: |- +{{ .Values | toPrettyJson | indent 4 }} diff --git a/resources/v1.27.6/charts/istiod/templates/configmap.yaml b/resources/v1.27.6/charts/istiod/templates/configmap.yaml new file mode 100644 index 000000000..a8446a6fc --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/configmap.yaml @@ -0,0 +1,111 @@ +{{- define "mesh" }} + # The trust domain corresponds to the trust root of a system. + # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain + trustDomain: "cluster.local" + + # The namespace to treat as the administrative root namespace for Istio configuration. + # When processing a leaf namespace Istio will search for declarations in that namespace first + # and if none are found it will search in the root namespace. Any matching declaration found in the root namespace + # is processed as if it were declared in the leaf namespace. + rootNamespace: {{ .Values.meshConfig.rootNamespace | default .Values.global.istioNamespace }} + + {{ $prom := include "default-prometheus" . | eq "true" }} + {{ $sdMetrics := include "default-sd-metrics" . | eq "true" }} + {{ $sdLogs := include "default-sd-logs" . | eq "true" }} + {{- if or $prom $sdMetrics $sdLogs }} + defaultProviders: + {{- if or $prom $sdMetrics }} + metrics: + {{ if $prom }}- prometheus{{ end }} + {{ if and $sdMetrics $sdLogs }}- stackdriver{{ end }} + {{- end }} + {{- if and $sdMetrics $sdLogs }} + accessLogging: + - stackdriver + {{- end }} + {{- end }} + + defaultConfig: + {{- if .Values.global.meshID }} + meshId: "{{ .Values.global.meshID }}" + {{- end }} + {{- with (.Values.global.proxy.variant | default .Values.global.variant) }} + image: + imageType: {{. | quote}} + {{- end }} + {{- if not (eq .Values.global.proxy.tracer "none") }} + tracing: + {{- if eq .Values.global.proxy.tracer "lightstep" }} + lightstep: + # Address of the LightStep Satellite pool + address: {{ .Values.global.tracer.lightstep.address }} + # Access Token used to communicate with the Satellite pool + accessToken: {{ .Values.global.tracer.lightstep.accessToken }} + {{- else if eq .Values.global.proxy.tracer "zipkin" }} + zipkin: + # Address of the Zipkin collector + address: {{ ((.Values.global.tracer).zipkin).address | default (print "zipkin." .Values.global.istioNamespace ":9411") }} + {{- else if eq .Values.global.proxy.tracer "datadog" }} + datadog: + # Address of the Datadog Agent + address: {{ ((.Values.global.tracer).datadog).address | default "$(HOST_IP):8126" }} + {{- else if eq .Values.global.proxy.tracer "stackdriver" }} + stackdriver: + # enables trace output to stdout. + debug: {{ (($.Values.global.tracer).stackdriver).debug | default "false" }} + # The global default max number of attributes per span. + maxNumberOfAttributes: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAttributes | default "200" }} + # The global default max number of annotation events per span. + maxNumberOfAnnotations: {{ (($.Values.global.tracer).stackdriver).maxNumberOfAnnotations | default "200" }} + # The global default max number of message events per span. + maxNumberOfMessageEvents: {{ (($.Values.global.tracer).stackdriver).maxNumberOfMessageEvents | default "200" }} + {{- end }} + {{- end }} + {{- if .Values.global.remotePilotAddress }} + {{- if and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod }} + # only primary `istiod` to xds and local `istiod` injection installs. + discoveryAddress: {{ printf "istiod-remote.%s.svc" .Release.Namespace }}:15012 + {{- else }} + discoveryAddress: {{ printf "istiod.%s.svc" .Release.Namespace }}:15012 + {{- end }} + {{- else }} + discoveryAddress: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{.Release.Namespace}}.svc:15012 + {{- end }} +{{- end }} + +{{/* We take the mesh config above, defined with individual values.yaml, and merge with .Values.meshConfig */}} +{{/* The intent here is that meshConfig.foo becomes the API, rather than re-inventing the API in values.yaml */}} +{{- $originalMesh := include "mesh" . | fromYaml }} +{{- $mesh := mergeOverwrite $originalMesh .Values.meshConfig }} + +{{- if .Values.configMap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: + + # Configuration file for the mesh networks to be used by the Split Horizon EDS. + meshNetworks: |- + {{- if .Values.global.meshNetworks }} + networks: +{{ toYaml .Values.global.meshNetworks | trim | indent 6 }} + {{- else }} + networks: {} + {{- end }} + + mesh: |- +{{- if .Values.meshConfig }} +{{ $mesh | toYaml | indent 4 }} +{{- else }} +{{- include "mesh" . }} +{{- end }} +--- +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/deployment.yaml b/resources/v1.27.6/charts/istiod/templates/deployment.yaml new file mode 100644 index 000000000..1b769c6ec --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/deployment.yaml @@ -0,0 +1,312 @@ +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + istio: pilot + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +{{- range $key, $val := .Values.deploymentLabels }} + {{ $key }}: "{{ $val }}" +{{- end }} + {{- if .Values.deploymentAnnotations }} + annotations: +{{ toYaml .Values.deploymentAnnotations | indent 4 }} + {{- end }} +spec: +{{- if not .Values.autoscaleEnabled }} +{{- if .Values.replicaCount }} + replicas: {{ .Values.replicaCount }} +{{- end }} +{{- end }} + strategy: + rollingUpdate: + maxSurge: {{ .Values.rollingMaxSurge }} + maxUnavailable: {{ .Values.rollingMaxUnavailable }} + selector: + matchLabels: + {{- if ne .Values.revision "" }} + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + {{- else }} + istio: pilot + {{- end }} + template: + metadata: + labels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + sidecar.istio.io/inject: "false" + operator.istio.io/component: "Pilot" + {{- if ne .Values.revision "" }} + istio: istiod + {{- else }} + istio: pilot + {{- end }} + {{- range $key, $val := .Values.podLabels }} + {{ $key }}: "{{ $val }}" + {{- end }} + istio.io/dataplane-mode: none + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 8 }} + annotations: + prometheus.io/port: "15014" + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + {{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} +{{- with .Values.affinity }} + affinity: +{{- toYaml . | nindent 8 }} +{{- end }} + tolerations: + - key: cni.istio.io/not-ready + operator: "Exists" +{{- with .Values.tolerations }} +{{- toYaml . | nindent 8 }} +{{- end }} +{{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: +{{- toYaml . | nindent 8 }} +{{- end }} + serviceAccountName: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} +{{- if .Values.global.priorityClassName }} + priorityClassName: "{{ .Values.global.priorityClassName }}" +{{- end }} +{{- with .Values.initContainers }} + initContainers: + {{- tpl (toYaml .) $ | nindent 8 }} +{{- end }} + containers: + - name: discovery +{{- if contains "/" .Values.image }} + image: "{{ .Values.image }}" +{{- else }} + image: "{{ .Values.hub | default .Values.global.hub }}/{{ .Values.image | default "pilot" }}:{{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}}" +{{- end }} +{{- if .Values.global.imagePullPolicy }} + imagePullPolicy: {{ .Values.global.imagePullPolicy }} +{{- end }} + args: + - "discovery" + - --monitoringAddr=:15014 +{{- if .Values.global.logging.level }} + - --log_output_level={{ .Values.global.logging.level }} +{{- end}} +{{- if .Values.global.logAsJson }} + - --log_as_json +{{- end }} + - --domain + - {{ .Values.global.proxy.clusterDomain }} +{{- if .Values.taint.namespace }} + - --cniNamespace={{ .Values.taint.namespace }} +{{- end }} + - --keepaliveMaxServerConnectionAge + - "{{ .Values.keepaliveMaxServerConnectionAge }}" +{{- if .Values.extraContainerArgs }} + {{- with .Values.extraContainerArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} +{{- end }} + ports: + - containerPort: 8080 + protocol: TCP + name: http-debug + - containerPort: 15010 + protocol: TCP + name: grpc-xds + - containerPort: 15012 + protocol: TCP + name: tls-xds + - containerPort: 15017 + protocol: TCP + name: https-webhooks + - containerPort: 15014 + protocol: TCP + name: http-monitoring + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 1 + periodSeconds: 3 + timeoutSeconds: 5 + env: + - name: REVISION + value: "{{ .Values.revision | default `default` }}" + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.serviceAccountName + - name: KUBECONFIG + value: /var/run/secrets/remote/config + # If you explicitly told us where ztunnel lives, use that. + # Otherwise, assume it lives in our namespace + # Also, check for an explicit ENV override (legacy approach) and prefer that + # if present + {{ $ztTrustedNS := or .Values.trustedZtunnelNamespace .Release.Namespace }} + {{ $ztTrustedName := or .Values.trustedZtunnelName "ztunnel" }} + {{- if not .Values.env.CA_TRUSTED_NODE_ACCOUNTS }} + - name: CA_TRUSTED_NODE_ACCOUNTS + value: "{{ $ztTrustedNS }}/{{ $ztTrustedName }}" + {{- end }} + {{- if .Values.env }} + {{- range $key, $val := .Values.env }} + - name: {{ $key }} + value: "{{ $val }}" + {{- end }} + {{- end }} + {{- with .Values.envVarFrom }} + {{- toYaml . | nindent 10 }} + {{- end }} +{{- if .Values.traceSampling }} + - name: PILOT_TRACE_SAMPLING + value: "{{ .Values.traceSampling }}" +{{- end }} +# If externalIstiod is set via Values.Global, then enable the pilot env variable. However, if it's set via Values.pilot.env, then +# don't set it here to avoid duplication. +# TODO (nshankar13): Move from Helm chart to code: https://github.com/istio/istio/issues/52449 +{{- if and .Values.global.externalIstiod (not (and .Values.env .Values.env.EXTERNAL_ISTIOD)) }} + - name: EXTERNAL_ISTIOD + value: "{{ .Values.global.externalIstiod }}" +{{- end }} +{{- if .Values.global.trustBundleName }} + - name: PILOT_CA_CERT_CONFIGMAP + value: "{{ .Values.global.trustBundleName }}" +{{- end }} + - name: PILOT_ENABLE_ANALYSIS + value: "{{ .Values.global.istiod.enableAnalysis }}" + - name: CLUSTER_ID + value: "{{ $.Values.global.multiCluster.clusterName | default `Kubernetes` }}" + - name: GOMEMLIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: "1" + - name: GOMAXPROCS + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: "1" + - name: PLATFORM + value: "{{ coalesce .Values.global.platform .Values.platform }}" + resources: +{{- if .Values.resources }} +{{ toYaml .Values.resources | trim | indent 12 }} +{{- else }} +{{ toYaml .Values.global.defaultResources | trim | indent 12 }} +{{- end }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL +{{- if .Values.seccompProfile }} + seccompProfile: +{{ toYaml .Values.seccompProfile | trim | indent 14 }} +{{- end }} + volumeMounts: + - name: istio-token + mountPath: /var/run/secrets/tokens + readOnly: true + - name: local-certs + mountPath: /var/run/secrets/istio-dns + - name: cacerts + mountPath: /etc/cacerts + readOnly: true + - name: istio-kubeconfig + mountPath: /var/run/secrets/remote + readOnly: true + {{- if .Values.jwksResolverExtraRootCA }} + - name: extracacerts + mountPath: /cacerts + {{- end }} + - name: istio-csr-dns-cert + mountPath: /var/run/secrets/istiod/tls + readOnly: true + - name: istio-csr-ca-configmap + mountPath: /var/run/secrets/istiod/ca + readOnly: true + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} + volumes: + # Technically not needed on this pod - but it helps debugging/testing SDS + # Should be removed after everything works. + - emptyDir: + medium: Memory + name: local-certs + - name: istio-token + projected: + sources: + - serviceAccountToken: + audience: {{ .Values.global.sds.token.aud }} + expirationSeconds: 43200 + path: istio-token + # Optional: user-generated root + - name: cacerts + secret: + secretName: cacerts + optional: true + - name: istio-kubeconfig + secret: + secretName: istio-kubeconfig + optional: true + # Optional: istio-csr dns pilot certs + - name: istio-csr-dns-cert + secret: + secretName: istiod-tls + optional: true + - name: istio-csr-ca-configmap + {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + optional: true + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + defaultMode: 420 + optional: true + {{- end }} + {{- if .Values.jwksResolverExtraRootCA }} + - name: extracacerts + configMap: + name: pilot-jwks-extra-cacerts{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + {{- end }} + {{- with .Values.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} + +--- +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.27.6/charts/istiod/templates/gateway-class-configmap.yaml new file mode 100644 index 000000000..6b23d716a --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/gateway-class-configmap.yaml @@ -0,0 +1,20 @@ +{{ range $key, $value := .Values.gatewayClasses }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-{{ $.Values.revision | default "default" }}-gatewayclass-{{$key}} + namespace: {{ $.Release.Namespace }} + labels: + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + gateway.istio.io/defaults-for-class: {{$key|quote}} + {{- include "istio.labels" $ | nindent 4 }} +data: +{{ range $kind, $overlay := $value }} + {{$kind}}: | +{{$overlay|toYaml|trim|indent 4}} +{{ end }} +--- +{{ end }} diff --git a/resources/v1.27.6/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.27.6/charts/istiod/templates/istiod-injector-configmap.yaml new file mode 100644 index 000000000..171aff886 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/istiod-injector-configmap.yaml @@ -0,0 +1,81 @@ +{{- if not .Values.global.omitSidecarInjectorConfigMap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +data: +{{/* Scope the values to just top level fields used in the template, to reduce the size. */}} + values: |- +{{ $vals := pick .Values "global" "sidecarInjectorWebhook" "revision" -}} +{{ $pilotVals := pick .Values "cni" "env" -}} +{{ $vals = set $vals "pilot" $pilotVals -}} +{{ $gatewayVals := pick .Values.gateways "securityContext" "seccompProfile" -}} +{{ $vals = set $vals "gateways" $gatewayVals -}} +{{ $vals | toPrettyJson | indent 4 }} + + # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching + # and istiod webhook functionality. + # + # New fields should not use Values - it is a 'primary' config object, users should be able + # to fine tune it or use it with kube-inject. + config: |- + # defaultTemplates defines the default template to use for pods that do not explicitly specify a template + {{- if .Values.sidecarInjectorWebhook.defaultTemplates }} + defaultTemplates: +{{- range .Values.sidecarInjectorWebhook.defaultTemplates}} + - {{ . }} +{{- end }} + {{- else }} + defaultTemplates: [sidecar] + {{- end }} + policy: {{ .Values.global.proxy.autoInject }} + alwaysInjectSelector: +{{ toYaml .Values.sidecarInjectorWebhook.alwaysInjectSelector | trim | indent 6 }} + neverInjectSelector: +{{ toYaml .Values.sidecarInjectorWebhook.neverInjectSelector | trim | indent 6 }} + injectedAnnotations: + {{- range $key, $val := .Values.sidecarInjectorWebhook.injectedAnnotations }} + "{{ $key }}": {{ $val | quote }} + {{- end }} + {{- /* If someone ends up with this new template, but an older Istiod image, they will attempt to render this template + which will fail with "Pod injection failed: template: inject:1: function "Istio_1_9_Required_Template_And_Version_Mismatched" not defined". + This should make it obvious that their installation is broken. + */}} + template: {{ `{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}` | quote }} + templates: +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "sidecar") }} + sidecar: | +{{ .Files.Get "files/injection-template.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "gateway") }} + gateway: | +{{ .Files.Get "files/gateway-injection-template.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-simple") }} + grpc-simple: | +{{ .Files.Get "files/grpc-simple.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "grpc-agent") }} + grpc-agent: | +{{ .Files.Get "files/grpc-agent.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "waypoint") }} + waypoint: | +{{ .Files.Get "files/waypoint.yaml" | trim | indent 8 }} +{{- end }} +{{- if not (hasKey .Values.sidecarInjectorWebhook.templates "kube-gateway") }} + kube-gateway: | +{{ .Files.Get "files/kube-gateway.yaml" | trim | indent 8 }} +{{- end }} +{{- with .Values.sidecarInjectorWebhook.templates }} +{{ toYaml . | trim | indent 6 }} +{{- end }} + +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.27.6/charts/istiod/templates/mutatingwebhook.yaml new file mode 100644 index 000000000..ca017194e --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/mutatingwebhook.yaml @@ -0,0 +1,164 @@ +# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. +{{- /* Core defines the common configuration used by all webhook segments */}} +{{/* Copy just what we need to avoid expensive deepCopy */}} +{{- $whv := dict +"revision" .Values.revision + "injectionPath" .Values.istiodRemote.injectionPath + "injectionURL" .Values.istiodRemote.injectionURL + "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy + "caBundle" .Values.istiodRemote.injectionCABundle + "namespace" .Release.Namespace }} +{{- define "core" }} +{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign +a unique prefix to each. */}} +- name: {{.Prefix}}sidecar-injector.istio.io + clientConfig: + {{- if .injectionURL }} + url: "{{ .injectionURL }}" + {{- else }} + service: + name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} + namespace: {{ .namespace }} + path: "{{ .injectionPath }}" + port: 443 + {{- end }} + {{- if .caBundle }} + caBundle: "{{ .caBundle }}" + {{- end }} + sideEffects: None + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + failurePolicy: Fail + reinvocationPolicy: "{{ .reinvocationPolicy }}" + admissionReviewVersions: ["v1"] +{{- end }} +{{- /* Installed for each revision - not installed for cluster resources ( cluster roles, bindings, crds) */}} +{{- if not .Values.global.operatorManageWebhooks }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: +{{- if eq .Release.Namespace "istio-system"}} + name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} +{{- else }} + name: istio-sidecar-injector{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +{{- end }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: sidecar-injector + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +{{- if $.Values.sidecarInjectorWebhookAnnotations }} + annotations: +{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} +{{- end }} +webhooks: +{{- /* Set up the selectors. First section is for revision, rest is for "default" revision */}} + +{{- /* Case 1: namespace selector matches, and object doesn't disable */}} +{{- /* Note: if both revision and legacy selector, we give precedence to the legacy one */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: No namespace selector, but object selects our revision (and doesn't disable) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: DoesNotExist + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} + + +{{- /* Webhooks for default revision */}} +{{- if (eq .Values.revision "") }} + +{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: In + values: + - enabled + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: In + values: + - "true" + - key: istio.io/rev + operator: DoesNotExist + +{{- if .Values.sidecarInjectorWebhook.enableNamespacesByDefault }} +{{- /* Special case 3: no labels at all */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + - key: "kubernetes.io/metadata.name" + operator: "NotIn" + values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist +{{- end }} + +{{- end }} +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.27.6/charts/istiod/templates/poddisruptionbudget.yaml new file mode 100644 index 000000000..d21cd919d --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/poddisruptionbudget.yaml @@ -0,0 +1,36 @@ +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +{{- if .Values.global.defaultPodDisruptionBudget.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + labels: + app: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + release: {{ .Release.Name }} + istio: pilot + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + {{- if and .Values.pdb.minAvailable (not (hasKey .Values.pdb "maxUnavailable")) }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- else if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + {{- if .Values.pdb.unhealthyPodEvictionPolicy }} + unhealthyPodEvictionPolicy: {{ .Values.pdb.unhealthyPodEvictionPolicy }} + {{- end }} + selector: + matchLabels: + app: istiod + {{- if ne .Values.revision "" }} + istio.io/rev: {{ .Values.revision | quote }} + {{- else }} + istio: pilot + {{- end }} +--- +{{- end }} +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.27.6/charts/istiod/templates/reader-clusterrole.yaml new file mode 100644 index 000000000..dbaa80503 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/reader-clusterrole.yaml @@ -0,0 +1,62 @@ +{{ $mcsAPIGroup := or .Values.env.MCS_API_GROUP "multicluster.x-k8s.io" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istio-reader + release: {{ .Release.Name }} + app.kubernetes.io/name: "istio-reader" + {{- include "istio.labels" . | nindent 4 }} +rules: + - apiGroups: + - "config.istio.io" + - "security.istio.io" + - "networking.istio.io" + - "authentication.istio.io" + - "rbac.istio.io" + - "telemetry.istio.io" + - "extensions.istio.io" + resources: ["*"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.istio.io"] + verbs: [ "get", "watch", "list" ] + resources: [ "workloadentries" ] + - apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] + resources: ["gateways"] + verbs: ["get", "watch", "list"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceexports"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: ["{{ $mcsAPIGroup }}"] + resources: ["serviceimports"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] + - apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +{{- if .Values.istiodRemote.enabled }} + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "get", "list", "watch", "update"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update"] +{{- end}} diff --git a/resources/v1.27.6/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.27.6/charts/istiod/templates/reader-clusterrolebinding.yaml new file mode 100644 index 000000000..aea9f01f7 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/reader-clusterrolebinding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} + labels: + app: istio-reader + release: {{ .Release.Name }} + app.kubernetes.io/name: "istio-reader" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-reader-clusterrole{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }}-{{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: istio-reader-service-account + namespace: {{ .Values.global.istioNamespace }} diff --git a/resources/v1.27.6/charts/istiod/templates/remote-istiod-endpoints.yaml b/resources/v1.27.6/charts/istiod/templates/remote-istiod-endpoints.yaml new file mode 100644 index 000000000..f13b8ce9a --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/remote-istiod-endpoints.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.global.remotePilotAddress .Values.istiodRemote.enabled }} +# if the remotePilotAddress is an IP addr +{{- if regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress }} +apiVersion: v1 +kind: Endpoints +metadata: + {{- if .Values.istiodRemote.enabledLocalInjectorIstiod }} + # This file is only used for remote `istiod` installs. + # only primary `istiod` to xds and local `istiod` injection installs. + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }}-remote + {{- else }} + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} + {{- end }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +subsets: +- addresses: + - ip: {{ .Values.global.remotePilotAddress }} + ports: + - port: 15012 + name: tcp-istiod + protocol: TCP + - port: 15017 + name: tcp-webhook + protocol: TCP +--- +{{- end }} +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.27.6/charts/istiod/templates/remote-istiod-service.yaml new file mode 100644 index 000000000..0a48b9918 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/remote-istiod-service.yaml @@ -0,0 +1,41 @@ +# This file is only used for remote +{{- if and .Values.global.remotePilotAddress .Values.istiodRemote.enabled }} +apiVersion: v1 +kind: Service +metadata: + {{- if .Values.istiodRemote.enabledLocalInjectorIstiod }} + # only primary `istiod` to xds and local `istiod` injection installs. + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }}-remote + {{- else }} + name: istiod{{- if .Values.revision }}-{{ .Values.revision}}{{- end }} + {{- end }} + namespace: {{ .Release.Namespace }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + app.kubernetes.io/name: "istiod" + {{ include "istio.labels" . | nindent 4 }} +spec: + ports: + - port: 15012 + name: tcp-istiod + protocol: TCP + - port: 443 + targetPort: 15017 + name: tcp-webhook + protocol: TCP + {{- if and .Values.global.remotePilotAddress (not (regexMatch "^([0-9]*\\.){3}[0-9]*$" .Values.global.remotePilotAddress)) }} + # if the remotePilotAddress is not an IP addr, we use ExternalName + type: ExternalName + externalName: {{ .Values.global.remotePilotAddress }} + {{- end }} +{{- if .Values.global.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.global.ipFamilyPolicy }} +{{- end }} +{{- if .Values.global.ipFamilies }} + ipFamilies: +{{- range .Values.global.ipFamilies }} + - {{ . }} +{{- end }} +{{- end }} +--- +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/revision-tags.yaml b/resources/v1.27.6/charts/istiod/templates/revision-tags.yaml new file mode 100644 index 000000000..06764a826 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/revision-tags.yaml @@ -0,0 +1,149 @@ +# Adapted from istio-discovery/templates/mutatingwebhook.yaml +# Removed paths for legacy and default selectors since a revision tag +# is inherently created from a specific revision +# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. +{{- $whv := dict +"revision" .Values.revision + "injectionPath" .Values.istiodRemote.injectionPath + "injectionURL" .Values.istiodRemote.injectionURL + "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy + "caBundle" .Values.istiodRemote.injectionCABundle + "namespace" .Release.Namespace }} +{{- define "core" }} +{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign +a unique prefix to each. */}} +- name: {{.Prefix}}sidecar-injector.istio.io + clientConfig: + {{- if .injectionURL }} + url: "{{ .injectionURL }}" + {{- else }} + service: + name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} + namespace: {{ .namespace }} + path: "{{ .injectionPath }}" + port: 443 + {{- end }} + sideEffects: None + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + failurePolicy: Fail + reinvocationPolicy: "{{ .reinvocationPolicy }}" + admissionReviewVersions: ["v1"] +{{- end }} +{{- range $tagName := $.Values.revisionTags }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: +{{- if eq $.Release.Namespace "istio-system"}} + name: istio-revision-tag-{{ $tagName }} +{{- else }} + name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} +{{- end }} + labels: + istio.io/tag: {{ $tagName }} + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: sidecar-injector + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" $ | nindent 4 }} +{{- if $.Values.sidecarInjectorWebhookAnnotations }} + annotations: +{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} +{{- end }} +webhooks: +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: DoesNotExist + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + +{{- /* When the tag is "default" we want to create webhooks for the default revision */}} +{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} +{{- if (eq $tagName "default") }} + +{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: In + values: + - enabled + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: In + values: + - "true" + - key: istio.io/rev + operator: DoesNotExist + +{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} +{{- /* Special case 3: no labels at all */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + - key: "kubernetes.io/metadata.name" + operator: "NotIn" + values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist +{{- end }} + +{{- end }} +--- +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/role.yaml b/resources/v1.27.6/charts/istiod/templates/role.yaml new file mode 100644 index 000000000..bbcfbe435 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/role.yaml @@ -0,0 +1,35 @@ +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +rules: +# permissions to verify the webhook is ready and rejecting +# invalid config. We use --server-dry-run so no config is persisted. +- apiGroups: ["networking.istio.io"] + verbs: ["create"] + resources: ["gateways"] + +# For storing CA secret +- apiGroups: [""] + resources: ["secrets"] + # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config + verbs: ["create", "get", "watch", "list", "update", "delete"] + +# For status controller, so it can delete the distribution report configmap +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["delete"] + +# For gateway deployment controller +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "update", "patch", "create"] +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/rolebinding.yaml b/resources/v1.27.6/charts/istiod/templates/rolebinding.yaml new file mode 100644 index 000000000..0c66b38a7 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/rolebinding.yaml @@ -0,0 +1,21 @@ +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istiod{{- if not (eq .Values.revision "")}}-{{ .Values.revision }}{{- end }} +subjects: + - kind: ServiceAccount + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/service.yaml b/resources/v1.27.6/charts/istiod/templates/service.yaml new file mode 100644 index 000000000..25bda4dfd --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/service.yaml @@ -0,0 +1,57 @@ +# Not created if istiod is running remotely +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled .Values.istiodRemote.enabledLocalInjectorIstiod) }} +apiVersion: v1 +kind: Service +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Release.Namespace }} + {{- if .Values.serviceAnnotations }} + annotations: +{{ toYaml .Values.serviceAnnotations | indent 4 }} + {{- end }} + labels: + istio.io/rev: {{ .Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: istiod + istio: pilot + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + ports: + - port: 15010 + name: grpc-xds # plaintext + protocol: TCP + - port: 15012 + name: https-dns # mTLS with k8s-signed cert + protocol: TCP + - port: 443 + name: https-webhook # validation and injection + targetPort: 15017 + protocol: TCP + - port: 15014 + name: http-monitoring # prometheus stats + protocol: TCP + selector: + app: istiod + {{- if ne .Values.revision "" }} + istio.io/rev: {{ .Values.revision | quote }} + {{- else }} + # Label used by the 'default' service. For versioned deployments we match with app and version. + # This avoids default deployment picking the canary + istio: pilot + {{- end }} + {{- if .Values.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.ipFamilyPolicy }} + {{- end }} + {{- if .Values.ipFamilies }} + ipFamilies: + {{- range .Values.ipFamilies }} + - {{ . }} + {{- end }} + {{- end }} + {{- if .Values.trafficDistribution }} + trafficDistribution: {{ .Values.trafficDistribution }} + {{- end }} +--- +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/serviceaccount.yaml b/resources/v1.27.6/charts/istiod/templates/serviceaccount.yaml new file mode 100644 index 000000000..8b4a0c0fa --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/serviceaccount.yaml @@ -0,0 +1,24 @@ +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +apiVersion: v1 +kind: ServiceAccount + {{- if .Values.global.imagePullSecrets }} +imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +metadata: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} + {{- if .Values.serviceAccountAnnotations }} + annotations: +{{- toYaml .Values.serviceAccountAnnotations | nindent 4 }} + {{- end }} +{{- end }} +--- diff --git a/resources/v1.27.6/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.27.6/charts/istiod/templates/validatingadmissionpolicy.yaml new file mode 100644 index 000000000..8562a52d5 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/validatingadmissionpolicy.yaml @@ -0,0 +1,63 @@ +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +{{- if .Values.experimental.stableValidationPolicy }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicy +metadata: + name: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" + labels: + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +spec: + failurePolicy: Fail + matchConstraints: + resourceRules: + - apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: ["*"] + operations: ["CREATE", "UPDATE"] + resources: ["*"] + objectSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} + variables: + - name: isEnvoyFilter + expression: "object.kind == 'EnvoyFilter'" + - name: isWasmPlugin + expression: "object.kind == 'WasmPlugin'" + - name: isProxyConfig + expression: "object.kind == 'ProxyConfig'" + - name: isTelemetry + expression: "object.kind == 'Telemetry'" + validations: + - expression: "!variables.isEnvoyFilter" + - expression: "!variables.isWasmPlugin" + - expression: "!variables.isProxyConfig" + - expression: | + !( + variables.isTelemetry && ( + (has(object.spec.tracing) ? object.spec.tracing : {}).exists(t, has(t.useRequestIdForTraceSampling)) || + (has(object.spec.metrics) ? object.spec.metrics : {}).exists(m, has(m.reportingInterval)) || + (has(object.spec.accessLogging) ? object.spec.accessLogging : {}).exists(l, has(l.filter)) + ) + ) +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingAdmissionPolicyBinding +metadata: + name: "stable-channel-policy-binding{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" +spec: + policyName: "stable-channel-policy{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }}.istio.io" + validationActions: [Deny] +{{- end }} +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.27.6/charts/istiod/templates/validatingwebhookconfiguration.yaml new file mode 100644 index 000000000..b49bf7faf --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/validatingwebhookconfiguration.yaml @@ -0,0 +1,68 @@ +# Created if this is not a remote istiod, OR if it is and is also a config cluster +{{- if or (not .Values.istiodRemote.enabled) (and .Values.istiodRemote.enabled (or .Values.global.configCluster .Values.istiodRemote.enabledLocalInjectorIstiod)) }} +{{- if .Values.global.configValidation }} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: istio-validator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}-{{ .Values.global.istioNamespace }} + labels: + app: istiod + release: {{ .Release.Name }} + istio: istiod + istio.io/rev: {{ .Values.revision | default "default" | quote }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" . | nindent 4 }} +webhooks: + # Webhook handling per-revision validation. Mostly here so we can determine whether webhooks + # are rejecting invalid configs on a per-revision basis. + - name: rev.validation.istio.io + clientConfig: + # Should change from base but cannot for API compat + {{- if .Values.base.validationURL }} + url: {{ .Values.base.validationURL }} + {{- else }} + service: + name: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }} + namespace: {{ .Values.global.istioNamespace }} + path: "/validate" + {{- end }} + {{- if .Values.base.validationCABundle }} + caBundle: "{{ .Values.base.validationCABundle }}" + {{- end }} + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - security.istio.io + - networking.istio.io + - telemetry.istio.io + - extensions.istio.io + apiVersions: + - "*" + resources: + - "*" + {{- if .Values.base.validationCABundle }} + # Disable webhook controller in Pilot to stop patching it + failurePolicy: Fail + {{- else }} + # Fail open until the validation webhook is ready. The webhook controller + # will update this to `Fail` and patch in the `caBundle` when the webhook + # endpoint is ready. + failurePolicy: Ignore + {{- end }} + sideEffects: None + admissionReviewVersions: ["v1"] + objectSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + {{- if (eq .Values.revision "") }} + - "default" + {{- else }} + - "{{ .Values.revision }}" + {{- end }} +--- +{{- end }} +{{- end }} diff --git a/resources/v1.27.6/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.27.6/charts/istiod/templates/zzy_descope_legacy.yaml new file mode 100644 index 000000000..ae8fced29 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/templates/zzy_descope_legacy.yaml @@ -0,0 +1,3 @@ +{{/* Copy anything under `.pilot` to `.`, to avoid the need to specify a redundant prefix. +Due to the file naming, this always happens after zzz_profile.yaml */}} +{{- $_ := mustMergeOverwrite $.Values (index $.Values "pilot") }} \ No newline at end of file diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/zzz_profile.yaml b/resources/v1.27.6/charts/istiod/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/zzz_profile.yaml rename to resources/v1.27.6/charts/istiod/templates/zzz_profile.yaml diff --git a/resources/v1.27.6/charts/istiod/values.yaml b/resources/v1.27.6/charts/istiod/values.yaml new file mode 100644 index 000000000..ccfcaa552 --- /dev/null +++ b/resources/v1.27.6/charts/istiod/values.yaml @@ -0,0 +1,569 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + autoscaleEnabled: true + autoscaleMin: 1 + autoscaleMax: 5 + autoscaleBehavior: {} + replicaCount: 1 + rollingMaxSurge: 100% + rollingMaxUnavailable: 25% + + hub: "" + tag: "" + variant: "" + + # Can be a full hub/image:tag + image: pilot + traceSampling: 1.0 + + # Resources for a small pilot install + resources: + requests: + cpu: 500m + memory: 2048Mi + + # Set to `type: RuntimeDefault` to use the default profile if available. + seccompProfile: {} + + # Whether to use an existing CNI installation + cni: + enabled: false + provider: default + + # Additional container arguments + extraContainerArgs: [] + + env: {} + + envVarFrom: [] + + # Settings related to the untaint controller + # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready + # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes + taint: + # Controls whether or not the untaint controller is active + enabled: false + # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod + namespace: "" + + affinity: {} + + tolerations: [] + + cpu: + targetAverageUtilization: 80 + memory: {} + # targetAverageUtilization: 80 + + # Additional volumeMounts to the istiod container + volumeMounts: [] + + # Additional volumes to the istiod pod + volumes: [] + + # Inject initContainers into the istiod pod + initContainers: [] + + nodeSelector: {} + podAnnotations: {} + serviceAnnotations: {} + serviceAccountAnnotations: {} + sidecarInjectorWebhookAnnotations: {} + + topologySpreadConstraints: [] + + # You can use jwksResolverExtraRootCA to provide a root certificate + # in PEM format. This will then be trusted by pilot when resolving + # JWKS URIs. + jwksResolverExtraRootCA: "" + + # The following is used to limit how long a sidecar can be connected + # to a pilot. It balances out load across pilot instances at the cost of + # increasing system churn. + keepaliveMaxServerConnectionAge: 30m + + # Additional labels to apply to the deployment. + deploymentLabels: {} + + # Annotations to apply to the istiod deployment. + deploymentAnnotations: {} + + ## Mesh config settings + + # Install the mesh config map, generated from values.yaml. + # If false, pilot wil use default values (by default) or user-supplied values. + configMap: true + + # Additional labels to apply on the pod level for monitoring and logging configuration. + podLabels: {} + + # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ipFamilyPolicy: "" + ipFamilies: [] + + # Ambient mode only. + # Set this if you install ztunnel to a different namespace from `istiod`. + # If set, `istiod` will allow connections from trusted node proxy ztunnels + # in the provided namespace. + # If unset, `istiod` will assume the trusted node proxy ztunnel resides + # in the same namespace as itself. + trustedZtunnelNamespace: "" + # Set this if you install ztunnel with a name different from the default. + trustedZtunnelName: "" + + sidecarInjectorWebhook: + # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or + # always skip the injection on pods that match that label selector, regardless of the global policy. + # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions + neverInjectSelector: [] + alwaysInjectSelector: [] + + # injectedAnnotations are additional annotations that will be added to the pod spec after injection + # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: + # + # annotations: + # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default + # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default + # + # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before + # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: + # injectedAnnotations: + # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default + # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default + injectedAnnotations: {} + + # This enables injection of sidecar in all namespaces, + # with the exception of namespaces with "istio-injection:disabled" annotation + # Only one environment should have this enabled. + enableNamespacesByDefault: false + + # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run + # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. + # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. + reinvocationPolicy: Never + + rewriteAppHTTPProbe: true + + # Templates defines a set of custom injection templates that can be used. For example, defining: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod + # being injected with the hello=world labels. + # This is intended for advanced configuration only; most users should use the built in template + templates: {} + + # Default templates specifies a set of default templates that are used in sidecar injection. + # By default, a template `sidecar` is always provided, which contains the template of default sidecar. + # To inject other additional templates, define it using the `templates` option, and add it to + # the default templates list. + # For example: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # defaultTemplates: ["sidecar", "hello"] + defaultTemplates: [] + istiodRemote: + # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, + # and istiod itself will NOT be installed in this cluster - only the support resources necessary + # to utilize a remote instance. + enabled: false + + # If `true`, indicates that this cluster/install should consume a "local istiod" installation, + # local istiod inject sidecars + enabledLocalInjectorIstiod: false + + # Sidecar injector mutating webhook configuration clientConfig.url value. + # For example: https://$remotePilotAddress:15017/inject + # The host should not refer to a service running in the cluster; use a service reference by specifying + # the clientConfig.service field instead. + injectionURL: "" + + # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. + # Override to pass env variables, for example: /inject/cluster/remote/net/network2 + injectionPath: "/inject" + + injectionCABundle: "" + telemetry: + enabled: true + v2: + # For Null VM case now. + # This also enables metadata exchange. + enabled: true + # Indicate if prometheus stats filter is enabled or not + prometheus: + enabled: true + # stackdriver filter settings. + stackdriver: + enabled: false + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + revision: "" + + # Revision tags are aliases to Istio control plane revisions + revisionTags: [] + + # For Helm compatibility. + ownerName: "" + + # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior + # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options + meshConfig: + enablePrometheusMerge: true + + experimental: + stableValidationPolicy: false + + global: + # Used to locate istiod. + istioNamespace: istio-system + # List of cert-signers to allow "approve" action in the istio cluster role + # + # certSigners: + # - clusterissuers.cert-manager.io/istio-ca + certSigners: [] + # enable pod disruption budget for the control plane, which is used to + # ensure Istio control plane components are gradually upgraded or recovered. + defaultPodDisruptionBudget: + enabled: true + # The values aren't mutable due to a current PodDisruptionBudget limitation + # minAvailable: 1 + + # A minimal set of requested resources to applied to all deployments so that + # Horizontal Pod Autoscaler will be able to function (if set). + # Each component can overwrite these default values by adding its own resources + # block in the relevant section below and setting the desired resources values. + defaultResources: + requests: + cpu: 10m + # memory: 128Mi + # limits: + # cpu: 100m + # memory: 128Mi + + # Default hub for Istio images. + # Releases are published to docker hub under 'istio' project. + # Dev builds from prow are on gcr.io + hub: gcr.io/istio-release + # Default tag for Istio images. + tag: 1.27.6 + # Variant of the image to use. + # Currently supported are: [debug, distroless] + variant: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent. + imagePullPolicy: "" + + # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) + # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + # - private-registry-key + + # Enabled by default in master for maximising testing. + istiod: + enableAnalysis: false + + # To output all istio components logs in json format by adding --log_as_json argument to each container argument + logAsJson: false + + # In order to use native nftable rules instead of iptable rules, set this flag to true. + nativeNftables: false + + # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: + # The control plane has different scopes depending on component, but can configure default log level across all components + # If empty, default scope and level will be used as configured in code + logging: + level: "default:info" + + omitSidecarInjectorConfigMap: false + + # Configure whether Operator manages webhook configurations. The current behavior + # of Istiod is to manage its own webhook configurations. + # When this option is set as true, Istio Operator, instead of webhooks, manages the + # webhook configurations. When this option is set as false, webhooks manage their + # own webhook configurations. + operatorManageWebhooks: false + + # Custom DNS config for the pod to resolve names of services in other + # clusters. Use this to add additional search domains, and other settings. + # see + # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config + # This does not apply to gateway pods as they typically need a different + # set of DNS settings than the normal application pods (e.g., in + # multicluster scenarios). + # NOTE: If using templates, follow the pattern in the commented example below. + #podDNSSearchNamespaces: + #- global + #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" + + # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and + # system-node-critical, it is better to configure this in order to make sure your Istio pods + # will not be killed because of low priority class. + # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + # for more detail. + priorityClassName: "" + + proxy: + image: proxyv2 + + # This controls the 'policy' in the sidecar injector. + autoInject: enabled + + # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value + # cluster domain. Default value is "cluster.local". + clusterDomain: "cluster.local" + + # Per Component log level for proxy, applies to gateways and sidecars. If a component level is + # not set, then the global "logLevel" will be used. + componentLogLevel: "misc:error" + + # istio ingress capture allowlist + # examples: + # Redirect only selected ports: --includeInboundPorts="80,8080" + excludeInboundPorts: "" + includeInboundPorts: "*" + + # istio egress capture allowlist + # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly + # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" + # would only capture egress traffic on those two IP Ranges, all other outbound traffic would + # be allowed by the sidecar + includeIPRanges: "*" + excludeIPRanges: "" + includeOutboundPorts: "" + excludeOutboundPorts: "" + + # Log level for proxy, applies to gateways and sidecars. + # Expected values are: trace|debug|info|warning|error|critical|off + logLevel: warning + + # Specify the path to the outlier event log. + # Example: /dev/stdout + outlierLogPath: "" + + #If set to true, istio-proxy container will have privileged securityContext + privileged: false + + # The number of successive failed probes before indicating readiness failure. + readinessFailureThreshold: 4 + + # The initial delay for readiness probes in seconds. + readinessInitialDelaySeconds: 0 + + # The period between readiness probes. + readinessPeriodSeconds: 15 + + # Enables or disables a startup probe. + # For optimal startup times, changing this should be tied to the readiness probe values. + # + # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. + # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), + # and doesn't spam the readiness endpoint too much + # + # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. + # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. + startupProbe: + enabled: true + failureThreshold: 600 # 10 minutes + + # Resources for the sidecar. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 2000m + memory: 1024Mi + + # Default port for Pilot agent health checks. A value of 0 will disable health checking. + statusPort: 15020 + + # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. + # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. + tracer: "none" + + proxy_init: + # Base name for the proxy_init container, used to configure iptables. + image: proxyv2 + # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. + # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. + forceApplyIptables: false + + # configure remote pilot and istiod service and endpoint + remotePilotAddress: "" + + ############################################################################################## + # The following values are found in other charts. To effectively modify these values, make # + # make sure they are consistent across your Istio helm charts # + ############################################################################################## + + # The customized CA address to retrieve certificates for the pods in the cluster. + # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. + # If not set explicitly, default to the Istio discovery address. + caAddress: "" + + # Enable control of remote clusters. + externalIstiod: false + + # Configure a remote cluster as the config cluster for an external istiod. + configCluster: false + + # configValidation enables the validation webhook for Istio configuration. + configValidation: true + + # Mesh ID means Mesh Identifier. It should be unique within the scope where + # meshes will interact with each other, but it is not required to be + # globally/universally unique. For example, if any of the following are true, + # then two meshes must have different Mesh IDs: + # - Meshes will have their telemetry aggregated in one place + # - Meshes will be federated together + # - Policy will be written referencing one mesh from the other + # + # If an administrator expects that any of these conditions may become true in + # the future, they should ensure their meshes have different Mesh IDs + # assigned. + # + # Within a multicluster mesh, each cluster must be (manually or auto) + # configured to have the same Mesh ID value. If an existing cluster 'joins' a + # multicluster mesh, it will need to be migrated to the new mesh ID. Details + # of migration TBD, and it may be a disruptive operation to change the Mesh + # ID post-install. + # + # If the mesh admin does not specify a value, Istio will use the value of the + # mesh's Trust Domain. The best practice is to select a proper Trust Domain + # value. + meshID: "" + + # Configure the mesh networks to be used by the Split Horizon EDS. + # + # The following example defines two networks with different endpoints association methods. + # For `network1` all endpoints that their IP belongs to the provided CIDR range will be + # mapped to network1. The gateway for this network example is specified by its public IP + # address and port. + # The second network, `network2`, in this example is defined differently with all endpoints + # retrieved through the specified Multi-Cluster registry being mapped to network2. The + # gateway is also defined differently with the name of the gateway service on the remote + # cluster. The public IP for the gateway will be determined from that remote service (only + # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, + # it still need to be configured manually). + # + # meshNetworks: + # network1: + # endpoints: + # - fromCidr: "192.168.0.1/24" + # gateways: + # - address: 1.1.1.1 + # port: 80 + # network2: + # endpoints: + # - fromRegistry: reg1 + # gateways: + # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local + # port: 443 + # + meshNetworks: {} + + # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. + mountMtlsCerts: false + + multiCluster: + # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection + # to properly label proxies + clusterName: "" + + # Network defines the network this cluster belong to. This name + # corresponds to the networks in the map of mesh networks. + network: "" + + # Configure the certificate provider for control plane communication. + # Currently, two providers are supported: "kubernetes" and "istiod". + # As some platforms may not have kubernetes signing APIs, + # Istiod is the default + pilotCertProvider: istiod + + sds: + # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. + # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the + # JWT is intended for the CA. + token: + aud: istio-ca + + sts: + # The service port used by Security Token Service (STS) server to handle token exchange requests. + # Setting this port to a non-zero value enables STS server. + servicePort: 0 + + # The name of the CA for workload certificates. + # For example, when caName=GkeWorkloadCertificate, GKE workload certificates + # will be used as the certificates for workloads. + # The default value is "" and when caName="", the CA will be configured by other + # mechanisms (e.g., environmental variable CA_PROVIDER). + caName: "" + + waypoint: + # Resources for the waypoint proxy. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: "2" + memory: 1Gi + + # If specified, affinity defines the scheduling constraints of waypoint pods. + affinity: {} + + # Topology Spread Constraints for the waypoint proxy. + topologySpreadConstraints: [] + + # Node labels for the waypoint proxy. + nodeSelector: {} + + # Tolerations for the waypoint proxy. + tolerations: [] + + base: + # For istioctl usage to disable istio config crds in base + enableIstioConfigCRDs: true + + # Gateway Settings + gateways: + # Define the security context for the pod. + # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. + # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. + securityContext: {} + + # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it + seccompProfile: {} + + # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. + # For example: + # gatewayClasses: + # istio: + # service: + # spec: + # type: ClusterIP + # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. + gatewayClasses: {} + + pdb: + # -- Minimum available pods set in PodDisruptionBudget. + # Define either 'minAvailable' or 'maxUnavailable', never both. + minAvailable: 1 + # -- Maximum unavailable pods set in PodDisruptionBudget. If set, 'minAvailable' is ignored. + # maxUnavailable: 1 + # -- Eviction policy for unhealthy pods guarded by PodDisruptionBudget. + # Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ + unhealthyPodEvictionPolicy: "" diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/Chart.yaml b/resources/v1.27.6/charts/revisiontags/Chart.yaml similarity index 71% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/Chart.yaml rename to resources/v1.27.6/charts/revisiontags/Chart.yaml index 02b53e619..2473cf016 100644 --- a/resources/v1.30-alpha.0a346609/charts/revisiontags/Chart.yaml +++ b/resources/v1.27.6/charts/revisiontags/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a +appVersion: 1.27.6 description: Helm chart for istio revision tags name: revisiontags sources: diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.27.6/charts/revisiontags/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-ambient.yaml rename to resources/v1.27.6/charts/revisiontags/files/profile-ambient.yaml diff --git a/resources/v1.27.6/charts/revisiontags/files/profile-compatibility-version-1.24.yaml b/resources/v1.27.6/charts/revisiontags/files/profile-compatibility-version-1.24.yaml new file mode 100644 index 000000000..4f3dbef7e --- /dev/null +++ b/resources/v1.27.6/charts/revisiontags/files/profile-compatibility-version-1.24.yaml @@ -0,0 +1,15 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + PILOT_ENABLE_IP_AUTOALLOCATE: "false" + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + dnsCapture: false + reconcileIptablesOnStartup: false + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.6/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.27.6/charts/revisiontags/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 000000000..b2f45948c --- /dev/null +++ b/resources/v1.27.6/charts/revisiontags/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.6/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.27.6/charts/revisiontags/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 000000000..af1069732 --- /dev/null +++ b/resources/v1.27.6/charts/revisiontags/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" \ No newline at end of file diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-demo.yaml b/resources/v1.27.6/charts/revisiontags/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-demo.yaml rename to resources/v1.27.6/charts/revisiontags/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.27.6/charts/revisiontags/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-gke.yaml rename to resources/v1.27.6/charts/revisiontags/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.27.6/charts/revisiontags/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-k3d.yaml rename to resources/v1.27.6/charts/revisiontags/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.27.6/charts/revisiontags/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-k3s.yaml rename to resources/v1.27.6/charts/revisiontags/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.27.6/charts/revisiontags/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-microk8s.yaml rename to resources/v1.27.6/charts/revisiontags/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.27.6/charts/revisiontags/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-minikube.yaml rename to resources/v1.27.6/charts/revisiontags/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.27.6/charts/revisiontags/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-platform-openshift.yaml rename to resources/v1.27.6/charts/revisiontags/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-preview.yaml b/resources/v1.27.6/charts/revisiontags/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-preview.yaml rename to resources/v1.27.6/charts/revisiontags/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-remote.yaml b/resources/v1.27.6/charts/revisiontags/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-remote.yaml rename to resources/v1.27.6/charts/revisiontags/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-stable.yaml b/resources/v1.27.6/charts/revisiontags/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-stable.yaml rename to resources/v1.27.6/charts/revisiontags/files/profile-stable.yaml diff --git a/resources/v1.27.6/charts/revisiontags/templates/revision-tags.yaml b/resources/v1.27.6/charts/revisiontags/templates/revision-tags.yaml new file mode 100644 index 000000000..06764a826 --- /dev/null +++ b/resources/v1.27.6/charts/revisiontags/templates/revision-tags.yaml @@ -0,0 +1,149 @@ +# Adapted from istio-discovery/templates/mutatingwebhook.yaml +# Removed paths for legacy and default selectors since a revision tag +# is inherently created from a specific revision +# TODO BML istiodRemote.injectionURL is invalid to set if `istiodRemote.enabled` is false, we should express that. +{{- $whv := dict +"revision" .Values.revision + "injectionPath" .Values.istiodRemote.injectionPath + "injectionURL" .Values.istiodRemote.injectionURL + "reinvocationPolicy" .Values.sidecarInjectorWebhook.reinvocationPolicy + "caBundle" .Values.istiodRemote.injectionCABundle + "namespace" .Release.Namespace }} +{{- define "core" }} +{{- /* Kubernetes unfortunately requires a unique name for the webhook in some newer versions, so we assign +a unique prefix to each. */}} +- name: {{.Prefix}}sidecar-injector.istio.io + clientConfig: + {{- if .injectionURL }} + url: "{{ .injectionURL }}" + {{- else }} + service: + name: istiod{{- if not (eq .revision "") }}-{{ .revision }}{{- end }} + namespace: {{ .namespace }} + path: "{{ .injectionPath }}" + port: 443 + {{- end }} + sideEffects: None + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + failurePolicy: Fail + reinvocationPolicy: "{{ .reinvocationPolicy }}" + admissionReviewVersions: ["v1"] +{{- end }} +{{- range $tagName := $.Values.revisionTags }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: +{{- if eq $.Release.Namespace "istio-system"}} + name: istio-revision-tag-{{ $tagName }} +{{- else }} + name: istio-revision-tag-{{ $tagName }}-{{ $.Release.Namespace }} +{{- end }} + labels: + istio.io/tag: {{ $tagName }} + istio.io/rev: {{ $.Values.revision | default "default" | quote }} + operator.istio.io/component: "Pilot" + app: sidecar-injector + release: {{ $.Release.Name }} + app.kubernetes.io/name: "istiod" + {{- include "istio.labels" $ | nindent 4 }} +{{- if $.Values.sidecarInjectorWebhookAnnotations }} + annotations: +{{ toYaml $.Values.sidecarInjectorWebhookAnnotations | indent 4 }} +{{- end }} +webhooks: +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "rev.object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio.io/rev + operator: DoesNotExist + - key: istio-injection + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + - key: istio.io/rev + operator: In + values: + - "{{ $tagName }}" + +{{- /* When the tag is "default" we want to create webhooks for the default revision */}} +{{- /* These webhooks should be kept in sync with istio-discovery/templates/mutatingwebhook.yaml */}} +{{- if (eq $tagName "default") }} + +{{- /* Case 1: Namespace selector enabled, and object selector is not injected */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "namespace.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: In + values: + - enabled + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: NotIn + values: + - "false" + +{{- /* Case 2: no namespace label, but object selector is enabled (and revision label is not, which has priority) */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "object.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: In + values: + - "true" + - key: istio.io/rev + operator: DoesNotExist + +{{- if $.Values.sidecarInjectorWebhook.enableNamespacesByDefault }} +{{- /* Special case 3: no labels at all */}} +{{- include "core" (mergeOverwrite (deepCopy $whv) (dict "Prefix" "auto.") ) }} + namespaceSelector: + matchExpressions: + - key: istio-injection + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist + - key: "kubernetes.io/metadata.name" + operator: "NotIn" + values: ["kube-system","kube-public","kube-node-lease","local-path-storage"] + objectSelector: + matchExpressions: + - key: sidecar.istio.io/inject + operator: DoesNotExist + - key: istio.io/rev + operator: DoesNotExist +{{- end }} + +{{- end }} +--- +{{- end }} diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.27.6/charts/revisiontags/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/templates/zzz_profile.yaml rename to resources/v1.27.6/charts/revisiontags/templates/zzz_profile.yaml diff --git a/resources/v1.27.6/charts/revisiontags/values.yaml b/resources/v1.27.6/charts/revisiontags/values.yaml new file mode 100644 index 000000000..ccfcaa552 --- /dev/null +++ b/resources/v1.27.6/charts/revisiontags/values.yaml @@ -0,0 +1,569 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + autoscaleEnabled: true + autoscaleMin: 1 + autoscaleMax: 5 + autoscaleBehavior: {} + replicaCount: 1 + rollingMaxSurge: 100% + rollingMaxUnavailable: 25% + + hub: "" + tag: "" + variant: "" + + # Can be a full hub/image:tag + image: pilot + traceSampling: 1.0 + + # Resources for a small pilot install + resources: + requests: + cpu: 500m + memory: 2048Mi + + # Set to `type: RuntimeDefault` to use the default profile if available. + seccompProfile: {} + + # Whether to use an existing CNI installation + cni: + enabled: false + provider: default + + # Additional container arguments + extraContainerArgs: [] + + env: {} + + envVarFrom: [] + + # Settings related to the untaint controller + # This controller will remove `cni.istio.io/not-ready` from nodes when the istio-cni pod becomes ready + # It should be noted that cluster operator/owner is responsible for having the taint set by their infrastructure provider when new nodes are added to the cluster; the untaint controller does not taint nodes + taint: + # Controls whether or not the untaint controller is active + enabled: false + # What namespace the untaint controller should watch for istio-cni pods. This is only required when istio-cni is running in a different namespace than istiod + namespace: "" + + affinity: {} + + tolerations: [] + + cpu: + targetAverageUtilization: 80 + memory: {} + # targetAverageUtilization: 80 + + # Additional volumeMounts to the istiod container + volumeMounts: [] + + # Additional volumes to the istiod pod + volumes: [] + + # Inject initContainers into the istiod pod + initContainers: [] + + nodeSelector: {} + podAnnotations: {} + serviceAnnotations: {} + serviceAccountAnnotations: {} + sidecarInjectorWebhookAnnotations: {} + + topologySpreadConstraints: [] + + # You can use jwksResolverExtraRootCA to provide a root certificate + # in PEM format. This will then be trusted by pilot when resolving + # JWKS URIs. + jwksResolverExtraRootCA: "" + + # The following is used to limit how long a sidecar can be connected + # to a pilot. It balances out load across pilot instances at the cost of + # increasing system churn. + keepaliveMaxServerConnectionAge: 30m + + # Additional labels to apply to the deployment. + deploymentLabels: {} + + # Annotations to apply to the istiod deployment. + deploymentAnnotations: {} + + ## Mesh config settings + + # Install the mesh config map, generated from values.yaml. + # If false, pilot wil use default values (by default) or user-supplied values. + configMap: true + + # Additional labels to apply on the pod level for monitoring and logging configuration. + podLabels: {} + + # Setup how istiod Service is configured. See https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services + ipFamilyPolicy: "" + ipFamilies: [] + + # Ambient mode only. + # Set this if you install ztunnel to a different namespace from `istiod`. + # If set, `istiod` will allow connections from trusted node proxy ztunnels + # in the provided namespace. + # If unset, `istiod` will assume the trusted node proxy ztunnel resides + # in the same namespace as itself. + trustedZtunnelNamespace: "" + # Set this if you install ztunnel with a name different from the default. + trustedZtunnelName: "" + + sidecarInjectorWebhook: + # You can use the field called alwaysInjectSelector and neverInjectSelector which will always inject the sidecar or + # always skip the injection on pods that match that label selector, regardless of the global policy. + # See https://istio.io/docs/setup/kubernetes/additional-setup/sidecar-injection/#more-control-adding-exceptions + neverInjectSelector: [] + alwaysInjectSelector: [] + + # injectedAnnotations are additional annotations that will be added to the pod spec after injection + # This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: + # + # annotations: + # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default + # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default + # + # The PSP controller would add corresponding annotations to the pod spec for each container. However, this happens before + # the inject adds additional containers, so we must specify them explicitly here. With the above example, we could specify: + # injectedAnnotations: + # container.apparmor.security.beta.kubernetes.io/istio-init: runtime/default + # container.apparmor.security.beta.kubernetes.io/istio-proxy: runtime/default + injectedAnnotations: {} + + # This enables injection of sidecar in all namespaces, + # with the exception of namespaces with "istio-injection:disabled" annotation + # Only one environment should have this enabled. + enableNamespacesByDefault: false + + # Mutations that occur after the sidecar injector are not handled by default, as the Istio sidecar injector is only run + # once. For example, an OPA sidecar injected after the Istio sidecar will not have it's liveness/readiness probes rewritten. + # Setting this to `IfNeeded` will result in the sidecar injector being run again if additional mutations occur. + reinvocationPolicy: Never + + rewriteAppHTTPProbe: true + + # Templates defines a set of custom injection templates that can be used. For example, defining: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # Then starting a pod with the `inject.istio.io/templates: hello` annotation, will result in the pod + # being injected with the hello=world labels. + # This is intended for advanced configuration only; most users should use the built in template + templates: {} + + # Default templates specifies a set of default templates that are used in sidecar injection. + # By default, a template `sidecar` is always provided, which contains the template of default sidecar. + # To inject other additional templates, define it using the `templates` option, and add it to + # the default templates list. + # For example: + # + # templates: + # hello: | + # metadata: + # labels: + # hello: world + # + # defaultTemplates: ["sidecar", "hello"] + defaultTemplates: [] + istiodRemote: + # If `true`, indicates that this cluster/install should consume a "remote istiod" installation, + # and istiod itself will NOT be installed in this cluster - only the support resources necessary + # to utilize a remote instance. + enabled: false + + # If `true`, indicates that this cluster/install should consume a "local istiod" installation, + # local istiod inject sidecars + enabledLocalInjectorIstiod: false + + # Sidecar injector mutating webhook configuration clientConfig.url value. + # For example: https://$remotePilotAddress:15017/inject + # The host should not refer to a service running in the cluster; use a service reference by specifying + # the clientConfig.service field instead. + injectionURL: "" + + # Sidecar injector mutating webhook configuration path value for the clientConfig.service field. + # Override to pass env variables, for example: /inject/cluster/remote/net/network2 + injectionPath: "/inject" + + injectionCABundle: "" + telemetry: + enabled: true + v2: + # For Null VM case now. + # This also enables metadata exchange. + enabled: true + # Indicate if prometheus stats filter is enabled or not + prometheus: + enabled: true + # stackdriver filter settings. + stackdriver: + enabled: false + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + revision: "" + + # Revision tags are aliases to Istio control plane revisions + revisionTags: [] + + # For Helm compatibility. + ownerName: "" + + # meshConfig defines runtime configuration of components, including Istiod and istio-agent behavior + # See https://istio.io/docs/reference/config/istio.mesh.v1alpha1/ for all available options + meshConfig: + enablePrometheusMerge: true + + experimental: + stableValidationPolicy: false + + global: + # Used to locate istiod. + istioNamespace: istio-system + # List of cert-signers to allow "approve" action in the istio cluster role + # + # certSigners: + # - clusterissuers.cert-manager.io/istio-ca + certSigners: [] + # enable pod disruption budget for the control plane, which is used to + # ensure Istio control plane components are gradually upgraded or recovered. + defaultPodDisruptionBudget: + enabled: true + # The values aren't mutable due to a current PodDisruptionBudget limitation + # minAvailable: 1 + + # A minimal set of requested resources to applied to all deployments so that + # Horizontal Pod Autoscaler will be able to function (if set). + # Each component can overwrite these default values by adding its own resources + # block in the relevant section below and setting the desired resources values. + defaultResources: + requests: + cpu: 10m + # memory: 128Mi + # limits: + # cpu: 100m + # memory: 128Mi + + # Default hub for Istio images. + # Releases are published to docker hub under 'istio' project. + # Dev builds from prow are on gcr.io + hub: gcr.io/istio-release + # Default tag for Istio images. + tag: 1.27.6 + # Variant of the image to use. + # Currently supported are: [debug, distroless] + variant: "" + + # Specify image pull policy if default behavior isn't desired. + # Default behavior: latest images will be Always else IfNotPresent. + imagePullPolicy: "" + + # ImagePullSecrets for all ServiceAccount, list of secrets in the same namespace + # to use for pulling any images in pods that reference this ServiceAccount. + # For components that don't use ServiceAccounts (i.e. grafana, servicegraph, tracing) + # ImagePullSecrets will be added to the corresponding Deployment(StatefulSet) objects. + # Must be set for any cluster configured with private docker registry. + imagePullSecrets: [] + # - private-registry-key + + # Enabled by default in master for maximising testing. + istiod: + enableAnalysis: false + + # To output all istio components logs in json format by adding --log_as_json argument to each container argument + logAsJson: false + + # In order to use native nftable rules instead of iptable rules, set this flag to true. + nativeNftables: false + + # Comma-separated minimum per-scope logging level of messages to output, in the form of :,: + # The control plane has different scopes depending on component, but can configure default log level across all components + # If empty, default scope and level will be used as configured in code + logging: + level: "default:info" + + omitSidecarInjectorConfigMap: false + + # Configure whether Operator manages webhook configurations. The current behavior + # of Istiod is to manage its own webhook configurations. + # When this option is set as true, Istio Operator, instead of webhooks, manages the + # webhook configurations. When this option is set as false, webhooks manage their + # own webhook configurations. + operatorManageWebhooks: false + + # Custom DNS config for the pod to resolve names of services in other + # clusters. Use this to add additional search domains, and other settings. + # see + # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config + # This does not apply to gateway pods as they typically need a different + # set of DNS settings than the normal application pods (e.g., in + # multicluster scenarios). + # NOTE: If using templates, follow the pattern in the commented example below. + #podDNSSearchNamespaces: + #- global + #- "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" + + # Kubernetes >=v1.11.0 will create two PriorityClass, including system-cluster-critical and + # system-node-critical, it is better to configure this in order to make sure your Istio pods + # will not be killed because of low priority class. + # Refer to https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass + # for more detail. + priorityClassName: "" + + proxy: + image: proxyv2 + + # This controls the 'policy' in the sidecar injector. + autoInject: enabled + + # CAUTION: It is important to ensure that all Istio helm charts specify the same clusterDomain value + # cluster domain. Default value is "cluster.local". + clusterDomain: "cluster.local" + + # Per Component log level for proxy, applies to gateways and sidecars. If a component level is + # not set, then the global "logLevel" will be used. + componentLogLevel: "misc:error" + + # istio ingress capture allowlist + # examples: + # Redirect only selected ports: --includeInboundPorts="80,8080" + excludeInboundPorts: "" + includeInboundPorts: "*" + + # istio egress capture allowlist + # https://istio.io/docs/tasks/traffic-management/egress.html#calling-external-services-directly + # example: includeIPRanges: "172.30.0.0/16,172.20.0.0/16" + # would only capture egress traffic on those two IP Ranges, all other outbound traffic would + # be allowed by the sidecar + includeIPRanges: "*" + excludeIPRanges: "" + includeOutboundPorts: "" + excludeOutboundPorts: "" + + # Log level for proxy, applies to gateways and sidecars. + # Expected values are: trace|debug|info|warning|error|critical|off + logLevel: warning + + # Specify the path to the outlier event log. + # Example: /dev/stdout + outlierLogPath: "" + + #If set to true, istio-proxy container will have privileged securityContext + privileged: false + + # The number of successive failed probes before indicating readiness failure. + readinessFailureThreshold: 4 + + # The initial delay for readiness probes in seconds. + readinessInitialDelaySeconds: 0 + + # The period between readiness probes. + readinessPeriodSeconds: 15 + + # Enables or disables a startup probe. + # For optimal startup times, changing this should be tied to the readiness probe values. + # + # If the probe is enabled, it is recommended to have delay=0s,period=15s,failureThreshold=4. + # This ensures the pod is marked ready immediately after the startup probe passes (which has a 1s poll interval), + # and doesn't spam the readiness endpoint too much + # + # If the probe is disabled, it is recommended to have delay=1s,period=2s,failureThreshold=30. + # This ensures the startup is reasonable fast (polling every 2s). 1s delay is used since the startup is not often ready instantly. + startupProbe: + enabled: true + failureThreshold: 600 # 10 minutes + + # Resources for the sidecar. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 2000m + memory: 1024Mi + + # Default port for Pilot agent health checks. A value of 0 will disable health checking. + statusPort: 15020 + + # Specify which tracer to use. One of: zipkin, lightstep, datadog, stackdriver, none. + # If using stackdriver tracer outside GCP, set env GOOGLE_APPLICATION_CREDENTIALS to the GCP credential file. + tracer: "none" + + proxy_init: + # Base name for the proxy_init container, used to configure iptables. + image: proxyv2 + # Bypasses iptables idempotency handling, and attempts to apply iptables rules regardless of table state, which may cause unrecoverable failures. + # Do not use unless you need to work around an issue of the idempotency handling. This flag will be removed in future releases. + forceApplyIptables: false + + # configure remote pilot and istiod service and endpoint + remotePilotAddress: "" + + ############################################################################################## + # The following values are found in other charts. To effectively modify these values, make # + # make sure they are consistent across your Istio helm charts # + ############################################################################################## + + # The customized CA address to retrieve certificates for the pods in the cluster. + # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. + # If not set explicitly, default to the Istio discovery address. + caAddress: "" + + # Enable control of remote clusters. + externalIstiod: false + + # Configure a remote cluster as the config cluster for an external istiod. + configCluster: false + + # configValidation enables the validation webhook for Istio configuration. + configValidation: true + + # Mesh ID means Mesh Identifier. It should be unique within the scope where + # meshes will interact with each other, but it is not required to be + # globally/universally unique. For example, if any of the following are true, + # then two meshes must have different Mesh IDs: + # - Meshes will have their telemetry aggregated in one place + # - Meshes will be federated together + # - Policy will be written referencing one mesh from the other + # + # If an administrator expects that any of these conditions may become true in + # the future, they should ensure their meshes have different Mesh IDs + # assigned. + # + # Within a multicluster mesh, each cluster must be (manually or auto) + # configured to have the same Mesh ID value. If an existing cluster 'joins' a + # multicluster mesh, it will need to be migrated to the new mesh ID. Details + # of migration TBD, and it may be a disruptive operation to change the Mesh + # ID post-install. + # + # If the mesh admin does not specify a value, Istio will use the value of the + # mesh's Trust Domain. The best practice is to select a proper Trust Domain + # value. + meshID: "" + + # Configure the mesh networks to be used by the Split Horizon EDS. + # + # The following example defines two networks with different endpoints association methods. + # For `network1` all endpoints that their IP belongs to the provided CIDR range will be + # mapped to network1. The gateway for this network example is specified by its public IP + # address and port. + # The second network, `network2`, in this example is defined differently with all endpoints + # retrieved through the specified Multi-Cluster registry being mapped to network2. The + # gateway is also defined differently with the name of the gateway service on the remote + # cluster. The public IP for the gateway will be determined from that remote service (only + # LoadBalancer gateway service type is currently supported, for a NodePort type gateway service, + # it still need to be configured manually). + # + # meshNetworks: + # network1: + # endpoints: + # - fromCidr: "192.168.0.1/24" + # gateways: + # - address: 1.1.1.1 + # port: 80 + # network2: + # endpoints: + # - fromRegistry: reg1 + # gateways: + # - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local + # port: 443 + # + meshNetworks: {} + + # Use the user-specified, secret volume mounted key and certs for Pilot and workloads. + mountMtlsCerts: false + + multiCluster: + # Should be set to the name of the cluster this installation will run in. This is required for sidecar injection + # to properly label proxies + clusterName: "" + + # Network defines the network this cluster belong to. This name + # corresponds to the networks in the map of mesh networks. + network: "" + + # Configure the certificate provider for control plane communication. + # Currently, two providers are supported: "kubernetes" and "istiod". + # As some platforms may not have kubernetes signing APIs, + # Istiod is the default + pilotCertProvider: istiod + + sds: + # The JWT token for SDS and the aud field of such JWT. See RFC 7519, section 4.1.3. + # When a CSR is sent from Istio Agent to the CA (e.g. Istiod), this aud is to make sure the + # JWT is intended for the CA. + token: + aud: istio-ca + + sts: + # The service port used by Security Token Service (STS) server to handle token exchange requests. + # Setting this port to a non-zero value enables STS server. + servicePort: 0 + + # The name of the CA for workload certificates. + # For example, when caName=GkeWorkloadCertificate, GKE workload certificates + # will be used as the certificates for workloads. + # The default value is "" and when caName="", the CA will be configured by other + # mechanisms (e.g., environmental variable CA_PROVIDER). + caName: "" + + waypoint: + # Resources for the waypoint proxy. + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: "2" + memory: 1Gi + + # If specified, affinity defines the scheduling constraints of waypoint pods. + affinity: {} + + # Topology Spread Constraints for the waypoint proxy. + topologySpreadConstraints: [] + + # Node labels for the waypoint proxy. + nodeSelector: {} + + # Tolerations for the waypoint proxy. + tolerations: [] + + base: + # For istioctl usage to disable istio config crds in base + enableIstioConfigCRDs: true + + # Gateway Settings + gateways: + # Define the security context for the pod. + # If unset, this will be automatically set to the minimum privileges required to bind to port 80 and 443. + # On Kubernetes 1.22+, this only requires the `net.ipv4.ip_unprivileged_port_start` sysctl. + securityContext: {} + + # Set to `type: RuntimeDefault` to use the default profile for templated gateways, if your container runtime supports it + seccompProfile: {} + + # gatewayClasses allows customizing the configuration of the default deployment of Gateways per GatewayClass. + # For example: + # gatewayClasses: + # istio: + # service: + # spec: + # type: ClusterIP + # Per-Gateway configuration can also be set in the `Gateway.spec.infrastructure.parametersRef` field. + gatewayClasses: {} + + pdb: + # -- Minimum available pods set in PodDisruptionBudget. + # Define either 'minAvailable' or 'maxUnavailable', never both. + minAvailable: 1 + # -- Maximum unavailable pods set in PodDisruptionBudget. If set, 'minAvailable' is ignored. + # maxUnavailable: 1 + # -- Eviction policy for unhealthy pods guarded by PodDisruptionBudget. + # Ref: https://kubernetes.io/blog/2023/01/06/unhealthy-pod-eviction-policy-for-pdbs/ + unhealthyPodEvictionPolicy: "" diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/Chart.yaml b/resources/v1.27.6/charts/ztunnel/Chart.yaml similarity index 63% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/Chart.yaml rename to resources/v1.27.6/charts/ztunnel/Chart.yaml index e079d465e..32717b58f 100644 --- a/resources/v1.30-alpha.0a346609/charts/ztunnel/Chart.yaml +++ b/resources/v1.27.6/charts/ztunnel/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a +appVersion: 1.27.6 description: Helm chart for istio ztunnel components icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -8,4 +8,4 @@ keywords: name: ztunnel sources: - https://github.com/istio/istio -version: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a +version: 1.27.6 diff --git a/resources/v1.27.6/charts/ztunnel/README.md b/resources/v1.27.6/charts/ztunnel/README.md new file mode 100644 index 000000000..ffe0b94fe --- /dev/null +++ b/resources/v1.27.6/charts/ztunnel/README.md @@ -0,0 +1,50 @@ +# Istio Ztunnel Helm Chart + +This chart installs an Istio ztunnel. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart: + +```console +helm install ztunnel istio/ztunnel +``` + +## Uninstalling the Chart + +To uninstall/delete the chart: + +```console +helm delete ztunnel +``` + +## Configuration + +To view support configuration options and documentation, run: + +```console +helm show values istio/ztunnel +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.27.6/charts/ztunnel/files/profile-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-ambient.yaml rename to resources/v1.27.6/charts/ztunnel/files/profile-ambient.yaml diff --git a/resources/v1.27.6/charts/ztunnel/files/profile-compatibility-version-1.24.yaml b/resources/v1.27.6/charts/ztunnel/files/profile-compatibility-version-1.24.yaml new file mode 100644 index 000000000..4f3dbef7e --- /dev/null +++ b/resources/v1.27.6/charts/ztunnel/files/profile-compatibility-version-1.24.yaml @@ -0,0 +1,15 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.24 behavioral changes + PILOT_ENABLE_IP_AUTOALLOCATE: "false" + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + dnsCapture: false + reconcileIptablesOnStartup: false + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.6/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.27.6/charts/ztunnel/files/profile-compatibility-version-1.25.yaml new file mode 100644 index 000000000..b2f45948c --- /dev/null +++ b/resources/v1.27.6/charts/ztunnel/files/profile-compatibility-version-1.25.yaml @@ -0,0 +1,11 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" +ambient: + # 1.26 behavioral changes + shareHostNetworkNamespace: true diff --git a/resources/v1.27.6/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.27.6/charts/ztunnel/files/profile-compatibility-version-1.26.yaml new file mode 100644 index 000000000..af1069732 --- /dev/null +++ b/resources/v1.27.6/charts/ztunnel/files/profile-compatibility-version-1.26.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +pilot: + env: + # 1.27 behavioral changes + ENABLE_NATIVE_SIDECARS: "false" \ No newline at end of file diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-demo.yaml b/resources/v1.27.6/charts/ztunnel/files/profile-demo.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-demo.yaml rename to resources/v1.27.6/charts/ztunnel/files/profile-demo.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.27.6/charts/ztunnel/files/profile-platform-gke.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-gke.yaml rename to resources/v1.27.6/charts/ztunnel/files/profile-platform-gke.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.27.6/charts/ztunnel/files/profile-platform-k3d.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-k3d.yaml rename to resources/v1.27.6/charts/ztunnel/files/profile-platform-k3d.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.27.6/charts/ztunnel/files/profile-platform-k3s.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-k3s.yaml rename to resources/v1.27.6/charts/ztunnel/files/profile-platform-k3s.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.27.6/charts/ztunnel/files/profile-platform-microk8s.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-microk8s.yaml rename to resources/v1.27.6/charts/ztunnel/files/profile-platform-microk8s.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.27.6/charts/ztunnel/files/profile-platform-minikube.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-minikube.yaml rename to resources/v1.27.6/charts/ztunnel/files/profile-platform-minikube.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.27.6/charts/ztunnel/files/profile-platform-openshift.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-platform-openshift.yaml rename to resources/v1.27.6/charts/ztunnel/files/profile-platform-openshift.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-preview.yaml b/resources/v1.27.6/charts/ztunnel/files/profile-preview.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-preview.yaml rename to resources/v1.27.6/charts/ztunnel/files/profile-preview.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-remote.yaml b/resources/v1.27.6/charts/ztunnel/files/profile-remote.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-remote.yaml rename to resources/v1.27.6/charts/ztunnel/files/profile-remote.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-stable.yaml b/resources/v1.27.6/charts/ztunnel/files/profile-stable.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-stable.yaml rename to resources/v1.27.6/charts/ztunnel/files/profile-stable.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/NOTES.txt b/resources/v1.27.6/charts/ztunnel/templates/NOTES.txt similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/templates/NOTES.txt rename to resources/v1.27.6/charts/ztunnel/templates/NOTES.txt diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/_helpers.tpl b/resources/v1.27.6/charts/ztunnel/templates/_helpers.tpl similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/templates/_helpers.tpl rename to resources/v1.27.6/charts/ztunnel/templates/_helpers.tpl diff --git a/resources/v1.27.6/charts/ztunnel/templates/daemonset.yaml b/resources/v1.27.6/charts/ztunnel/templates/daemonset.yaml new file mode 100644 index 000000000..7de85a2d1 --- /dev/null +++ b/resources/v1.27.6/charts/ztunnel/templates/daemonset.yaml @@ -0,0 +1,210 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +spec: + {{- with .Values.updateStrategy }} + updateStrategy: + {{- toYaml . | nindent 4 }} + {{- end }} + selector: + matchLabels: + app: ztunnel + template: + metadata: + labels: + sidecar.istio.io/inject: "false" + istio.io/dataplane-mode: none + app: ztunnel + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 8}} +{{ with .Values.podLabels -}}{{ toYaml . | indent 8 }}{{ end }} + annotations: + sidecar.istio.io/inject: "false" +{{- if .Values.revision }} + istio.io/rev: {{ .Values.revision }} +{{- end }} +{{ with .Values.podAnnotations -}}{{ toYaml . | indent 8 }}{{ end }} + spec: + nodeSelector: + kubernetes.io/os: linux +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | trim | indent 8 }} +{{- end }} + serviceAccountName: {{ include "ztunnel.release-name" . }} +{{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | trim | indent 8 }} +{{- end }} + containers: + - name: istio-proxy +{{- if contains "/" .Values.image }} + image: "{{ .Values.image }}" +{{- else }} + image: "{{ .Values.hub }}/{{ .Values.image | default "ztunnel" }}:{{ .Values.tag }}{{with (.Values.variant )}}-{{.}}{{end}}" +{{- end }} + ports: + - containerPort: 15020 + name: ztunnel-stats + protocol: TCP + resources: +{{- if .Values.resources }} +{{ toYaml .Values.resources | trim | indent 10 }} +{{- end }} +{{- with .Values.imagePullPolicy }} + imagePullPolicy: {{ . }} +{{- end }} + securityContext: + # K8S docs are clear that CAP_SYS_ADMIN *or* privileged: true + # both force this to `true`: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # But there is a K8S validation bug that doesn't propery catch this: https://github.com/kubernetes/kubernetes/issues/119568 + allowPrivilegeEscalation: true + privileged: false + capabilities: + drop: + - ALL + add: # See https://man7.org/linux/man-pages/man7/capabilities.7.html + - NET_ADMIN # Required for TPROXY and setsockopt + - SYS_ADMIN # Required for `setns` - doing things in other netns + - NET_RAW # Required for RAW/PACKET sockets, TPROXY + readOnlyRootFilesystem: true + runAsGroup: 1337 + runAsNonRoot: false + runAsUser: 0 +{{- if .Values.seLinuxOptions }} + seLinuxOptions: +{{ toYaml .Values.seLinuxOptions | trim | indent 12 }} +{{- end }} + readinessProbe: + httpGet: + port: 15021 + path: /healthz/ready + args: + - proxy + - ztunnel + env: + - name: CA_ADDRESS + {{- if .Values.caAddress }} + value: {{ .Values.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 + {{- end }} + - name: XDS_ADDRESS + {{- if .Values.xdsAddress }} + value: {{ .Values.xdsAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.istioNamespace }}.svc:15012 + {{- end }} + {{- if .Values.logAsJson }} + - name: LOG_FORMAT + value: json + {{- end}} + {{- if .Values.network }} + - name: NETWORK + value: {{ .Values.network | quote }} + {{- end }} + - name: RUST_LOG + value: {{ .Values.logLevel | quote }} + - name: RUST_BACKTRACE + value: "1" + - name: ISTIO_META_CLUSTER_ID + value: {{ .Values.multiCluster.clusterName | default "Kubernetes" }} + - name: INPOD_ENABLED + value: "true" + - name: TERMINATION_GRACE_PERIOD_SECONDS + value: "{{ .Values.terminationGracePeriodSeconds }}" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.meshConfig.defaultConfig.proxyMetadata }} + {{- range $key, $value := .Values.meshConfig.defaultConfig.proxyMetadata}} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + - name: ZTUNNEL_CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + {{- with .Values.env }} + {{- range $key, $val := . }} + - name: {{ $key }} + value: "{{ $val }}" + {{- end }} + {{- end }} + volumeMounts: + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + - mountPath: /var/run/secrets/tokens + name: istio-token + - mountPath: /var/run/ztunnel + name: cni-ztunnel-sock-dir + - mountPath: /tmp + name: tmp + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + priorityClassName: system-node-critical + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + volumes: + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: istio-ca + - name: istiod-ca-cert + {{- if eq (.Values.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + - name: cni-ztunnel-sock-dir + hostPath: + path: /var/run/ztunnel + type: DirectoryOrCreate # ideally this would be a socket, but istio-cni may not have started yet. + # pprof needs a writable /tmp, and we don't have that thanks to `readOnlyRootFilesystem: true`, so mount one + - name: tmp + emptyDir: {} + {{- with .Values.volumes }} + {{- toYaml . | nindent 6}} + {{- end }} diff --git a/resources/v1.27.6/charts/ztunnel/templates/rbac.yaml b/resources/v1.27.6/charts/ztunnel/templates/rbac.yaml new file mode 100644 index 000000000..0a8138c9a --- /dev/null +++ b/resources/v1.27.6/charts/ztunnel/templates/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: v1 +kind: ServiceAccount + {{- with .Values.imagePullSecrets }} +imagePullSecrets: + {{- range . }} + - name: {{ . }} + {{- end }} + {{- end }} +metadata: + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +--- +{{- if (eq (.Values.platform | default "") "openshift") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "ztunnel.release-name" . }} + labels: + app: ztunnel + release: {{ include "ztunnel.release-name" . }} + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +rules: +- apiGroups: ["security.openshift.io"] + resources: ["securitycontextconstraints"] + resourceNames: ["privileged"] + verbs: ["use"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ztunnel.release-name" . }} + labels: + app: ztunnel + release: {{ include "ztunnel.release-name" . }} + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + annotations: +{{- if .Values.revision }} + {{- $annos := set $.Values.annotations "istio.io/rev" .Values.revision }} + {{- toYaml $annos | nindent 4}} +{{- else }} + {{- .Values.annotations | toYaml | nindent 4 }} +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "ztunnel.release-name" . }} +subjects: +- kind: ServiceAccount + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +--- diff --git a/resources/v1.27.6/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.27.6/charts/ztunnel/templates/resourcequota.yaml new file mode 100644 index 000000000..a1c0e5496 --- /dev/null +++ b/resources/v1.27.6/charts/ztunnel/templates/resourcequota.yaml @@ -0,0 +1,20 @@ +{{- if .Values.resourceQuotas.enabled }} +apiVersion: v1 +kind: ResourceQuota +metadata: + name: {{ include "ztunnel.release-name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ztunnel + {{- include "istio.labels" . | nindent 4}} + {{ with .Values.labels -}}{{ toYaml . | nindent 4}}{{ end }} +spec: + hard: + pods: {{ .Values.resourceQuotas.pods | quote }} + scopeSelector: + matchExpressions: + - operator: In + scopeName: PriorityClass + values: + - system-node-critical +{{- end }} diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.27.6/charts/ztunnel/templates/zzz_profile.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/templates/zzz_profile.yaml rename to resources/v1.27.6/charts/ztunnel/templates/zzz_profile.yaml diff --git a/resources/v1.27.6/charts/ztunnel/values.yaml b/resources/v1.27.6/charts/ztunnel/values.yaml new file mode 100644 index 000000000..15b04e40a --- /dev/null +++ b/resources/v1.27.6/charts/ztunnel/values.yaml @@ -0,0 +1,128 @@ +# "_internal_defaults_do_not_set" is a workaround for Helm limitations. Users should NOT set "._internal_defaults_do_not_set" explicitly, but rather directly set the fields internally. +# For instance, instead of `--set _internal_defaults_do_not_set.foo=bar``, just set `--set foo=bar`. +_internal_defaults_do_not_set: + # Hub to pull from. Image will be `Hub/Image:Tag-Variant` + hub: gcr.io/istio-release + # Tag to pull from. Image will be `Hub/Image:Tag-Variant` + tag: 1.27.6 + # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. + variant: "" + + # Image name to pull from. Image will be `Hub/Image:Tag-Variant` + # If Image contains a "/", it will replace the entire `image` in the pod. + image: ztunnel + + # Same as `global.network`, but will override it if set. + # Network defines the network this cluster belong to. This name + # corresponds to the networks in the map of mesh networks. + network: "" + + # resourceName, if set, will override the naming of resources. If not set, will default to 'ztunnel'. + # If you set this, you MUST also set `trustedZtunnelName` in the `istiod` chart. + resourceName: "" + + # Labels to apply to all top level resources + labels: {} + # Annotations to apply to all top level resources + annotations: {} + + # Additional volumeMounts to the ztunnel container + volumeMounts: [] + + # Additional volumes to the ztunnel pod + volumes: [] + + # Tolerations for the ztunnel pod + tolerations: + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + + # Annotations added to each pod. The default annotations are required for scraping prometheus (in most environments). + podAnnotations: + prometheus.io/port: "15020" + prometheus.io/scrape: "true" + + # Additional labels to apply on the pod level + podLabels: {} + + # Pod resource configuration + resources: + requests: + cpu: 200m + # Ztunnel memory scales with the size of the cluster and traffic load + # While there are many factors, this is enough for ~200k pod cluster or 100k concurrently open connections. + memory: 512Mi + + resourceQuotas: + enabled: false + pods: 5000 + + # List of secret names to add to the service account as image pull secrets + imagePullSecrets: [] + + # A `key: value` mapping of environment variables to add to the pod + env: {} + + # Override for the pod imagePullPolicy + imagePullPolicy: "" + + # Settings for multicluster + multiCluster: + # The name of the cluster we are installing in. Note this is a user-defined name, which must be consistent + # with Istiod configuration. + clusterName: "" + + # meshConfig defines runtime configuration of components. + # For ztunnel, only defaultConfig is used, but this is nested under `meshConfig` for consistency with other + # components. + # TODO: https://github.com/istio/istio/issues/43248 + meshConfig: + defaultConfig: + proxyMetadata: {} + + # This value defines: + # 1. how many seconds kube waits for ztunnel pod to gracefully exit before forcibly terminating it (this value) + # 2. how many seconds ztunnel waits to drain its own connections (this value - 1 sec) + # Default K8S value is 30 seconds + terminationGracePeriodSeconds: 30 + + # Revision is set as 'version' label and part of the resource names when installing multiple control planes. + # Used to locate the XDS and CA, if caAddress or xdsAddress are not set explicitly. + revision: "" + + # The customized CA address to retrieve certificates for the pods in the cluster. + # CSR clients such as the Istio Agent and ingress gateways can use this to specify the CA endpoint. + caAddress: "" + + # The customized XDS address to retrieve configuration. + # This should include the port - 15012 for Istiod. TLS will be used with the certificates in "istiod-ca-cert" secret. + # By default, it is istiod.istio-system.svc:15012 if revision is not set, or istiod-..svc:15012 + xdsAddress: "" + + # Used to locate the XDS and CA, if caAddress or xdsAddress are not set. + istioNamespace: istio-system + + # Configuration log level of ztunnel binary, default is info. + # Valid values are: trace, debug, info, warn, error + logLevel: info + + # To output all logs in json format + logAsJson: false + + # Set to `type: RuntimeDefault` to use the default profile if available. + seLinuxOptions: {} + # TODO Ambient inpod - for OpenShift, set to the following to get writable sockets in hostmounts to work, eventually consider CSI driver instead + #seLinuxOptions: + # type: spc_t + + # K8s DaemonSet update strategy. + # https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 diff --git a/resources/v1.27.6/cni-1.27.6.tgz.etag b/resources/v1.27.6/cni-1.27.6.tgz.etag new file mode 100644 index 000000000..c2c482ca8 --- /dev/null +++ b/resources/v1.27.6/cni-1.27.6.tgz.etag @@ -0,0 +1 @@ +9c5b26001eb8487f6ff49b60134431bf diff --git a/resources/v1.27.6/commit b/resources/v1.27.6/commit new file mode 100644 index 000000000..2a5aed46b --- /dev/null +++ b/resources/v1.27.6/commit @@ -0,0 +1 @@ +1.27.6 diff --git a/resources/v1.27.6/gateway-1.27.6.tgz.etag b/resources/v1.27.6/gateway-1.27.6.tgz.etag new file mode 100644 index 000000000..0e9859e54 --- /dev/null +++ b/resources/v1.27.6/gateway-1.27.6.tgz.etag @@ -0,0 +1 @@ +75451d4a1c872424cb6aea0df39d12f4 diff --git a/resources/v1.27.6/istiod-1.27.6.tgz.etag b/resources/v1.27.6/istiod-1.27.6.tgz.etag new file mode 100644 index 000000000..e6124aa46 --- /dev/null +++ b/resources/v1.27.6/istiod-1.27.6.tgz.etag @@ -0,0 +1 @@ +98c26831eafe25f258fc67e4daa2f22b diff --git a/resources/v1.30-alpha.0a346609/profiles/ambient.yaml b/resources/v1.27.6/profiles/ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/profiles/ambient.yaml rename to resources/v1.27.6/profiles/ambient.yaml diff --git a/resources/v1.30-alpha.0a346609/profiles/default.yaml b/resources/v1.27.6/profiles/default.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/profiles/default.yaml rename to resources/v1.27.6/profiles/default.yaml diff --git a/resources/v1.30-alpha.0a346609/profiles/demo.yaml b/resources/v1.27.6/profiles/demo.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/profiles/demo.yaml rename to resources/v1.27.6/profiles/demo.yaml diff --git a/resources/v1.30-alpha.0a346609/profiles/empty.yaml b/resources/v1.27.6/profiles/empty.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/profiles/empty.yaml rename to resources/v1.27.6/profiles/empty.yaml diff --git a/resources/v1.30-alpha.0a346609/profiles/openshift-ambient.yaml b/resources/v1.27.6/profiles/openshift-ambient.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/profiles/openshift-ambient.yaml rename to resources/v1.27.6/profiles/openshift-ambient.yaml diff --git a/resources/v1.30-alpha.0a346609/profiles/openshift.yaml b/resources/v1.27.6/profiles/openshift.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/profiles/openshift.yaml rename to resources/v1.27.6/profiles/openshift.yaml diff --git a/resources/v1.30-alpha.0a346609/profiles/preview.yaml b/resources/v1.27.6/profiles/preview.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/profiles/preview.yaml rename to resources/v1.27.6/profiles/preview.yaml diff --git a/resources/v1.30-alpha.0a346609/profiles/remote.yaml b/resources/v1.27.6/profiles/remote.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/profiles/remote.yaml rename to resources/v1.27.6/profiles/remote.yaml diff --git a/resources/v1.30-alpha.0a346609/profiles/stable.yaml b/resources/v1.27.6/profiles/stable.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/profiles/stable.yaml rename to resources/v1.27.6/profiles/stable.yaml diff --git a/resources/v1.27.6/ztunnel-1.27.6.tgz.etag b/resources/v1.27.6/ztunnel-1.27.6.tgz.etag new file mode 100644 index 000000000..727e1cfc9 --- /dev/null +++ b/resources/v1.27.6/ztunnel-1.27.6.tgz.etag @@ -0,0 +1 @@ +58ba734fd3e7a2c2c080053b223bbb3e diff --git a/resources/v1.30-alpha.0a346609/base-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag b/resources/v1.30-alpha.0a346609/base-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag deleted file mode 100644 index 6554f9b4d..000000000 --- a/resources/v1.30-alpha.0a346609/base-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -c5eb4d7c406daf26f767e2336ee6088c diff --git a/resources/v1.30-alpha.0a346609/cni-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag b/resources/v1.30-alpha.0a346609/cni-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag deleted file mode 100644 index 534df8dd4..000000000 --- a/resources/v1.30-alpha.0a346609/cni-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -25025d0112d80c4b4a1228c1a8010f1a diff --git a/resources/v1.30-alpha.0a346609/commit b/resources/v1.30-alpha.0a346609/commit deleted file mode 100644 index 4d1e8eb73..000000000 --- a/resources/v1.30-alpha.0a346609/commit +++ /dev/null @@ -1 +0,0 @@ -0a3466091a333998e160a8aa3400a3aa65d4cb7a diff --git a/resources/v1.30-alpha.0a346609/gateway-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag b/resources/v1.30-alpha.0a346609/gateway-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag deleted file mode 100644 index f9056cff2..000000000 --- a/resources/v1.30-alpha.0a346609/gateway-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -1e179164e2dd5fd0f9815c76fd759549 diff --git a/resources/v1.30-alpha.0a346609/istiod-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag b/resources/v1.30-alpha.0a346609/istiod-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag deleted file mode 100644 index 1dad1c586..000000000 --- a/resources/v1.30-alpha.0a346609/istiod-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -ba3de8ee9137e6f1de12f48bfa924f38 diff --git a/resources/v1.30-alpha.0a346609/ztunnel-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag b/resources/v1.30-alpha.0a346609/ztunnel-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag deleted file mode 100644 index 55fd48514..000000000 --- a/resources/v1.30-alpha.0a346609/ztunnel-1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a.tgz.etag +++ /dev/null @@ -1 +0,0 @@ -467b37db0f019448448c83288f06b473 diff --git a/resources/v1.30-alpha.9e476e6b/base-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag b/resources/v1.30-alpha.9e476e6b/base-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag new file mode 100644 index 000000000..a35d7e672 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/base-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag @@ -0,0 +1 @@ +06fa1c106cef9ef6bfc59b522bcf45a0 diff --git a/resources/v1.30-alpha.9e476e6b/charts/base/Chart.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/Chart.yaml new file mode 100644 index 000000000..94cd40deb --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/base/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b +description: Helm chart for deploying Istio cluster resources and CRDs +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio +name: base +sources: +- https://github.com/istio/istio +version: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b diff --git a/resources/v1.30-alpha.9e476e6b/charts/base/README.md b/resources/v1.30-alpha.9e476e6b/charts/base/README.md new file mode 100644 index 000000000..ae8f6d5b0 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/base/README.md @@ -0,0 +1,35 @@ +# Istio base Helm Chart + +This chart installs resources shared by all Istio revisions. This includes Istio CRDs. + +## Setup Repo Info + +```console +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +``` + +_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ + +## Installing the Chart + +To install the chart with the release name `istio-base`: + +```console +kubectl create namespace istio-system +helm install istio-base istio/base -n istio-system +``` + +### Profiles + +Istio Helm charts have a concept of a `profile`, which is a bundled collection of value presets. +These can be set with `--set profile=`. +For example, the `demo` profile offers a preset configuration to try out Istio in a test environment, with additional features enabled and lowered resource requirements. + +For consistency, the same profiles are used across each chart, even if they do not impact a given chart. + +Explicitly set values have highest priority, then profile settings, then chart defaults. + +As an implementation detail of profiles, the default values for the chart are all nested under `defaults`. +When configuring the chart, you should not include this. +That is, `--set some.field=true` should be passed, not `--set defaults.some.field=true`. diff --git a/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-ambient.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-ambient.yaml new file mode 100644 index 000000000..495fbcd43 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.9e476e6b/charts/base/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.9e476e6b/charts/base/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.9e476e6b/charts/base/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.9e476e6b/charts/base/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-demo.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-demo.yaml new file mode 100644 index 000000000..d6dc36dd0 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-gke.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-gke.yaml new file mode 100644 index 000000000..dfe8a7d74 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-k3d.yaml new file mode 100644 index 000000000..cd86d9ec5 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-k3s.yaml new file mode 100644 index 000000000..07820106d --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-microk8s.yaml new file mode 100644 index 000000000..57d7f5e3c --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-minikube.yaml new file mode 100644 index 000000000..fa9992e20 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-openshift.yaml new file mode 100644 index 000000000..8ddc5e165 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-preview.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-remote.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-remote.yaml new file mode 100644 index 000000000..d17b9a801 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-stable.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/base/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/base/templates/NOTES.txt b/resources/v1.30-alpha.9e476e6b/charts/base/templates/NOTES.txt new file mode 100644 index 000000000..f12616f57 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/base/templates/NOTES.txt @@ -0,0 +1,5 @@ +Istio base successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.30-alpha.0a346609/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.9e476e6b/charts/base/templates/defaultrevision-validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.9e476e6b/charts/base/templates/defaultrevision-validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/base/templates/reader-serviceaccount.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/templates/reader-serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/templates/reader-serviceaccount.yaml rename to resources/v1.30-alpha.9e476e6b/charts/base/templates/reader-serviceaccount.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/base/templates/zzz_profile.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/templates/zzz_profile.yaml new file mode 100644 index 000000000..3d8495648 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/base/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.0a346609/charts/base/values.yaml b/resources/v1.30-alpha.9e476e6b/charts/base/values.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/base/values.yaml rename to resources/v1.30-alpha.9e476e6b/charts/base/values.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/Chart.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/Chart.yaml new file mode 100644 index 000000000..613566b8b --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +appVersion: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b +description: Helm chart for istio-cni components +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio-cni +- istio +name: cni +sources: +- https://github.com/istio/istio +version: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b diff --git a/resources/v1.30-alpha.0a346609/charts/cni/README.md b/resources/v1.30-alpha.9e476e6b/charts/cni/README.md similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/README.md rename to resources/v1.30-alpha.9e476e6b/charts/cni/README.md diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-ambient.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-ambient.yaml new file mode 100644 index 000000000..495fbcd43 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-demo.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-demo.yaml new file mode 100644 index 000000000..d6dc36dd0 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-gke.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-gke.yaml new file mode 100644 index 000000000..dfe8a7d74 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-k3d.yaml new file mode 100644 index 000000000..cd86d9ec5 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-k3s.yaml new file mode 100644 index 000000000..07820106d --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-microk8s.yaml new file mode 100644 index 000000000..57d7f5e3c --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-minikube.yaml new file mode 100644 index 000000000..fa9992e20 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-openshift.yaml new file mode 100644 index 000000000..8ddc5e165 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-preview.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-remote.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-remote.yaml new file mode 100644 index 000000000..d17b9a801 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-stable.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/templates/NOTES.txt b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/NOTES.txt new file mode 100644 index 000000000..fb35525b9 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/NOTES.txt @@ -0,0 +1,5 @@ +"{{ .Release.Name }}" successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/templates/_helpers.tpl b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/_helpers.tpl new file mode 100644 index 000000000..73cc17b2f --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/_helpers.tpl @@ -0,0 +1,8 @@ +{{- define "name" -}} + istio-cni +{{- end }} + + +{{- define "istio-tag" -}} + {{ .Values.tag | default .Values.global.tag }}{{with (.Values.variant | default .Values.global.variant)}}-{{.}}{{end}} +{{- end }} diff --git a/resources/v1.30-alpha.0a346609/charts/cni/templates/clusterrole.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/templates/clusterrole.yaml rename to resources/v1.30-alpha.9e476e6b/charts/cni/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.9e476e6b/charts/cni/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/templates/configmap-cni.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/configmap-cni.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/templates/configmap-cni.yaml rename to resources/v1.30-alpha.9e476e6b/charts/cni/templates/configmap-cni.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/templates/daemonset.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/templates/daemonset.yaml rename to resources/v1.30-alpha.9e476e6b/charts/cni/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/templates/network-attachment-definition.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/network-attachment-definition.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/templates/network-attachment-definition.yaml rename to resources/v1.30-alpha.9e476e6b/charts/cni/templates/network-attachment-definition.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/templates/networkpolicy.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/templates/networkpolicy.yaml rename to resources/v1.30-alpha.9e476e6b/charts/cni/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/templates/resourcequota.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/templates/resourcequota.yaml rename to resources/v1.30-alpha.9e476e6b/charts/cni/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/cni/templates/serviceaccount.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/cni/templates/serviceaccount.yaml rename to resources/v1.30-alpha.9e476e6b/charts/cni/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/zzy_descope_legacy.yaml new file mode 100644 index 000000000..a9584ac29 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/zzy_descope_legacy.yaml @@ -0,0 +1,3 @@ +{{/* Copy anything under `.cni` to `.`, to avoid the need to specify a redundant prefix. +Due to the file naming, this always happens after zzz_profile.yaml */}} +{{- $_ := mustMergeOverwrite $.Values (index $.Values "cni") }} \ No newline at end of file diff --git a/resources/v1.30-alpha.9e476e6b/charts/cni/templates/zzz_profile.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/zzz_profile.yaml new file mode 100644 index 000000000..3d8495648 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.0a346609/charts/cni/values.yaml b/resources/v1.30-alpha.9e476e6b/charts/cni/values.yaml similarity index 99% rename from resources/v1.30-alpha.0a346609/charts/cni/values.yaml rename to resources/v1.30-alpha.9e476e6b/charts/cni/values.yaml index 391aed9e5..0335248d2 100644 --- a/resources/v1.30-alpha.0a346609/charts/cni/values.yaml +++ b/resources/v1.30-alpha.9e476e6b/charts/cni/values.yaml @@ -155,7 +155,7 @@ _internal_defaults_do_not_set: hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a + tag: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b # Variant of the image to use. # Currently supported are: [debug, distroless] diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/Chart.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/Chart.yaml new file mode 100644 index 000000000..6c69b0b66 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +appVersion: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b +description: Helm chart for deploying Istio gateways +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio +- gateways +name: gateway +sources: +- https://github.com/istio/istio +type: application +version: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/README.md b/resources/v1.30-alpha.9e476e6b/charts/gateway/README.md similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/README.md rename to resources/v1.30-alpha.9e476e6b/charts/gateway/README.md diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-ambient.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-ambient.yaml new file mode 100644 index 000000000..495fbcd43 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-demo.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-demo.yaml new file mode 100644 index 000000000..d6dc36dd0 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-gke.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-gke.yaml new file mode 100644 index 000000000..dfe8a7d74 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-k3d.yaml new file mode 100644 index 000000000..cd86d9ec5 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-k3s.yaml new file mode 100644 index 000000000..07820106d --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-microk8s.yaml new file mode 100644 index 000000000..57d7f5e3c --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-minikube.yaml new file mode 100644 index 000000000..fa9992e20 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-openshift.yaml new file mode 100644 index 000000000..8ddc5e165 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-preview.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-remote.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-remote.yaml new file mode 100644 index 000000000..d17b9a801 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-stable.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/NOTES.txt b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/NOTES.txt new file mode 100644 index 000000000..fd0142911 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/NOTES.txt @@ -0,0 +1,9 @@ +"{{ include "gateway.name" . }}" successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} + +Next steps: + * Deploy an HTTP Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-control/ + * Deploy an HTTPS Gateway: https://istio.io/latest/docs/tasks/traffic-management/ingress/secure-ingress/ diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/_helpers.tpl b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/_helpers.tpl new file mode 100644 index 000000000..e5a0a9b3c --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/_helpers.tpl @@ -0,0 +1,40 @@ +{{- define "gateway.name" -}} +{{- if eq .Release.Name "RELEASE-NAME" -}} + {{- .Values.name | default "istio-ingressgateway" -}} +{{- else -}} + {{- .Values.name | default .Release.Name | default "istio-ingressgateway" -}} +{{- end -}} +{{- end }} + +{{- define "gateway.labels" -}} +{{ include "gateway.selectorLabels" . }} +{{- range $key, $val := .Values.labels }} +{{- if and (ne $key "app") (ne $key "istio") }} +{{ $key | quote }}: {{ $val | quote }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "gateway.selectorLabels" -}} +app: {{ (.Values.labels.app | quote) | default (include "gateway.name" .) }} +istio: {{ (.Values.labels.istio | quote) | default (include "gateway.name" . | trimPrefix "istio-") }} +{{- end }} + +{{/* +Keep sidecar injection labels together +https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#controlling-the-injection-policy +*/}} +{{- define "gateway.sidecarInjectionLabels" -}} +sidecar.istio.io/inject: "true" +{{- with .Values.revision }} +istio.io/rev: {{ . | quote }} +{{- end }} +{{- end }} + +{{- define "gateway.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- .Values.serviceAccount.name | default (include "gateway.name" .) }} +{{- else }} +{{- .Values.serviceAccount.name | default "default" }} +{{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/deployment.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/deployment.yaml new file mode 100644 index 000000000..1d8f93a47 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/deployment.yaml @@ -0,0 +1,145 @@ +apiVersion: apps/v1 +kind: {{ .Values.kind | default "Deployment" }} +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + {{- if and (hasKey .Values "replicaCount") (ne .Values.replicaCount nil) }} + replicas: {{ .Values.replicaCount }} + {{- end }} + {{- end }} + {{- with .Values.strategy }} + strategy: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.minReadySeconds }} + minReadySeconds: {{ . }} + {{- end }} + selector: + matchLabels: + {{- include "gateway.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gateway.sidecarInjectionLabels" . | nindent 8 }} + {{- include "gateway.selectorLabels" . | nindent 8 }} + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 8}} + {{- range $key, $val := .Values.labels }} + {{- if and (ne $key "app") (ne $key "istio") }} + {{ $key | quote }}: {{ $val | quote }} + {{- end }} + {{- end }} + {{- with .Values.networkGateway }} + topology.istio.io/network: "{{.}}" + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gateway.serviceAccountName" . }} + securityContext: + {{- if .Values.securityContext }} + {{- toYaml .Values.securityContext | nindent 8 }} + {{- else }} + # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326 + sysctls: + - name: net.ipv4.ip_unprivileged_port_start + value: "0" + {{- end }} + {{- with .Values.volumes }} + volumes: + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: istio-proxy + # "auto" will be populated at runtime by the mutating webhook. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#customizing-injection + image: auto + {{- with .Values.imagePullPolicy }} + imagePullPolicy: {{ . }} + {{- end }} + securityContext: + {{- if .Values.containerSecurityContext }} + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- else }} + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + {{- if not (eq (.Values.platform | default "") "openshift") }} + runAsUser: 1337 + runAsGroup: 1337 + {{- end }} + runAsNonRoot: true + {{- end }} + env: + {{- with .Values.networkGateway }} + - name: ISTIO_META_REQUESTED_NETWORK_VIEW + value: "{{.}}" + {{- end }} + {{- range $key, $val := .Values.env }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + {{- with .Values.envVarFrom }} + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.lifecycle }} + lifecycle: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.additionalContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ $.Values.terminationGracePeriodSeconds }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/hpa.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/hpa.yaml new file mode 100644 index 000000000..64ecb6a4c --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/hpa.yaml @@ -0,0 +1,40 @@ +{{- if and (.Values.autoscaling.enabled) (eq .Values.kind "Deployment") }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "gateway.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4 }} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: {{ .Values.kind | default "Deployment" }} + name: {{ include "gateway.name" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + type: Utilization + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + type: Utilization + {{- end }} + {{- if .Values.autoscaling.autoscaleBehavior }} + behavior: {{ toYaml .Values.autoscaling.autoscaleBehavior | nindent 4 }} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/templates/networkpolicy.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/templates/networkpolicy.yaml rename to resources/v1.30-alpha.9e476e6b/charts/gateway/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.9e476e6b/charts/gateway/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/role.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/role.yaml new file mode 100644 index 000000000..3d1607963 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/role.yaml @@ -0,0 +1,37 @@ +{{/*Set up roles for Istio Gateway. Not required for gateway-api*/}} +{{- if .Values.rbac.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "gateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "gateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4}} + annotations: + {{- .Values.annotations | toYaml | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "gateway.serviceAccountName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "gateway.serviceAccountName" . }} +{{- end }} diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/templates/service.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/templates/service.yaml rename to resources/v1.30-alpha.9e476e6b/charts/gateway/templates/service.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/serviceaccount.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/serviceaccount.yaml new file mode 100644 index 000000000..c88afeadd --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gateway.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "gateway.name" . }} + {{- include "istio.labels" . | nindent 4}} + {{- include "gateway.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/zzz_profile.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/zzz_profile.yaml new file mode 100644 index 000000000..606c55669 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/gateway/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if true }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/values.schema.json b/resources/v1.30-alpha.9e476e6b/charts/gateway/values.schema.json similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/values.schema.json rename to resources/v1.30-alpha.9e476e6b/charts/gateway/values.schema.json diff --git a/resources/v1.30-alpha.0a346609/charts/gateway/values.yaml b/resources/v1.30-alpha.9e476e6b/charts/gateway/values.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/gateway/values.yaml rename to resources/v1.30-alpha.9e476e6b/charts/gateway/values.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/Chart.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/Chart.yaml new file mode 100644 index 000000000..142e33e61 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +appVersion: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b +description: Helm chart for istio control plane +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio +- istiod +- istio-discovery +name: istiod +sources: +- https://github.com/istio/istio +version: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/README.md b/resources/v1.30-alpha.9e476e6b/charts/istiod/README.md similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/README.md rename to resources/v1.30-alpha.9e476e6b/charts/istiod/README.md diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/agentgateway.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/agentgateway.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/agentgateway.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/files/agentgateway.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/gateway-injection-template.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/gateway-injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/gateway-injection-template.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/files/gateway-injection-template.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/files/grpc-agent.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/grpc-agent.yaml new file mode 100644 index 000000000..3b9240e36 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/grpc-agent.yaml @@ -0,0 +1,318 @@ +{{- define "resources" }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} + requests: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` | quote }} + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` | quote }} + {{ end }} + {{- end }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + limits: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} + cpu: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` | quote }} + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} + memory: {{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` | quote }} + {{ end }} + {{- end }} + {{- else }} + {{- if .Values.global.proxy.resources }} + {{ toYaml .Values.global.proxy.resources | indent 6 }} + {{- end }} + {{- end }} +{{- end }} +{{- $containers := list }} +{{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} +metadata: + labels: + {{/* security.istio.io/tlsMode: istio must be set by user, if gRPC is using mTLS initialization code. We can't set it automatically. */}} + service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} + service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} + annotations: { + istio.io/rev: {{ .Revision | default "default" | quote }}, + {{- if ge (len $containers) 1 }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} + kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", + {{- end }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} + kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", + {{- end }} + {{- end }} + sidecar.istio.io/rewriteAppHTTPProbers: "false", + } +spec: + containers: + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .ProxyImage }}" + {{- end }} + ports: + - containerPort: 15020 + protocol: TCP + name: mesh-metrics + args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} + - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} + - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + lifecycle: + postStart: + exec: + command: + - pilot-agent + - wait + - --url=http://localhost:15020/healthz/ready + env: + - name: ISTIO_META_GENERATOR + value: grpc + - name: OUTPUT_CERTS + value: /var/lib/istio/data + {{- if eq .InboundTrafficPolicyMode "localhost" }} + - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION + value: "true" + {{- end }} + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: ISTIO_META_APP_CONTAINERS + value: "{{ $containers | join "," }}" + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{- if .DeploymentMeta.Name }} + - name: ISTIO_META_WORKLOAD_NAME + value: "{{ .DeploymentMeta.Name }}" + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + # grpc uses xds:/// to resolve – no need to resolve VIP + - name: ISTIO_META_DNS_CAPTURE + value: "false" + - name: DISABLE_ENVOY + value: "true" + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} + readinessProbe: + httpGet: + path: /healthz/ready + port: 15020 + initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} + timeoutSeconds: 3 + failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} + resources: + {{ template "resources" . }} + volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + # UDS channel between istioagent and gRPC client for XDS/SDS + - mountPath: /etc/istio/proxy + name: istio-xds + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- end }} + - name: istio-podinfo + mountPath: /etc/istio/pod + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} + {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 6 }} + {{ end }} + {{- end }} +{{- range $index, $container := .Spec.Containers }} +{{ if not (eq $container.Name "istio-proxy") }} + - name: {{ $container.Name }} + env: + - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" + value: "true" + - name: "GRPC_XDS_BOOTSTRAP" + value: "/etc/istio/proxy/grpc-bootstrap.json" + volumeMounts: + - mountPath: /var/lib/istio/data + name: istio-data + # UDS channel between istioagent and gRPC client for XDS/SDS + - mountPath: /etc/istio/proxy + name: istio-xds + {{- if eq $.Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} +{{- end }} +{{- end }} + volumes: + - emptyDir: + name: workload-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else }} + - emptyDir: + name: workload-certs + {{- end }} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: custom-bootstrap-volume + configMap: + name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-xds + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + {{- if eq (.Values.pilot.env).ENABLE_CLUSTER_TRUST_BUNDLE_API true }} + projected: + sources: + - clusterTrustBundle: + name: istio.io:istiod-ca:{{ .Values.global.trustBundleName | default "root-cert" }} + path: root-cert.pem + {{- else }} + configMap: + name: {{ .Values.global.trustBundleName | default "istio-ca-root-cert" }} + {{- end }} + {{- end }} + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} + {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 4 }} + {{ end }} + {{ end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/files/grpc-simple.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/grpc-simple.yaml new file mode 100644 index 000000000..9ba0c7a46 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/grpc-simple.yaml @@ -0,0 +1,65 @@ +metadata: + annotations: + sidecar.istio.io/rewriteAppHTTPProbers: "false" +spec: + initContainers: + - name: grpc-bootstrap-init + image: busybox:1.28 + volumeMounts: + - mountPath: /var/lib/grpc/data/ + name: grpc-io-proxyless-bootstrap + env: + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ISTIO_NAMESPACE + value: | + {{ .Values.global.istioNamespace }} + command: + - sh + - "-c" + - |- + NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local" + SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010" + echo ' + { + "xds_servers": [ + { + "server_uri": "'${SERVER_URI}'", + "channel_creds": [{"type": "insecure"}], + "server_features" : ["xds_v3"] + } + ], + "node": { + "id": "'${NODE_ID}'", + "metadata": { + "GENERATOR": "grpc" + } + } + }' > /var/lib/grpc/data/bootstrap.json + containers: + {{- range $index, $container := .Spec.Containers }} + - name: {{ $container.Name }} + env: + - name: GRPC_XDS_BOOTSTRAP + value: /var/lib/grpc/data/bootstrap.json + - name: GRPC_GO_LOG_VERBOSITY_LEVEL + value: "99" + - name: GRPC_GO_LOG_SEVERITY_LEVEL + value: info + volumeMounts: + - mountPath: /var/lib/grpc/data/ + name: grpc-io-proxyless-bootstrap + {{- end }} + volumes: + - name: grpc-io-proxyless-bootstrap + emptyDir: {} diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/injection-template.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/injection-template.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/injection-template.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/files/injection-template.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/kube-gateway.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/kube-gateway.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/kube-gateway.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/files/kube-gateway.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-ambient.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-ambient.yaml new file mode 100644 index 000000000..495fbcd43 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-demo.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-demo.yaml new file mode 100644 index 000000000..d6dc36dd0 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-gke.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-gke.yaml new file mode 100644 index 000000000..dfe8a7d74 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-k3d.yaml new file mode 100644 index 000000000..cd86d9ec5 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-k3s.yaml new file mode 100644 index 000000000..07820106d --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-microk8s.yaml new file mode 100644 index 000000000..57d7f5e3c --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-minikube.yaml new file mode 100644 index 000000000..fa9992e20 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-openshift.yaml new file mode 100644 index 000000000..8ddc5e165 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-preview.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-remote.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-remote.yaml new file mode 100644 index 000000000..d17b9a801 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-stable.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/files/waypoint.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/files/waypoint.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/files/waypoint.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/files/waypoint.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/NOTES.txt b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/NOTES.txt new file mode 100644 index 000000000..0d07ea7f4 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/NOTES.txt @@ -0,0 +1,82 @@ +"istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}" successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} + +Next steps: +{{- $profile := default "" .Values.profile }} +{{- if (eq $profile "ambient") }} + * Get started with ambient: https://istio.io/latest/docs/ops/ambient/getting-started/ + * Review ambient's architecture: https://istio.io/latest/docs/ops/ambient/architecture/ +{{- else }} + * Deploy a Gateway: https://istio.io/latest/docs/setup/additional-setup/gateway/ + * Try out our tasks to get started on common configurations: + * https://istio.io/latest/docs/tasks/traffic-management + * https://istio.io/latest/docs/tasks/security/ + * https://istio.io/latest/docs/tasks/policy-enforcement/ +{{- end }} + * Review the list of actively supported releases, CVE publications and our hardening guide: + * https://istio.io/latest/docs/releases/supported-releases/ + * https://istio.io/latest/news/security/ + * https://istio.io/latest/docs/ops/best-practices/security/ + +For further documentation see https://istio.io website + +{{- + $deps := dict + "global.outboundTrafficPolicy" "meshConfig.outboundTrafficPolicy" + "global.certificates" "meshConfig.certificates" + "global.localityLbSetting" "meshConfig.localityLbSetting" + "global.policyCheckFailOpen" "meshConfig.policyCheckFailOpen" + "global.enableTracing" "meshConfig.enableTracing" + "global.proxy.accessLogFormat" "meshConfig.accessLogFormat" + "global.proxy.accessLogFile" "meshConfig.accessLogFile" + "global.proxy.concurrency" "meshConfig.defaultConfig.concurrency" + "global.proxy.envoyAccessLogService" "meshConfig.defaultConfig.envoyAccessLogService" + "global.proxy.envoyAccessLogService.enabled" "meshConfig.enableEnvoyAccessLogService" + "global.proxy.envoyMetricsService" "meshConfig.defaultConfig.envoyMetricsService" + "global.proxy.protocolDetectionTimeout" "meshConfig.protocolDetectionTimeout" + "global.proxy.holdApplicationUntilProxyStarts" "meshConfig.defaultConfig.holdApplicationUntilProxyStarts" + "pilot.ingress" "meshConfig.ingressService, meshConfig.ingressControllerMode, and meshConfig.ingressClass" + "global.mtls.enabled" "the PeerAuthentication resource" + "global.mtls.auto" "meshConfig.enableAutoMtls" + "global.tracer.lightstep.address" "meshConfig.defaultConfig.tracing.lightstep.address" + "global.tracer.lightstep.accessToken" "meshConfig.defaultConfig.tracing.lightstep.accessToken" + "global.tracer.zipkin.address" "meshConfig.defaultConfig.tracing.zipkin.address" + "global.tracer.datadog.address" "meshConfig.defaultConfig.tracing.datadog.address" + "global.meshExpansion.enabled" "Gateway and other Istio networking resources, such as in samples/multicluster/" + "istiocoredns.enabled" "the in-proxy DNS capturing (ISTIO_META_DNS_CAPTURE)" +}} +{{- range $dep, $replace := $deps }} +{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} +{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} +{{- if not (eq $res "")}} +WARNING: {{$dep|quote}} is deprecated; use {{$replace|quote}} instead. +{{- end }} +{{- end }} +{{- + $failDeps := dict + "telemetry.v2.prometheus.configOverride" + "telemetry.v2.stackdriver.configOverride" + "telemetry.v2.stackdriver.disableOutbound" + "telemetry.v2.stackdriver.outboundAccessLogging" + "global.tracer.stackdriver.debug" "meshConfig.defaultConfig.tracing.stackdriver.debug" + "global.tracer.stackdriver.maxNumberOfAttributes" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" + "global.tracer.stackdriver.maxNumberOfAnnotations" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" + "global.tracer.stackdriver.maxNumberOfMessageEvents" "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" + "meshConfig.defaultConfig.tracing.stackdriver.debug" "Istio supported tracers" + "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAttributes" "Istio supported tracers" + "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfAnnotations" "Istio supported tracers" + "meshConfig.defaultConfig.tracing.stackdriver.maxNumberOfMessageEvents" "Istio supported tracers" +}} +{{- range $dep, $replace := $failDeps }} +{{- /* Complex logic to turn the string above into a null-safe traversal like ((.Values.global).certificates */}} +{{- $res := tpl (print "{{" (repeat (split "." $dep | len) "(") ".Values." (replace "." ")." $dep) ")}}") $}} +{{- if not (eq $res "")}} +{{fail (print $dep " is removed")}} +{{- end }} +{{- end }} +{{- if eq $.Values.global.pilotCertProvider "kubernetes" }} +{{- fail "pilotCertProvider=kubernetes is not supported" }} +{{- end }} \ No newline at end of file diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/_helpers.tpl b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/_helpers.tpl new file mode 100644 index 000000000..042c92538 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* Default Prometheus is enabled if its enabled and there are no config overrides set */}} +{{ define "default-prometheus" }} +{{- and + (not .Values.meshConfig.defaultProviders) + .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.prometheus.enabled +}} +{{- end }} + +{{/* SD has metrics and logging split. Default metrics are enabled if SD is enabled */}} +{{ define "default-sd-metrics" }} +{{- and + (not .Values.meshConfig.defaultProviders) + .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled +}} +{{- end }} + +{{/* SD has metrics and logging split. */}} +{{ define "default-sd-logs" }} +{{- and + (not .Values.meshConfig.defaultProviders) + .Values.telemetry.enabled .Values.telemetry.v2.enabled .Values.telemetry.v2.stackdriver.enabled +}} +{{- end }} diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/autoscale.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/autoscale.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/autoscale.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/autoscale.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/clusterrole.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/clusterrole.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/clusterrole.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/clusterrolebinding.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/clusterrolebinding.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/configmap-jwks.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/configmap-jwks.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/configmap-jwks.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/configmap-jwks.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/configmap-values.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/configmap-values.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/configmap-values.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/configmap-values.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/configmap.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/configmap.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/configmap.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/configmap.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/deployment.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/deployment.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/deployment.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/deployment.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/gateway-class-configmap.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/gateway-class-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/gateway-class-configmap.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/gateway-class-configmap.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/istiod-injector-configmap.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/istiod-injector-configmap.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/istiod-injector-configmap.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/istiod-injector-configmap.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/mutatingwebhook.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/mutatingwebhook.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/mutatingwebhook.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/mutatingwebhook.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/networkpolicy.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/networkpolicy.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/poddisruptionbudget.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/poddisruptionbudget.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/poddisruptionbudget.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/poddisruptionbudget.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/reader-clusterrole.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/reader-clusterrole.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/reader-clusterrole.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/reader-clusterrole.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/reader-clusterrolebinding.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/reader-clusterrolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/reader-clusterrolebinding.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/reader-clusterrolebinding.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/remote-istiod-endpointslices.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/remote-istiod-endpointslices.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/remote-istiod-endpointslices.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/remote-istiod-endpointslices.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/remote-istiod-service.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/remote-istiod-service.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/remote-istiod-service.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/remote-istiod-service.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/role.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/role.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/role.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/role.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/rolebinding.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/rolebinding.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/rolebinding.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/rolebinding.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/service.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/service.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/service.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/service.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/serviceaccount.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/serviceaccount.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/validatingadmissionpolicy.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/validatingadmissionpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/validatingadmissionpolicy.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/validatingadmissionpolicy.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/validatingwebhookconfiguration.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/validatingwebhookconfiguration.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/validatingwebhookconfiguration.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/validatingwebhookconfiguration.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/templates/zzy_descope_legacy.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/zzy_descope_legacy.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/istiod/templates/zzy_descope_legacy.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/templates/zzy_descope_legacy.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/zzz_profile.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/zzz_profile.yaml new file mode 100644 index 000000000..3d8495648 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.0a346609/charts/istiod/values.yaml b/resources/v1.30-alpha.9e476e6b/charts/istiod/values.yaml similarity index 99% rename from resources/v1.30-alpha.0a346609/charts/istiod/values.yaml rename to resources/v1.30-alpha.9e476e6b/charts/istiod/values.yaml index 4a31ec6b5..2ec0d1e28 100644 --- a/resources/v1.30-alpha.0a346609/charts/istiod/values.yaml +++ b/resources/v1.30-alpha.9e476e6b/charts/istiod/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a + tag: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.9e476e6b/charts/revisiontags/Chart.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/Chart.yaml new file mode 100644 index 000000000..9003aed25 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +appVersion: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b +description: Helm chart for istio revision tags +name: revisiontags +sources: +- https://github.com/istio-ecosystem/sail-operator +version: 0.1.0 + diff --git a/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-ambient.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-ambient.yaml new file mode 100644 index 000000000..495fbcd43 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-demo.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-demo.yaml new file mode 100644 index 000000000..d6dc36dd0 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-gke.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-gke.yaml new file mode 100644 index 000000000..dfe8a7d74 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-k3d.yaml new file mode 100644 index 000000000..cd86d9ec5 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-k3s.yaml new file mode 100644 index 000000000..07820106d --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-microk8s.yaml new file mode 100644 index 000000000..57d7f5e3c --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-minikube.yaml new file mode 100644 index 000000000..fa9992e20 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-openshift.yaml new file mode 100644 index 000000000..8ddc5e165 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-preview.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-remote.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-remote.yaml new file mode 100644 index 000000000..d17b9a801 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-stable.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/templates/revision-tags-mwc.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/templates/revision-tags-mwc.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/templates/revision-tags-mwc.yaml rename to resources/v1.30-alpha.9e476e6b/charts/revisiontags/templates/revision-tags-mwc.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/templates/revision-tags-svc.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/templates/revision-tags-svc.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/templates/revision-tags-svc.yaml rename to resources/v1.30-alpha.9e476e6b/charts/revisiontags/templates/revision-tags-svc.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/revisiontags/templates/zzz_profile.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/templates/zzz_profile.yaml new file mode 100644 index 000000000..3d8495648 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if false }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.0a346609/charts/revisiontags/values.yaml b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/values.yaml similarity index 99% rename from resources/v1.30-alpha.0a346609/charts/revisiontags/values.yaml rename to resources/v1.30-alpha.9e476e6b/charts/revisiontags/values.yaml index 4a31ec6b5..2ec0d1e28 100644 --- a/resources/v1.30-alpha.0a346609/charts/revisiontags/values.yaml +++ b/resources/v1.30-alpha.9e476e6b/charts/revisiontags/values.yaml @@ -255,7 +255,7 @@ _internal_defaults_do_not_set: # Dev builds from prow are on gcr.io hub: gcr.io/istio-testing # Default tag for Istio images. - tag: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a + tag: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b # Variant of the image to use. # Currently supported are: [debug, distroless] variant: "" diff --git a/resources/v1.30-alpha.9e476e6b/charts/ztunnel/Chart.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/Chart.yaml new file mode 100644 index 000000000..e77f9f7f9 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +appVersion: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b +description: Helm chart for istio ztunnel components +icon: https://istio.io/latest/favicons/android-192x192.png +keywords: +- istio-ztunnel +- istio +name: ztunnel +sources: +- https://github.com/istio/istio +version: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/README.md b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/README.md similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/README.md rename to resources/v1.30-alpha.9e476e6b/charts/ztunnel/README.md diff --git a/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-ambient.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-ambient.yaml new file mode 100644 index 000000000..495fbcd43 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-ambient.yaml @@ -0,0 +1,24 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The ambient profile enables ambient mode. The Istiod, CNI, and ztunnel charts must be deployed +meshConfig: + defaultConfig: + proxyMetadata: + ISTIO_META_ENABLE_HBONE: "true" + serviceScopeConfigs: + - servicesSelector: + matchExpressions: + - key: istio.io/global + operator: In + values: ["true"] + scope: GLOBAL +global: + variant: distroless +pilot: + env: + PILOT_ENABLE_AMBIENT: "true" +cni: + ambient: + enabled: true diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.25.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-compatibility-version-1.25.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.25.yaml rename to resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-compatibility-version-1.25.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.26.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-compatibility-version-1.26.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.26.yaml rename to resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-compatibility-version-1.26.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.27.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-compatibility-version-1.27.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.27.yaml rename to resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-compatibility-version-1.27.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.28.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-compatibility-version-1.28.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/files/profile-compatibility-version-1.28.yaml rename to resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-compatibility-version-1.28.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-demo.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-demo.yaml new file mode 100644 index 000000000..d6dc36dd0 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-demo.yaml @@ -0,0 +1,94 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The demo profile enables a variety of things to try out Istio in non-production environments. +# * Lower resource utilization. +# * Some additional features are enabled by default; especially ones used in some tasks in istio.io. +# * More ports enabled on the ingress, which is used in some tasks. +meshConfig: + accessLogFile: /dev/stdout + extensionProviders: + - name: otel + envoyOtelAls: + service: opentelemetry-collector.observability.svc.cluster.local + port: 4317 + - name: skywalking + skywalking: + service: tracing.istio-system.svc.cluster.local + port: 11800 + - name: otel-tracing + opentelemetry: + port: 4317 + service: opentelemetry-collector.observability.svc.cluster.local + - name: jaeger + opentelemetry: + port: 4317 + service: jaeger-collector.istio-system.svc.cluster.local + +cni: + resources: + requests: + cpu: 10m + memory: 40Mi + +ztunnel: + resources: + requests: + cpu: 10m + memory: 40Mi + +global: + proxy: + resources: + requests: + cpu: 10m + memory: 40Mi + waypoint: + resources: + requests: + cpu: 10m + memory: 40Mi + +pilot: + autoscaleEnabled: false + traceSampling: 100 + resources: + requests: + cpu: 10m + memory: 100Mi + +gateways: + istio-egressgateway: + autoscaleEnabled: false + resources: + requests: + cpu: 10m + memory: 40Mi + istio-ingressgateway: + autoscaleEnabled: false + ports: + ## You can add custom gateway ports in user values overrides, but it must include those ports since helm replaces. + # Note that AWS ELB will by default perform health checks on the first port + # on this list. Setting this to the health check port will ensure that health + # checks always work. https://github.com/istio/istio/issues/12503 + - port: 15021 + targetPort: 15021 + name: status-port + - port: 80 + targetPort: 8080 + name: http2 + - port: 443 + targetPort: 8443 + name: https + - port: 31400 + targetPort: 31400 + name: tcp + # This is the port where sni routing happens + - port: 15443 + targetPort: 15443 + name: tls + resources: + requests: + cpu: 10m + memory: 40Mi \ No newline at end of file diff --git a/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-gke.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-gke.yaml new file mode 100644 index 000000000..dfe8a7d74 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-gke.yaml @@ -0,0 +1,10 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniBinDir: "" # intentionally unset for gke to allow template-based autodetection to work + resourceQuotas: + enabled: true +resourceQuotas: + enabled: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-k3d.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-k3d.yaml new file mode 100644 index 000000000..cd86d9ec5 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-k3d.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /bin diff --git a/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-k3s.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-k3s.yaml new file mode 100644 index 000000000..07820106d --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-k3s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/lib/rancher/k3s/agent/etc/cni/net.d + cniBinDir: /var/lib/rancher/k3s/data/cni diff --git a/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-microk8s.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-microk8s.yaml new file mode 100644 index 000000000..57d7f5e3c --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-microk8s.yaml @@ -0,0 +1,7 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniConfDir: /var/snap/microk8s/current/args/cni-network + cniBinDir: /var/snap/microk8s/current/opt/cni/bin diff --git a/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-minikube.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-minikube.yaml new file mode 100644 index 000000000..fa9992e20 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-minikube.yaml @@ -0,0 +1,6 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +cni: + cniNetnsDir: /var/run/docker/netns diff --git a/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-openshift.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-openshift.yaml new file mode 100644 index 000000000..8ddc5e165 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-platform-openshift.yaml @@ -0,0 +1,19 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The OpenShift profile provides a basic set of settings to run Istio on OpenShift +cni: + cniBinDir: /var/lib/cni/bin + cniConfDir: /etc/cni/multus/net.d + chained: false + cniConfFileName: "istio-cni.conf" + provider: "multus" +pilot: + cni: + enabled: true + provider: "multus" +seLinuxOptions: + type: spc_t +# Openshift requires privileged pods to run in kube-system +trustedZtunnelNamespace: "kube-system" diff --git a/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-preview.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-preview.yaml new file mode 100644 index 000000000..181d7bda2 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-preview.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +meshConfig: + defaultConfig: + proxyMetadata: + # Enable Istio agent to handle DNS requests for known hosts + # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf + ISTIO_META_DNS_CAPTURE: "true" diff --git a/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-remote.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-remote.yaml new file mode 100644 index 000000000..d17b9a801 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-remote.yaml @@ -0,0 +1,13 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The remote profile enables installing istio with a remote control plane. The `base` and `istio-discovery` charts must be deployed with this profile. +istiodRemote: + enabled: true +configMap: false +telemetry: + enabled: false +global: + # TODO BML maybe a different profile for a configcluster/revisit this + omitSidecarInjectorConfigMap: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-stable.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-stable.yaml new file mode 100644 index 000000000..358282e69 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/files/profile-stable.yaml @@ -0,0 +1,8 @@ +# WARNING: DO NOT EDIT, THIS FILE IS A COPY. +# The original version of this file is located at /manifests/helm-profiles directory. +# If you want to make a change in this file, edit the original one and run "make gen". + +# The stable profile deploys admission control to ensure that only stable resources and fields are used +# THIS IS CURRENTLY EXPERIMENTAL AND SUBJECT TO CHANGE +experimental: + stableValidationPolicy: true diff --git a/resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/NOTES.txt b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/NOTES.txt new file mode 100644 index 000000000..244f59db0 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/NOTES.txt @@ -0,0 +1,5 @@ +ztunnel successfully installed! + +To learn more about the release, try: + $ helm status {{ .Release.Name }} -n {{ .Release.Namespace }} + $ helm get all {{ .Release.Name }} -n {{ .Release.Namespace }} diff --git a/resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/_helpers.tpl b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/_helpers.tpl new file mode 100644 index 000000000..46a7a0b79 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/_helpers.tpl @@ -0,0 +1 @@ +{{ define "ztunnel.release-name" }}{{ .Values.resourceName| default "ztunnel" }}{{ end }} diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/daemonset.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/daemonset.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/templates/daemonset.yaml rename to resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/daemonset.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/networkpolicy.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/networkpolicy.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/templates/networkpolicy.yaml rename to resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/networkpolicy.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/rbac.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/rbac.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/templates/rbac.yaml rename to resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/rbac.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/resourcequota.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/resourcequota.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/templates/resourcequota.yaml rename to resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/resourcequota.yaml diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/templates/serviceaccount.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/serviceaccount.yaml similarity index 100% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/templates/serviceaccount.yaml rename to resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/serviceaccount.yaml diff --git a/resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/zzz_profile.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/zzz_profile.yaml new file mode 100644 index 000000000..606c55669 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/templates/zzz_profile.yaml @@ -0,0 +1,75 @@ +{{/* +WARNING: DO NOT EDIT, THIS FILE IS A PROBABLY COPY. +The original version of this file is located at /manifests directory. +If you want to make a change in this file, edit the original one and run "make gen". + +Complex logic ahead... +We have three sets of values, in order of precedence (last wins): +1. The builtin values.yaml defaults +2. The profile the user selects +3. Users input (-f or --set) + +Unfortunately, Helm provides us (1) and (3) together (as .Values), making it hard to insert (2). + +However, we can workaround this by placing all of (1) under a specific key (.Values.defaults). +We can then merge the profile onto the defaults, then the user settings onto that. +Finally, we can set all of that under .Values so the chart behaves without awareness. +*/}} +{{- if $.Values.defaults}} +{{ fail (cat + "Setting with .default prefix found; remove it. For example, replace `--set defaults.hub=foo` with `--set hub=foo`. Defaults set:\n" + ($.Values.defaults | toYaml |nindent 4) +) }} +{{- end }} +{{- $defaults := $.Values._internal_defaults_do_not_set }} +{{- $_ := unset $.Values "_internal_defaults_do_not_set" }} +{{- $profile := dict }} +{{- with (coalesce ($.Values).profile ($.Values.global).profile) }} +{{- with $.Files.Get (printf "files/profile-%s.yaml" .)}} +{{- $profile = (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown profile" .) }} +{{- end }} +{{- end }} +{{- with .Values.compatibilityVersion }} +{{- with $.Files.Get (printf "files/profile-compatibility-version-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown compatibility version" $.Values.compatibilityVersion) }} +{{- end }} +{{- end }} +{{- with (coalesce ($.Values).platform ($.Values.global).platform) }} +{{- with $.Files.Get (printf "files/profile-platform-%s.yaml" .) }} +{{- $ignore := mustMergeOverwrite $profile (. | fromYaml) }} +{{- else }} +{{ fail (cat "unknown platform" .) }} +{{- end }} +{{- end }} +{{- if $profile }} +{{- $a := mustMergeOverwrite $defaults $profile }} +{{- end }} +# Flatten globals, if defined on a per-chart basis +{{- if true }} +{{- $a := mustMergeOverwrite $defaults ($profile.global) ($.Values.global | default dict) }} +{{- end }} +{{- $x := set $.Values "_original" (deepCopy $.Values) }} +{{- $b := set $ "Values" (mustMergeOverwrite $defaults $.Values) }} + +{{/* +Labels that should be applied to ALL resources. +*/}} +{{- define "istio.labels" -}} +{{- if .Release.Service -}} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- end }} +{{- if .Release.Name }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} +app.kubernetes.io/part-of: "istio" +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if and .Chart.Name .Chart.Version }} +helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end -}} diff --git a/resources/v1.30-alpha.0a346609/charts/ztunnel/values.yaml b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/values.yaml similarity index 99% rename from resources/v1.30-alpha.0a346609/charts/ztunnel/values.yaml rename to resources/v1.30-alpha.9e476e6b/charts/ztunnel/values.yaml index d682a4755..0c20db9a9 100644 --- a/resources/v1.30-alpha.0a346609/charts/ztunnel/values.yaml +++ b/resources/v1.30-alpha.9e476e6b/charts/ztunnel/values.yaml @@ -4,7 +4,7 @@ _internal_defaults_do_not_set: # Hub to pull from. Image will be `Hub/Image:Tag-Variant` hub: gcr.io/istio-testing # Tag to pull from. Image will be `Hub/Image:Tag-Variant` - tag: 1.30-alpha.0a3466091a333998e160a8aa3400a3aa65d4cb7a + tag: 1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b # Variant to pull. Options are "debug" or "distroless". Unset will use the default for the given version. variant: "" diff --git a/resources/v1.30-alpha.9e476e6b/cni-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag b/resources/v1.30-alpha.9e476e6b/cni-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag new file mode 100644 index 000000000..58690f05b --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/cni-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag @@ -0,0 +1 @@ +c28247175ef69ba32cf0a96a2c85ec1a diff --git a/resources/v1.30-alpha.9e476e6b/commit b/resources/v1.30-alpha.9e476e6b/commit new file mode 100644 index 000000000..8a2635f33 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/commit @@ -0,0 +1 @@ +9e476e6b77314411c8b45a2b97a546fbb99ddc8b diff --git a/resources/v1.30-alpha.9e476e6b/gateway-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag b/resources/v1.30-alpha.9e476e6b/gateway-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag new file mode 100644 index 000000000..dc497a5cb --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/gateway-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag @@ -0,0 +1 @@ +03eef8dd9441b391fdf18f35ed9e85ee diff --git a/resources/v1.30-alpha.9e476e6b/istiod-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag b/resources/v1.30-alpha.9e476e6b/istiod-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag new file mode 100644 index 000000000..da38ada2a --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/istiod-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag @@ -0,0 +1 @@ +9bdf436a1da1a0dc5c95e2e68be309cb diff --git a/resources/v1.30-alpha.9e476e6b/profiles/ambient.yaml b/resources/v1.30-alpha.9e476e6b/profiles/ambient.yaml new file mode 100644 index 000000000..71ea784a8 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/profiles/ambient.yaml @@ -0,0 +1,5 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: ambient diff --git a/resources/v1.30-alpha.9e476e6b/profiles/default.yaml b/resources/v1.30-alpha.9e476e6b/profiles/default.yaml new file mode 100644 index 000000000..8f1ef1967 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/profiles/default.yaml @@ -0,0 +1,12 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + # Most default values come from the helm chart's values.yaml + # Below are the things that differ + values: + defaultRevision: "" + global: + istioNamespace: istio-system + configValidation: true + ztunnel: + resourceName: ztunnel diff --git a/resources/v1.30-alpha.9e476e6b/profiles/demo.yaml b/resources/v1.30-alpha.9e476e6b/profiles/demo.yaml new file mode 100644 index 000000000..53c4b4163 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/profiles/demo.yaml @@ -0,0 +1,5 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: demo diff --git a/resources/v1.30-alpha.9e476e6b/profiles/empty.yaml b/resources/v1.30-alpha.9e476e6b/profiles/empty.yaml new file mode 100644 index 000000000..4477cb1fe --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/profiles/empty.yaml @@ -0,0 +1,5 @@ +# The empty profile has everything disabled +# This is useful as a base for custom user configuration +apiVersion: sailoperator.io/v1 +kind: Istio +spec: {} diff --git a/resources/v1.30-alpha.9e476e6b/profiles/openshift-ambient.yaml b/resources/v1.30-alpha.9e476e6b/profiles/openshift-ambient.yaml new file mode 100644 index 000000000..76edf00cd --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/profiles/openshift-ambient.yaml @@ -0,0 +1,7 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: ambient + global: + platform: openshift diff --git a/resources/v1.30-alpha.9e476e6b/profiles/openshift.yaml b/resources/v1.30-alpha.9e476e6b/profiles/openshift.yaml new file mode 100644 index 000000000..41492660f --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/profiles/openshift.yaml @@ -0,0 +1,6 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + global: + platform: openshift diff --git a/resources/v1.30-alpha.9e476e6b/profiles/preview.yaml b/resources/v1.30-alpha.9e476e6b/profiles/preview.yaml new file mode 100644 index 000000000..59d545c84 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/profiles/preview.yaml @@ -0,0 +1,8 @@ +# The preview profile contains features that are experimental. +# This is intended to explore new features coming to Istio. +# Stability, security, and performance are not guaranteed - use at your own risk. +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: preview diff --git a/resources/v1.30-alpha.9e476e6b/profiles/remote.yaml b/resources/v1.30-alpha.9e476e6b/profiles/remote.yaml new file mode 100644 index 000000000..54c65c8ba --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/profiles/remote.yaml @@ -0,0 +1,7 @@ +# The remote profile is used to configure a mesh cluster without a locally deployed control plane. +# Only the injector mutating webhook configuration is installed. +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: remote diff --git a/resources/v1.30-alpha.9e476e6b/profiles/stable.yaml b/resources/v1.30-alpha.9e476e6b/profiles/stable.yaml new file mode 100644 index 000000000..285feba24 --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/profiles/stable.yaml @@ -0,0 +1,5 @@ +apiVersion: sailoperator.io/v1 +kind: Istio +spec: + values: + profile: stable diff --git a/resources/v1.30-alpha.9e476e6b/ztunnel-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag b/resources/v1.30-alpha.9e476e6b/ztunnel-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag new file mode 100644 index 000000000..a2b641d6a --- /dev/null +++ b/resources/v1.30-alpha.9e476e6b/ztunnel-1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b.tgz.etag @@ -0,0 +1 @@ +cf5a9e038a26c90fa3056ed70386e855 From 1747f2da1bb664f8fc4919b152b50a0f0ed484f9 Mon Sep 17 00:00:00 2001 From: Francisco Herrera Date: Wed, 11 Feb 2026 11:51:34 +0100 Subject: [PATCH 38/40] =?UTF-8?q?Improve=20scorecard=20test=20to=20avoid?= =?UTF-8?q?=20running=20on=20kind=20cluster=20inside=20OCP=20cl=E2=80=A6?= =?UTF-8?q?=20(#1589)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Improve scorecard test to avoid running on kind cluster inside OCP clusters Signed-off-by: Francisco Herrera * Adding default values to scorecard test Signed-off-by: Francisco Herrera * CHange from review Signed-off-by: Francisco Herrera --------- Signed-off-by: Francisco Herrera --- Makefile.core.mk | 4 +-- tests/scorecard-test.sh | 59 ++++++++++++++++++++++++++++++++--------- 2 files changed, 48 insertions(+), 15 deletions(-) diff --git a/Makefile.core.mk b/Makefile.core.mk index 3550f7fea..0a601f3cf 100644 --- a/Makefile.core.mk +++ b/Makefile.core.mk @@ -218,8 +218,8 @@ test.integration: envtest ## Run integration tests located in the tests/integrat go run github.com/onsi/ginkgo/v2/ginkgo --tags=integration --junit-report=junit-integration.xml --output-dir="$(ARTIFACTS)" $(GINKGO_FLAGS) ./tests/integration/... .PHONY: test.scorecard -test.scorecard: operator-sdk ## Run the operator scorecard test. - OPERATOR_SDK=$(OPERATOR_SDK) ${SOURCE_DIR}/tests/scorecard-test.sh +test.scorecard: operator-sdk ## Run the operator scorecard test. Use OCP=true to run against an existing OCP cluster instead of Kind. + OCP=$${OCP:-false} OPERATOR_SDK=$(OPERATOR_SDK) SCORECARD_NAMESPACE="$${SCORECARD_NAMESPACE:-scorecard-test}" ${SOURCE_DIR}/tests/scorecard-test.sh .PHONY: test.e2e.ocp test.e2e.ocp: istioctl ## Run the end-to-end tests against an existing OCP cluster. While running on OCP in downstream you need to set ISTIOCTL_DOWNLOAD_URL to the URL where the istioctl productized binary. diff --git a/tests/scorecard-test.sh b/tests/scorecard-test.sh index 8c11b3159..f4bdc9da4 100755 --- a/tests/scorecard-test.sh +++ b/tests/scorecard-test.sh @@ -19,22 +19,55 @@ set -eux -o pipefail SCRIPTPATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" ROOT="$(dirname "${SCRIPTPATH}")" -# shellcheck source=common/scripts/kind_provisioner.sh -source "${ROOT}/common/scripts/kind_provisioner.sh" +# OCP environment variable can be set to "true" to run tests against an existing OCP cluster instead of a Kind cluster +OCP="${OCP:-false}" -# Create a temporary kubeconfig -KUBECONFIG="$(mktemp)" -export KUBECONFIG +if [[ "${OCP}" == "true" ]]; then + echo "Running scorecard tests against existing OCP cluster" -# Create the kind cluster -export KIND_CLUSTER_NAME="${KIND_CLUSTER_NAME:-kind}" -export DEFAULT_CLUSTER_YAML="${ROOT}/tests/e2e/setup/config/default.yaml" -export ARTIFACTS="${ARTIFACTS:-$(mktemp -d)}" -export IP_FAMILY="${IP_FAMILY:-ipv4}" -setup_kind_cluster "${KIND_CLUSTER_NAME}" "" "" "true" "true" + # Check if KUBECONFIG is set + if [ -z "${KUBECONFIG:-}" ]; then + echo "KUBECONFIG is not set. oc will not be able to connect to the cluster. Exiting." + exit 1 + fi -kind export kubeconfig --name="${KIND_CLUSTER_NAME}" + # Verify we can connect to the cluster + if ! oc cluster-info > /dev/null 2>&1; then + echo "Cannot connect to OpenShift cluster. Check your KUBECONFIG and cluster access." + exit 1 + fi + + echo "Connected to cluster: $(oc config current-context)" + +else + echo "Running scorecard tests against Kind cluster" + + # shellcheck source=common/scripts/kind_provisioner.sh + source "${ROOT}/common/scripts/kind_provisioner.sh" + + # Create a temporary kubeconfig + KUBECONFIG="$(mktemp)" + export KUBECONFIG + + # Create the kind cluster + export KIND_CLUSTER_NAME="${KIND_CLUSTER_NAME:-kind}" + export DEFAULT_CLUSTER_YAML="${ROOT}/tests/e2e/setup/config/default.yaml" + export ARTIFACTS="${ARTIFACTS:-$(mktemp -d)}" + export IP_FAMILY="${IP_FAMILY:-ipv4}" + setup_kind_cluster "${KIND_CLUSTER_NAME}" "" "" "true" "true" + + kind export kubeconfig --name="${KIND_CLUSTER_NAME}" +fi + +# Determine namespace - use scorecard-test for OCP to avoid conflicts with any existing namespaces, and default for Kind since it's a fresh cluster +NAMESPACE="${SCORECARD_NAMESPACE:-default}" +if [[ "${OCP}" == "true" ]]; then + NAMESPACE="${SCORECARD_NAMESPACE:-scorecard-test}" + # Create namespace if it doesn't exist + oc create namespace "${NAMESPACE}" || true +fi # Run the test OPERATOR_SDK="${OPERATOR_SDK:-operator-sdk}" -${OPERATOR_SDK} scorecard --kubeconfig="${KUBECONFIG}" --namespace=default bundle +echo "Running scorecard tests in namespace: ${NAMESPACE}" +${OPERATOR_SDK} scorecard --kubeconfig="${KUBECONFIG}" --namespace="${NAMESPACE}" bundle From 9c622ce010836cdc5f78b0e151f70b2af1e76405 Mon Sep 17 00:00:00 2001 From: Mike Kolesnik Date: Wed, 11 Feb 2026 17:42:35 +0200 Subject: [PATCH 39/40] Add Claude /refactor command for code improvements (#1489) Adds a Claude Code slash command (/refactor) that provides structured guidance for refactoring code while maintaining quality and project conventions. The command defines a systematic approach to refactoring that helps ensure changes are methodical, maintain test coverage, and follow project best practices without introducing behavior changes or over-engineering. Signed-off-by: Mike Kolesnik Co-authored-by: Claude Sonnet 4.5 --- .claude/commands/refactor.md | 144 +++++++++++++++++++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 .claude/commands/refactor.md diff --git a/.claude/commands/refactor.md b/.claude/commands/refactor.md new file mode 100644 index 000000000..5d71abb08 --- /dev/null +++ b/.claude/commands/refactor.md @@ -0,0 +1,144 @@ +# Refactor Code + +This command helps refactor code while maintaining quality, testability, and adherence to project conventions. + +## Tasks + +1. **Understand the current code**: + - Read the file(s) or code sections to be refactored + - Understand the current functionality and behavior + - Identify any existing tests that cover this code + - Note any dependencies and usage patterns + +2. **Identify refactoring opportunities**: + - Look for code smells (duplication, complex functions, unclear naming, etc.) + - Check for violations of SOLID principles or Go best practices + - Identify areas that could benefit from better separation of concerns + - Consider testability improvements + - Look for opportunities to reduce complexity + - Check side effects in the current code that might be lost if logic is moved + +3. **Plan the refactoring**: + - Define what will be changed and why + - Ensure the refactoring maintains existing functionality (no behavior changes) + - Consider backwards compatibility and API stability + - Plan how to verify the refactoring doesn't break anything + - For significant refactorings, consider breaking into smaller steps + +4. **Execute the refactoring**: + - Make the code changes following Go best practices + - Follow the Sail Operator code conventions: + - Use descriptive variable and function names + - Keep functions focused and small + - Separate business logic from Kubernetes controller logic when possible + - Use interfaces for testability + - Add error handling where appropriate + - Preserve existing comments that are still relevant + - Update or add comments only where the logic isn't self-evident + - If a line of code is fine as-is, don't change it just for the sake of change. Focus on the core improvement areas. + +5. **Update or add tests**: + - Ensure existing tests still pass + - Add new tests if the refactoring exposed previously untestable code + - Update tests if function signatures or behavior changed + - Run `make test` to verify all unit tests pass + +6. **Verify the changes**: + - Run `make lint` to ensure code style compliance + - Run `make test` for unit tests + - For controller changes, consider running `make test.integration` + - Review the diff to ensure no unintended changes were made + +7. **Summarize the refactoring**: + - List the files changed + - Describe the improvements made + - Note any potential impacts or follow-up work needed + - Suggest commit message following the format below + +## Commit Message Format + +When suggesting a commit message for refactored code, use this format: + +``` + + + + +Co-authored-by: Claude Code +``` + +**Example:** +``` +Refactor reconciliation error handling + +Extract common error handling logic into a shared helper function +to reduce code duplication across controllers. This improves +maintainability and ensures consistent error handling behavior. + +Co-authored-by: Claude Code +``` + +## Important Notes + +- **No behavior changes**: Refactoring should preserve existing functionality +- **Keep it focused**: Don't mix refactoring with new features or bug fixes +- **Test coverage**: Ensure tests still pass and cover the refactored code +- **Incremental approach**: For large refactorings, break into smaller, reviewable chunks +- **Avoid over-engineering**: Don't add abstractions or patterns that aren't currently needed +- **API compatibility**: Be extra careful with changes to public APIs or CRD types. Prioritize refactoring internal logic over changing exported function signatures unless specifically requested. +- **Sign commits**: Remember to use `-s` flag when committing +- **Attribution**: Always include `Co-authored-by: Claude Code ` in commit messages + +## Common Refactoring Patterns + +### Extract Function +When a function is too long or does multiple things: +```go +// Before +func ProcessRequest(req Request) error { + // 50 lines of code doing multiple things +} + +// After +func ProcessRequest(req Request) error { + if err := validateRequest(req); err != nil { + return err + } + return executeRequest(req) +} +``` + +### Remove Duplication +When similar code appears in multiple places: +```go +// Before: Duplicated error handling in multiple functions + +// After: Extracted to a shared helper +func handleReconcileError(err error, resource string) { + // Common error handling logic +} +``` + +### Simplify Conditionals +When conditions are complex or nested: +```go +// Before +if !isEnabled || (config != nil && config.Mode == "disabled") { + return +} + +// After +if shouldSkip(isEnabled, config) { + return +} +``` + +### Improve Names +When variable or function names are unclear: +```go +// Before +func proc(d []byte) error { ... } + +// After +func processManifest(manifestData []byte) error { ... } +``` From 6161b811f8b3be6b64de8317d05c34dfd9845f60 Mon Sep 17 00:00:00 2001 From: openshift-service-mesh-bot Date: Thu, 12 Feb 2026 03:10:57 +0000 Subject: [PATCH 40/40] Automated regeneration --- ...cemeshoperator3.clusterserviceversion.yaml | 78 +++---------------- chart/values.yaml | 50 +----------- 2 files changed, 13 insertions(+), 115 deletions(-) diff --git a/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml b/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml index 6aee45762..f5665891f 100644 --- a/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml +++ b/bundle/manifests/servicemeshoperator3.clusterserviceversion.yaml @@ -44,9 +44,9 @@ metadata: ] capabilities: Seamless Upgrades categories: OpenShift Optional, Integration & Delivery, Networking, Security - containerImage: quay.io/sail-dev/sail-operator:1.29-latest - createdAt: "2026-02-11T05:32:48Z" - description: The Sail Operator manages the lifecycle of your Istio control plane. It provides custom resources for you to deploy and manage your control plane components. + containerImage: quay.io/sail-dev/sail-operator:3.0-latest + createdAt: "2026-02-12T03:10:55Z" + description: The OpenShift Service Mesh Operator enables you to install, configure, and manage an instance of Red Hat OpenShift Service Mesh. OpenShift Service Mesh is based on the open source Istio project. features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "true" features.operators.openshift.io/csi: "false" @@ -397,21 +397,10 @@ spec: ### Overview - - v1.28-latest - - v1.28.3 - - v1.28.2 - - v1.28.1 - - v1.28.0 - - v1.27-latest - - v1.27.6 - - v1.27.5 - - v1.27.4 - - v1.27.3 - - v1.27.2 - - v1.27.1 - - v1.27.0 - - master - - v1.30-alpha.9e476e6b + Red Hat OpenShift Service Mesh, based on the open source [Istio](https://istio.io/) project, adds a transparent layer on existing + distributed applications without requiring any changes to the service code. You add Red Hat OpenShift Service Mesh + support to services by deploying a special sidecar proxy throughout your environment that intercepts all network + communication between microservices. You configure and manage the service mesh using the control plane features. Red Hat OpenShift Service Mesh provides an easy way to create a network of deployed services that provides discovery, load balancing, service-to-service authentication, failure recovery, metrics, and monitoring. A service mesh also @@ -794,54 +783,11 @@ spec: template: metadata: annotations: - images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 - images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 - images.v1_27_0.ztunnel: gcr.io/istio-release/ztunnel:1.27.0 - images.v1_27_1.cni: gcr.io/istio-release/install-cni:1.27.1 - images.v1_27_1.istiod: gcr.io/istio-release/pilot:1.27.1 - images.v1_27_1.proxy: gcr.io/istio-release/proxyv2:1.27.1 - images.v1_27_1.ztunnel: gcr.io/istio-release/ztunnel:1.27.1 - images.v1_27_2.cni: gcr.io/istio-release/install-cni:1.27.2 - images.v1_27_2.istiod: gcr.io/istio-release/pilot:1.27.2 - images.v1_27_2.proxy: gcr.io/istio-release/proxyv2:1.27.2 - images.v1_27_2.ztunnel: gcr.io/istio-release/ztunnel:1.27.2 - images.v1_27_3.cni: gcr.io/istio-release/install-cni:1.27.3 - images.v1_27_3.istiod: gcr.io/istio-release/pilot:1.27.3 - images.v1_27_3.proxy: gcr.io/istio-release/proxyv2:1.27.3 - images.v1_27_3.ztunnel: gcr.io/istio-release/ztunnel:1.27.3 - images.v1_27_4.cni: gcr.io/istio-release/install-cni:1.27.4 - images.v1_27_4.istiod: gcr.io/istio-release/pilot:1.27.4 - images.v1_27_4.proxy: gcr.io/istio-release/proxyv2:1.27.4 - images.v1_27_4.ztunnel: gcr.io/istio-release/ztunnel:1.27.4 - images.v1_27_5.cni: gcr.io/istio-release/install-cni:1.27.5 - images.v1_27_5.istiod: gcr.io/istio-release/pilot:1.27.5 - images.v1_27_5.proxy: gcr.io/istio-release/proxyv2:1.27.5 - images.v1_27_5.ztunnel: gcr.io/istio-release/ztunnel:1.27.5 - images.v1_27_6.cni: gcr.io/istio-release/install-cni:1.27.6 - images.v1_27_6.istiod: gcr.io/istio-release/pilot:1.27.6 - images.v1_27_6.proxy: gcr.io/istio-release/proxyv2:1.27.6 - images.v1_27_6.ztunnel: gcr.io/istio-release/ztunnel:1.27.6 - images.v1_28_0.cni: gcr.io/istio-release/install-cni:1.28.0 - images.v1_28_0.istiod: gcr.io/istio-release/pilot:1.28.0 - images.v1_28_0.proxy: gcr.io/istio-release/proxyv2:1.28.0 - images.v1_28_0.ztunnel: gcr.io/istio-release/ztunnel:1.28.0 - images.v1_28_1.cni: gcr.io/istio-release/install-cni:1.28.1 - images.v1_28_1.istiod: gcr.io/istio-release/pilot:1.28.1 - images.v1_28_1.proxy: gcr.io/istio-release/proxyv2:1.28.1 - images.v1_28_1.ztunnel: gcr.io/istio-release/ztunnel:1.28.1 - images.v1_28_2.cni: gcr.io/istio-release/install-cni:1.28.2 - images.v1_28_2.istiod: gcr.io/istio-release/pilot:1.28.2 - images.v1_28_2.proxy: gcr.io/istio-release/proxyv2:1.28.2 - images.v1_28_2.ztunnel: gcr.io/istio-release/ztunnel:1.28.2 - images.v1_28_3.cni: gcr.io/istio-release/install-cni:1.28.3 - images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 - images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 - images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_30-alpha_9e476e6b.cni: gcr.io/istio-testing/install-cni:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b - images.v1_30-alpha_9e476e6b.istiod: gcr.io/istio-testing/pilot:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b - images.v1_30-alpha_9e476e6b.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b - images.v1_30-alpha_9e476e6b.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b + images.v1_24_4.cni: registry.redhat.io/openshift-service-mesh/istio-cni-rhel9:1.24.4 + images.v1_24_4.istiod: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9:1.24.4 + images.v1_24_4.must-gather: registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9:3.0.1 + images.v1_24_4.proxy: registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9:1.24.4 + images.v1_24_4.ztunnel: registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9:1.24.4 kubectl.kubernetes.io/default-container: sail-operator labels: app.kubernetes.io/created-by: servicemeshoperator3 diff --git a/chart/values.yaml b/chart/values.yaml index 5e2803716..ceea61ab5 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1,55 +1,7 @@ name: sailoperator deployment: name: sail-operator - annotations: - images.v1_28_3.ztunnel: gcr.io/istio-release/ztunnel:1.28.3 - images.v1_28_3.istiod: gcr.io/istio-release/pilot:1.28.3 - images.v1_28_3.proxy: gcr.io/istio-release/proxyv2:1.28.3 - images.v1_28_3.cni: gcr.io/istio-release/install-cni:1.28.3 - images.v1_28_2.ztunnel: gcr.io/istio-release/ztunnel:1.28.2 - images.v1_28_2.istiod: gcr.io/istio-release/pilot:1.28.2 - images.v1_28_2.proxy: gcr.io/istio-release/proxyv2:1.28.2 - images.v1_28_2.cni: gcr.io/istio-release/install-cni:1.28.2 - images.v1_28_1.ztunnel: gcr.io/istio-release/ztunnel:1.28.1 - images.v1_28_1.istiod: gcr.io/istio-release/pilot:1.28.1 - images.v1_28_1.proxy: gcr.io/istio-release/proxyv2:1.28.1 - images.v1_28_1.cni: gcr.io/istio-release/install-cni:1.28.1 - images.v1_28_0.ztunnel: gcr.io/istio-release/ztunnel:1.28.0 - images.v1_28_0.istiod: gcr.io/istio-release/pilot:1.28.0 - images.v1_28_0.proxy: gcr.io/istio-release/proxyv2:1.28.0 - images.v1_28_0.cni: gcr.io/istio-release/install-cni:1.28.0 - images.v1_27_6.ztunnel: gcr.io/istio-release/ztunnel:1.27.6 - images.v1_27_6.istiod: gcr.io/istio-release/pilot:1.27.6 - images.v1_27_6.proxy: gcr.io/istio-release/proxyv2:1.27.6 - images.v1_27_6.cni: gcr.io/istio-release/install-cni:1.27.6 - images.v1_27_5.ztunnel: gcr.io/istio-release/ztunnel:1.27.5 - images.v1_27_5.istiod: gcr.io/istio-release/pilot:1.27.5 - images.v1_27_5.proxy: gcr.io/istio-release/proxyv2:1.27.5 - images.v1_27_5.cni: gcr.io/istio-release/install-cni:1.27.5 - images.v1_27_4.ztunnel: gcr.io/istio-release/ztunnel:1.27.4 - images.v1_27_4.istiod: gcr.io/istio-release/pilot:1.27.4 - images.v1_27_4.proxy: gcr.io/istio-release/proxyv2:1.27.4 - images.v1_27_4.cni: gcr.io/istio-release/install-cni:1.27.4 - images.v1_27_3.ztunnel: gcr.io/istio-release/ztunnel:1.27.3 - images.v1_27_3.istiod: gcr.io/istio-release/pilot:1.27.3 - images.v1_27_3.proxy: gcr.io/istio-release/proxyv2:1.27.3 - images.v1_27_3.cni: gcr.io/istio-release/install-cni:1.27.3 - images.v1_27_2.ztunnel: gcr.io/istio-release/ztunnel:1.27.2 - images.v1_27_2.istiod: gcr.io/istio-release/pilot:1.27.2 - images.v1_27_2.proxy: gcr.io/istio-release/proxyv2:1.27.2 - images.v1_27_2.cni: gcr.io/istio-release/install-cni:1.27.2 - images.v1_27_1.ztunnel: gcr.io/istio-release/ztunnel:1.27.1 - images.v1_27_1.istiod: gcr.io/istio-release/pilot:1.27.1 - images.v1_27_1.proxy: gcr.io/istio-release/proxyv2:1.27.1 - images.v1_27_1.cni: gcr.io/istio-release/install-cni:1.27.1 - images.v1_27_0.ztunnel: gcr.io/istio-release/ztunnel:1.27.0 - images.v1_27_0.istiod: gcr.io/istio-release/pilot:1.27.0 - images.v1_27_0.proxy: gcr.io/istio-release/proxyv2:1.27.0 - images.v1_27_0.cni: gcr.io/istio-release/install-cni:1.27.0 - images.v1_30-alpha_9e476e6b.ztunnel: gcr.io/istio-testing/ztunnel:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b - images.v1_30-alpha_9e476e6b.istiod: gcr.io/istio-testing/pilot:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b - images.v1_30-alpha_9e476e6b.proxy: gcr.io/istio-testing/proxyv2:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b - images.v1_30-alpha_9e476e6b.cni: gcr.io/istio-testing/install-cni:1.30-alpha.9e476e6b77314411c8b45a2b97a546fbb99ddc8b + annotations: {} revisionHistoryLimit: 10 service: port: 8443